Authentication

GuestIDs are stored in CornellAD and all supported methods can be used to authenticate against CornellAD.

Authorization

By default, a GuestID will not be in any groups (not even the default CornellAD groups) except for OIT-IDM-Guests-ls group. An OU administrator must explicitly grant permissions for guests on any resources.

Administrators can use the global guest group or create their own groups and add guests. Once the groups are defined, administrators can use these groups to grant authorization to their resources.

CUWebLogin

CUWebLogin enables access to restricted web pages by presenting a secure web form that asks for a NetID or GuestID and associated password.