M-F 8:30am – 5:00pm
Help Desk Hours:
M-F 8:00am – 6:00pm
iCARE Center Hours:
M-F 9:00am - 5:00pm
1244 Blossom St.
(803) 777-1800
helpdesk@sc.edu
 |
||||||
|
|
||||||
USC AAI provides authentication and authorization services for access to
university resources and also to selected external resources.
Accessing a restricted resource is a two step process. By some means
you state - This is who I am, now what can I access? The resource must verify
who you are (authentication) and if successful grant you the privileges that have been assigned to you
for the resource (authorization).
For most on-line university resources, you will
indicate who you are by presenting your USC Network Username and password.
Authentication
Authentication is the process that is used to prove that you are who you say you are. It is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the subject are true (Wikipedia). In the simplest case, it is the process of confirming who you say you are by using something that only you know.
An example of on-line authentication might be to provide your USC Network Username and password to access an application; but could include the use of certificates, location, biometrics or any combination of these.
An example of off-line authentication might be to provide your driver's license when using your credit card to make a purchase.
Authorization
Authorization occurs after Authentication. Authorization is the function of specifying access rights to resources. It gives you permission to do or have something.
This identifier is assigned to a user when they become part of the USC community. Students, faculty, staff, sponsored guests and sponsored affiliates are members of the USC community. In order to use your USC Network Username, you must possess the associated password. Students, faculty and staff may set the USC Network Username password via VIP.
Students are assigned a USC Network Username when their application is 'committed' for attendance. Student accounts will no longer be accessible after a period of time after a student's last class is completed. This time varies between graduate and undergraduate programs. For undergraduates, this is 1 year after graduation. For graduates, this is 2 years after graduation.
Employees are assigned a USC Network Username when their employment paperwork is processed. A network manager can pre-assign a USC Network Username anticipating processing of the associated paperwork.
Sponsored Guests may be assigned a USC Network Username when requested by a network manager and will expire after a period of time.
Sponsored Affiliates are assigned a USC Network Username through a sponsoring department submission of the appropriate forms to Human Resources. The account will expire after a period of time.
Enterprise Authentication
Enterprise authentication applies to applications that authenticate to the central enterprise authentication system currently represented by the USC Active Directory service. This service contains all USC Network Usernames across all system campuses.
Implementing Application Authentication
Applications may use either Shibboleth Authentication or LDAP Authentication. Shibboleth Authentication is recommended. In both cases the authentication itself is the same. Shibboleth authentication may be considered more secure for many applications and can be less effort to implement.
LDAP authentication is required by some applications. In order to utilize LDAP authentication in your application, you may have to establish a resource account in Active Directory (LDAP) that would permit the level of access that your application needs.
To request a resource account to access LDAP, please contact your Department or College IT representative, as they may can create the Resource account in ADUMS. Otherwise, contact the UTS Help Desk at 777-1800 or helpdesk@sc.edu.
These accounts require password changes and account renewals and this must be considered in your application deployment. For more detailed information about ldap authentication at USC, please see click here.
The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner (shibboleth.internet2.edu)
Enabling your application to utilize Shibboleth depends on your application. For applications that use Apache LDAP authentication, the change is generally transparent and very simple.
Shibboleth Authentication resides at the web server level to protect an entire web application or a portion of the application. Shibboleth also provides role based authorization for your application.
Additional information and configuration instructions please refer to Shibboleth SP Installation & Configuration instructions.
| Safety/Emergency Information | Directory: Find People Map: Find Places Calendar: Find Events VIP | Contact and Site Information |
| Columbia, SC 29208 • 803-777-1800 • Webmaster | Privacy Policy | © University of South Carolina Board of Trustees |