Boone Gorges, 2015-09-21 11:21 PM


The CUNY Academic Commons is interested in working with CIS to offer Commons users the ability to authenticate using CUNY credentials.

Some background: The CUNY Academic Commons is a WordPress-powered site used by several thousand faculty, staff, and graduate students through the CUNY system for communication and collaboration. The Commons has been a relatively independent project since its inception in 2009. The site is hosted at the Graduate Center, with the assistance of GC's IT staff, and the Commons has its own team of developers.

Users of the Commons authenticate using WordPress's native user system. Anyone with a CUNY email address can register for an account. During registration, users choose their own username and password; an activation email is then sent to their CUNY email address, a failsafe that works both to prevent spam and to verify users' association with CUNY. After registration, users are able to change their email addresses to their preferred address, whether it be a * address or not.

Our team is hoping to begin a discussion about offering users - both existing users and newly registering users - the option of using CUNY credentials for login. This would address a couple of issues for us. First, users often experience "password fatigue", and the ability to use an existing CUNY username/password would mean one fewer set of credentials to remember. Second, authenticating against a CUNY identity system would provide immediate verification of one's association with CUNY, meaning we could skip the cumbersome process of sending an activation email that has a tendency to get lost in spam filters.

We're assuming that, if successful, we'd be integrating with the CUNY Portal, which we understand to be an LDAP server that has an API that can be queried by external applications. It's likely that the LDAP server contains a fair amount of data about users; at this time, we only want to authenticate against the system, and we don't foresee wanting to pull any data from the system in the future, aside from directory info such as first and last names.

Does CIS routinely offer integration with its central LDAP? Is there a standardized procedure for requesting access? What are the technical requirements on our end?

Our development team is happy to answer any questions about our use case, or our application configuration.

Thanks very much for your consideration.