Authentication/Authorization Clause Samples
Authentication/Authorization. 2.1. Client will be solely responsible and liable for enforcing the terms of this FSSO Amendment with respect to the Participants. The Federated User Identity (the “FUI Feature”) will be for (i) the sole purpose of creating and providing to Participants a login for accessing the intended ADP Services, and (ii) Participants’ use of same will comply with all applicable laws.
2.2. Client will be solely responsible for the establishment, implementation and oversight of the rules, requirements and procedures relating to the provisioning, de-provisioning, distribution, selection, use and safeguarding of the Identifying Credentials (such as the usernames and passwords) and for the verification of the identity of each Participant and its respective level of access authorization for each ADP Service. Client will be solely responsible for the determination of the adequacy of any and all particular security procedures and policies to be utilized with respect to the FUI Feature, including any specifics contained herein, and that ADP shall not have any responsibility to authenticate Participants or otherwise verify their identity or authorized access levels (but ADP shall nonetheless retain the right to reject assertions as provided in Section 2(h)). ADP is therefore relying on the Client to utilize ‘industry best practices’ in regards to server security, password policies, user provisioning and de-provisioning, and the creation of persistent, unique and static user name. Client will use the FUI Feature in accordance with the reasonable instructions and reasonable policies established by ADP from time to time and communicated to the Client.
2.3. The Parties agree that the FUI Feature shall solely utilize “Security Assertion ▇▇▇▇-up Language” (“▇▇▇▇”) or Open ID Connect (OIDC) and the processes required thereby or any other method mutually agreed by the parties in writing. As of the date of this Agreement, detailed information applicable to ▇▇▇▇ and its use is located at the following internet site: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇-▇▇▇▇.▇▇▇/standards#samlv2.0 and detailed information applicable to OIDC and its used us located at the following internet site: ▇▇▇▇://▇▇▇▇▇▇.▇▇▇. Client is responsible for procuring, at its own expense, all hardware and software necessary to utilize the FUI Feature. ADP also reserves the right to further the security of the assertion or token through the use of such technologies that support digital signing. Client shall digitally sign the assertion or tok...
Authentication/Authorization a. Describe how the system authenticates users. User passwords are encrypted via a 1‐way DES hash mechanism and stored in an encrypted form.
b. Describe capabilities for integrating the research system with campus LDAP services. Specify supported LDAP systems and versions. Integration with LDAP services requires customization and scoping.
c. Describe the system’s capability for supporting integration with JA‐SIG’s Central Authentication System (CAS), including versions and supported features of CAS. We have integrated with CAS at several other institutions.
d. Describe the user interface and tools for administering and configuring the system authentication and authorization. Combination of internal institution‐specific tools and communication with Cayuse.
e. Describe processes for assigning and managing roles and responsibilities including the ability for customization. Some role designation handled during bulk‐load process. Most role assignments are done within the application by system administrators. Usually not handled in concert with LDAP integration.
f. Describe how you support integration with LDAP groups for defining and managing user responsibilities.
Authentication/Authorization. Client shall be responsible for the establishment, implementation and oversight of the rules, requirements and procedures relating to the provisioning, de-provisioning, distribution, selection, use and safeguarding of the Identifying Credentials (such as the user ID and passwords) and for the verification of the identity of each Participant and its respective level of access authorization for each Covered Service. Client shall utilize at least ‘standard industry practices’ in regards to password policies, user provisioning and de-provisioning, and the creation of persistent, unique and static user ID’s, and therefore ADP shall not have any responsibility to