General

Federated Login experience

Overview
Login options
- SLAC affiliated people
- Non-SLAC affiliated people (Stanford and otherwise)
FAQs
- I have both a Stanford ID and a SLAC ID. Which option should I choose?
- What is the difference between Authentication and Access/Authorization?

Overview

As part of the Identity and Access Management initiative, we have rolled out a new authentication experience supporting the use of login from many institutions. This is the new login experience for most SLAC applications going forward from 2024.

This functionality paves the way for future enhancements such as the use of federated identities from home institutions. For example, if a researcher comes to SLAC from the University of Washington, who is sponsored by a SLAC employee, the UW person will be able to use their uw.edu credentials to access applications where approval has been given.

Login options

SLAC affiliated people

Going forward, more and more applications in use at SLAC will accept both Stanford (SUNetID) and SLAC logins. All SLAC employees have a Stanford login and there is hope the use of Stanford logins for SLAC applications will increase.

All SLAC employees should use SLAC Cardinal Key (on SLAC managed Windows and Macintosh computers) for a better, more secure login experience. SLAC Cardinal Key will eliminate the need for entering a password during the login process.

Non-SLAC affiliated people (Stanford and otherwise)

If you are not affiliated with SLAC then you should use your Stanford login or the login you used when registering with the Scientific Collaborative Researcher Registration. If you have not yet registered you should do so now.

FAQs

I have both a Stanford ID and a SLAC ID. Which option should I choose?

Applications that have previously used SLAC Single Sign-On (also known as ADFS) may require that you continue to use the SLAC ID option until it has been configured to accept your Stanford login as well as your SLAC login.

The Stanford login option does not grant access to everybody with a Stanford SUNet ID. Access permissions are still managed on an application-by-application basis.

What is the difference between Authentication and Access/Authorization?

Authentication is the act of proving you are who you say you are. This may involve presenting a password or other mechanism (like a Cardinal Key) along with the username. Authorization or Access involves someone configuring an application to allow you to get into or perform certain functions within an application after you have authenticated to the application.