Computing accounts (known as SUNet IDs) and passwords control access to online resources and services at Stanford. These accounts are free of charge for faculty, staff, students. Sponsored accounts are available for some University affiliates and guests; a University sponsor is required and monthly charges apply.
Accounts and Access
Account, access, and authority systems and services protect Stanford’s information resources. Services in this category include Stanford WebLogin and Two-Step Authentication, ID Card, Authority Manager, and more.
The University provides faculty, staff, and students a variety of computing resources and online services. A SUNet ID (an account name that identifies you as a member of the Stanford community) and password is required to access most of these services.
Active Directory Domain Services forms the core of the Stanford Windows Infrastructure, providing authentication and authorization services as well as LDAP and web services-based directory services.
Authority Manager is a web application that gives Stanford managers a central location to manage the systems authority their employees need to work the PeopleSoft SA, HRMS, and Oracle Financials systems. The Authority Manager maintains the authority registry, the master record of who can do what.
The Cloud Account Management service provides simplified ordering and provisioning of a Google Cloud Platform (GCP) or Amazon Web Services AWS cloud account, as well as account and billing management.
The Campus Card serves as an identification card, an electronic key, and a debit card, allowing you to enter and access secured facilities, exercise privileges to which you are entitled, and make purchases against funds deposited in a StanfordCardPlan account.
Departments and facilities on campus use Lenel and CSGold card reading systems on doors, turnstiles, and elevators to control access to buildings and rooms. Card readers include the familiar "swipe" type as well as proximity readers.
Kerberos is the heart of Stanford’s campus-wide network security infrastructure and is integral to the authentication services provided by components of Essential Stanford Software (esp. Stanford Desktop Tools) and by Stanford WebAuth.
Stanford uses OpenLDAP (Lightweight Directory Access Protocol) software to enable the searching and browsing of directory information in its central information systems. Without the OpenLDAP Directory Service, web-based systems like Stanford.You and Axess would be unable to connect Stanford users to their personal or group information.
Services provided by University IT are ordered through the OrderIT online portal.
The Organization Manager is a Registry application used by designated school, department, or organization members for maintaining the contact information that appears in the printed Stanford Directory for their organizations.
Registry applications (e.g., StanfordYou) give users direct access to appropriate data without requiring access to source systems. Registries create and manage a common source of accurate, consistent data about people, organizations, and services across the University.
A consolidated repository of Stanford person and organization data may be used by authorized entities to conduct University business and serve Stanford’s instructional, research, and public service missions.
SAML 2.0 is one in a set of authentication and authorization technologies underlying Stanford WebLogin, which provides access by individuals across organizations to protected web pages and applications, with just one login action.
Shibboleth is a federated authentication system that allows Stanford users to authenticate securely using their SUNetID to some services at non-Stanford sites. It also allows web servers at Stanford to authenticate users from some non-Stanford institutions using the users' local authentication credentials.
Faculty or staff may sponsor someone for computing services, as long as the person to be sponsored meets basic eligibility requirements. Some sponsored services or resources carry a monthly charge. For these services, the sponsor must have expenditure authority for a current University account. Other services are free and require only that the sponsor be regular faculty or staff. Sponsorships are maintained via the Sponsorship Manager web application.
Stanford People and Organization Search, also known as StanfordWho, is the web application that allows you to search the Stanford directory of faculty, staff, students and sponsored affiliates at Stanford University and Medical Center. Contact and organization information is presented.
StanfordYou is the web application that allows Stanford community members to update their contact information and SUNet accounts, including their password, vacation auto reply, profile, and privacy settings.
Two-step authentication uses two types of authentication to verify your identity. First, you need to log in with your SUNet ID and password. Then you need a physical device that you control—such as your mobile phone, tablet, or landline phone—to verify your identity. This type of authentication is required to access Stanford systems that have higher than normal levels of security, such as critical business or infrastructure systems. In addition, two-step authentication can help protect your Stanford account should someone else learn your password.
Stanford University has standardized on Duo for two-step authentication to Stanford-managed servers. Static login credentials are susceptible to phishing and offline cracking. Two-step authentication adds a dynamic component to logins, which significantly mitigates this risk. Two-step authentication is required for all interactive user and administrator logins to Moderate and High Risk systems.
Stanford’s VPN service allows any Stanford affiliate to connect to SUNet remotely from any available network connection almost anywhere in the world: including from home, from many hotels, and even from within some company networks.
WebAuth is a comprehensive system for authenticating web users that was developed to protect Stanford’s web sites in AFS space, but can be used in other environments that use Apache web server software. WebAuth relies on a login server that establishes a users identity on their first attempt to access a protected web site. Once the user has logged in to the login server, their identity is carried in a cookie and they will not need to enter their password again until their credentials expire, even if they visit other protected web sites.
Workgroup Manager is a web application that gives Stanford community members a place to define groups of community members for use in various online applications, including web authentication. Though the name workgroup may imply usefulness only to faculty or staff, workgroups can be helpful to, and maintained by, anyone with a current SUNet ID.