Throughout higher education, few names ring out so spectacularly as Ellucian. Providing many strong applications for higher education has made Ellucian a major boon to the industry. However, there is always one low hanging fruit: CAS SSO. Typically, providing fully integrated SSO to Banner requires the use of the Ellucian Identity Service, or a conglomerate of separate solutions.
That is no longer the case.
Various SSO Protocols
A primary factor in understanding SSO is to realize that not all applications utilize the same protocol. In the world of Single Sign On, there are many different industry standard protocols that applications and vendors can utilize:
- SAML SSO – The Summa Cum Laude of web SSO. SAML has one of the highest integration values, as it is capable of being used in almost every modern web-application.
- CAS SSO – The Magna Cum Laude of web SSO. CAS utilizes its own server to be as a third-party for authentication. Using this setup, CAS SSO builds on the basics of SSO with checks and balances for additional security.
- Shibboleth SSO – a subset of SAML, Shibboleth was designed specifically for authorization and identity management across organizational boundaries. Fewer popular applications support Shibboleth, but it is a widely used and recommended protocol for a specific subset of scenarios.
- Kerberos SSO – The MIT brainchild and typical Microsoft SSO protocol. Kerberos provides mutual authentication between the server and the device. Typically, Kerberos only provides SSO at the intranet level.
- And many more…
SSO In Education
Many educational institutions often overlook Single Sign On is a critical requirement. However, as more applications and resources become available to faculty, staff, and students, providing seamless access is increasingly paramount. Implementing solutions such as CAS SSO servers to not only improve usability, but also increase security and productivity as well.
SSO is typically an aside for Education when issues occur with Identity Management. Kerberos, SAML, Shibboleth, and even CAS SSO appear as solutions to this problem. Not to mention the added benefits of increasing usability and security for the entire organization. In addition, utilizing SSO provides organizations with the unique ability to brand a central portal to convey trust and reliability to an expanding audience of end-users.
BANNER 9 and CAS SSO
Providing true SSO to banner has never been an easy task, however. Thankfully, Banner XE/Banner 9 now supports CAS SSO. While not the newest SSO protocol, the introduction of CAS SSO now serves to improve Banner’s usability. Additionally, CAS SSO simultaneously increases the integration points for Banner in various institutions. This is especially true as Banner has no plans to support the more widely used SSO protocol, SAML, outside of their proprietary Identity Service.
For Higher Education institutions looking for additional, more feasible options, news of CAS SSO functionality in Banner XE/Banner 9 will certainly serve to fill the gap. At the very least, CAS SSO opens Banner up to more unique configurations and deployments to a much wider selection of higher education institutions.
Specifically, the PortalGuard IdP can integrate with Banner using the CAS SSO protocol. This integration provides streamlined access through a large selection of varying configurations. Coupled with integrated password reset and multifactor functionality, PortalGuard has become a highly regarded solution for providing Higher Education with both usability and security at a competitively low price-point.
When it comes to Single Sign On, don’t reinvent the wheel by mixing and matching solutions to fit your needs. If your institution is looking for options, let us know and we’ll be more than happy to help!