UW ADFS is retired as of 2/18/2022. Customers with applications that have WS-* protocol requirements should use Azure Active Directory.
Web applications can be integrated with UW NetIDs and the UW Groups service via a variety of methods, including Entra ID and UW Shibboleth. UW Shibboleth and Entra ID are both generally recommended.
Guide to which UW Identity Provider your web application should prefer:
| Web app … | UW Entra ID | UW Shibboleth |
| requires use of SAML or OIDC |
X |
X |
| requires use of WS-Federation or WS-Trust protocols |
X |
|
| requires the OAuth protocol |
X |
|
| requires integration with Office 365 or other Entra ID apps |
X |
|
| requires user provisioning via the SCIM protocol |
X |
|
| has an Entra ID application gallery template |
X |
|
| requires support team access to app sign in logs |
X |
|
| requires custom terms of use |
X |
|
| requires Research and Scholarship category support |
X |
|
| requires custom IdP metadata |
X |
|
| requires multilateral SAML federation |
X |
|
| requires support for social identities such as Facebook |
X |
|
| requires broadest possible set of identity providers |
X |
|
| requires better user experience via sign in only when required |
X |
|
| requires group claims for member-private groups |
X |
|
| requires claims involving confidential data |
X |
|
| requires simple conditional access controls such as:
-group membership |
X |
X |
| requires advanced conditional access controls including:
-location (IP, GeoRegion, or GPS) -device platform -client application -client device state -sign in risk -application specific restrictions |
X |
|
| requires stronger fraud protections such as:
-behavior analytics to flag risky signs in such as: atypical travel, unknown/suspect locations, patterns matching known compromised account signatures -detection of publicly leaked credentials -high volume of daily security signals |
X |