Authentication Integration

Last updated: November 15, 2023
Audience: IT Staff / TechnicalDecision Makers

The Microsoft Infrastructure provides a variety of mechanisms that allow you to integrate including: domain/forest trusts, delegated OUs, Active Directory, and Entra ID. These solutions provide options for computers or applications, and in most cases provide more than just authentication extending to authorization and directory information capabilities.

These are not all of the authentication integration options provided centrally, and customers are encouraged to engage with UW-IT to explore all of the centrally provided options. Some options have more support, less risk, and are preferred. UW-IT can help guide you through the possible integration options. Send email to help@uw.edu to engage.

There is an Entra ID authentication page here.

Windows and UW NetID Integration

If you are looking to integrate Windows and UW NetIDs, there are a couple options. You can use UW NetIDs and “centrally” maintained passwords with Windows with one of these options, which are summarized below:

  • Via Delegated OU
    • Windows account has a UW NetID password.
    • Only requires a delegated OU
    • No user confusion
    • Authorization groups tied to NETID user accounts that are auto-provisioned from institutional data. These include groups based on affiliations (e.g. student, staff, faculty), and course groups.
  • Via trust
    • Windows account has UW NetID password.
    • Requires a trust to NETID and your own Windows domain.
    • Users might need to use both the NETID user account and your local domain account.
    • Authorization groups tied to NETID user accounts that are auto-provisioned from institutional data. These include groups based on affiliations (e.g. student, staff, faculty), and course groups.
  • Via Entra ID
    • User account has a UW NetID password with an active UW Microsoft account
    • Additional attributes/claims can be provided by Entra ID.
    • The web application must support WS-Federation, OpenID Connect, or SAML authentication.