Provide central authentication, central authorization (with delegated group management), federated login, and multi-factor authentication.

Services (7)

Cornell NetID

The NetID is the unique electronic identifier, which in conjunction with a password and multi-factor authentication (where applicable) permits secure access to non-public Cornell resources and information.

NetIDs are unique and permanent. The same NetID is never reassigned to more than one individual; if someone leaves the university and returns later, the original NetID is reactivated.

GuestID

Cornell Guest IDs provide individuals with limited access to certain services that use central authentication.

Guest IDs grant the lowest level of access and should be used instead of Sponsored NetIDs whenever possible. Consultation with local technical support can determine if a Guest ID will suffice.

Secure Password Management

Password escrow provides a secure vault for storing and managing shared secretive information such as passwords, documents, and digital identities.

Service Account

Cornell service accounts provide non-human identities with access to computing infrastructure that uses central authentication.

Single Sign-On

The Single Sign-On service employs two different solutions. The first, Shibboleth, is a higher education community implementation of web single-sign-on using the SAML protocol. The advantage of using Shibboleth is that you can enable access to your site to users from other institutions that are members of the InCommon Federation.

The second, Azure SSO (formerly ADFS), is the solution for Microsoft services such as Office 365 and Azure.

Sponsored NetID

Sponsored NetIDs are intended for use with contractors or other individuals who are not directly affiliated with Cornell but have a business purpose for needing access to Cornell services or systems.

Two-Factor Authentication

Cornell offers Duo as the Multifactor Authentication solution for university systems.