Integrating Single Sign-On and CalNet into WordPress

Back to Blog

As a long-time web development partner with the University of California at Berkeley, we at Computer Courage have built a series of customized solutions for the University’s needs. One of the most frequent requests we get on almost every project is CalNet integration. CalNet provides students and faculty with an existing Single Sign-On solution provided by the University. While this article focuses on CalNet used by UC Berkeley, the concepts apply to any Single Sign-On solution (Okta, OneLogin, Active Directory, LDAP, AWS SSO, etc). If your organization or department has similar needs please reach out.

What is Single Sign-On and why do organizations want to use it?

There are many good reasons, but we’ll consider the most important three:

  • For IT Support – It helps track who has access to what and provides a central platform to grant or revoke access to a group or service.
  • For security – It adds layers of protection via multi-factor authentication, granular permissions, or IP restrictions.
  • For ease of use – It simplifies everyone’s day-to-day by only requiring a single username and password for common services.
  • For compliance – Some departments or organizations are required to use Single Sign-On rather than passwords.

How does Computer Courage integrate CalNet Authentication?

Specific Sections or Pages

Section or page specific CalNet protection provides WordPress administrators the ability to decide if a page or tree of pages should require CalNet authentication to view. The interface can be customized, but usually involves checkboxes to choose restrictions for content to be viewable only by students, faculty, or any valid CalNet user.

Side-wide Protection

As a marketing agency, site-wide CalNet protection is less common for our projects, however many websites we support are designed only for faculty or students. Unlike restricting sections or pages, the site-wide option requires zero effort from administrators. Once enabled, only the selected group(s) will be able to access the website. This option is great for internal HR knowledge bases or student resources.

File Protection

By default, files uploaded to WordPress can be indexed by search engines which can be problematic. Using CalNet protection eliminates this issue. We implement this either by allowing users to manually designate which files are protected, or alternatively, having all files associated with a certain type of content be restricted. For example, when creating a Scientific Papers template it may be decided the descriptions should be public but the downloadable source materials (PDFs, spreadsheets, and videos) restricted via CalNet.

User Login (SSO)

The previous three options are similar in that the CalNet user is not associated with a WordPress user. Integrating CalNet into the WordPress login system provides a passwordless and more secure experience.

One option is forced CalNet authentication where each WordPress user is tied to a CalNet user.  This is generally the most secure option, however can sometimes cause friction with outside vendors that can’t easily get CalNet access. Alternatively, making CalNet login integration optional provides fewer security improvements, while still eliminating the need to remember another password.

How can I get started?

As more organizations adopt to working remotely, increasing login security and allowing employees to access resources quickly and easily is key for success. The features described in this article can be integrated into both new website builds as well as existing WordPress websites. If you’re part of a department at UC Berkeley looking for help with your website’s CalNet integration, or an organization who has Single Sign-On needs please get in touch so we can explore solutions with you.