Identity Management Services
Identity Management Services ensure that only authorized users may gain access to laboratory resources. In addition to your Berkeley Lab Identity, access to some resources may require or benefit from other, related services. Below, you'll find more information about where and how to access these.
For help with any Identity Management Services, please contact the Help Desk at help@lbl.gov.
Identity and Access Management
-
Berkeley Lab Identities
Your Berkeley Lab Identity was created for you when you join the Laboratory. Your Berkeley Lab Identity username and password are your most commonly used credentials.
Change your Berkeley Lab Identity password
Reset your Berkeley Lab Identity password
-
Active Directory
Active Directory is used to login to managed Windows workstations and to access some shared file services.
-
Multifactor Authentication
Multifactor Authentication (MFA) offers an additional layer of security for your Berkeley Lab Identity, protecting you against credential theft. Some systems already require MFA, and you can opt-in to require MFA protection for your SSO logins.
Opt-in to MFA (you must have already enrolled via Token Management before you can access this service)
-
StrongID
StrongID is a two-factor authentication method, supported by a physical Yubikey or Google Authenticator soft token, which supports access to business systems and computers containing sensitive information. StrongIDs are issued based on job duties and responsibilities. -
Level 4 ID
Level 4 IDs are issued to only a small number of LBL employees who manage critical systems infrastructure. Level 4 ID tokens are issued based on job duties and responsibilities. -
Enterprise Directory (LDAP)
The Enterprise Directory stores information about both your Berkeley Lab Identity, as well as other information, such as your phone number and location.
-
Web Single Sign-On
The Web Single Sign-On (SSO) services make it possible for web application developers to integrate their applications with the array of identity and access management capabilities listed on this page. Multiple protocols (SAML, OpenID Connect, and CAS) are available to suit most needs. The use of the SSO system for web applications helps protect user credentials by not exposing them to potentially vulnerable systems.Contact the IT Help Desk to find out how to integrate your application.
-
eduroam
eduroam is a worldwide Wi-Fi access point authentication system, permitting associated of member institutions to access Wi-Fi resources using their home institution credentials. -
RADIUS
RADIUS is a widely supported authentication, authorization, and accounting protocol, which makes it possible to rapidly integrate Laboratory systems -- particularly UNIX systems -- with our multifactor authentication systems. If you're interested in bringing MFA to individual hosts that are accessed via SSH, contact the IT Help Desk
Related Services
-
Scientific Computing ID
The Lawrencium cluster is open to all Berkeley Lab researchers needing access to high performance computing. -
Password Manager
The use of a password manager greatly improves the security of your identities online by encouraging the secure storage of longer, more complex passwords. IT User Support strongly recommends the use of a password manager, such as LastPass -
Virtual Private Network (VPN)
Virtual Private Networks (VPN) establish encrypted tunnels for the secure transfer of information. Because the data that passes through is encrypted, it it protected by unauthorized snooping. Berkeley Lab requires the use of VPN for offsite access to some systems.