HKUST ITSO AI Chatbot

Important reminder

Please do not disclose personal data such as your HKUST account number, staff/student ID or name in the chatbot. Information provided will be retained to enhance system performance.

By using the HKUST ITSO Chat service, you confirm that you have read, understood, and agreed to the Disclaimer

Log in to access additional information for your user group in addition to the publicly accessible content.

Send Icon
HKUST SSO Integration Service (For application developer only)

HKUST Single Sign-On (SSO) Integration Service is specifically designed for application developers, providing a secure and efficient platform that enables users to access web applications and systems seamlessly, without the need to repeatedly enter their credentials.

Details

Leveraging Microsoft Entra ID as the primary identity provider (IdP), this service delivers enterprise-grade features, including robust security, high availability, and resilience. Additionally, it facilitates straightforward integration with various cloud services, making it an ideal solution for developers looking to enhance user authentication experiences in their applications.

Available To
Staff, Students and Alumni (Selected Application)
Service Fee

Free

Service Hours

7×24

Getting Started

The HKUST Single Sign-On (SSO) Integration service enables users to authenticate once and gain seamless access to multiple services without the need to log in again. This service supports the following authentication protocols:

 

All these protocols are supported by ITSO. Application developers or service owners should select the appropriate protocol to integrate the authentication service into their applications or services.

In this integration, HKUST-SSO acts as the Identity Provider (IdP), while your application serves as the Service Provider (SP) through standard SSO protocols.

 

How to choose an SSO Protocol?

Here's a comparison of CAS, OIDC and SAML:

Feature

CAS

OIDC

SAML

Type

SSO Protocol

Authentication Layer

XML-based Authentication

Use Case

Web Applications

Web and Mobile Apps

Enterprise Applications

Flow

Ticket-based

ID Token-based

Assertion-based

Complexity

Simple

Medium

Complex

Industry Usage

Educational Institutions

Popular in web services

Common in Enterprises

 

Summary

  • Choose CAS for easy SSO integration in a web application within a single organization.

  • Choose OIDC for modern API-based architecture or when integrating with third-party identity providers.

  • Choose SAML for enterprises needing federated identity management across different organizations and systems.

 

Recommendations

Self-developed Application / Self-hosted Website

Recommended Protocol

Apache

CAS

Simple Web Applications (e.g., .NET, Java, PHP)

CAS

OAuth Required

OIDC

Mobile Applications

OIDC

 

Note: For cloud services or software packages, please follow the vendor's instructions and the SSO integration guide.

 

Process for HKUST-SSO Integration

The process of integrating HKUST-SSO into your application is as follows:

  1. Register your application

  1. Configure a suitable CAS/OIDC/SAML client/code

  1. Test and troubleshoot

 

Service Registration and Eligibility

Any application, whether on-premises or cloud-based, for the HKUST community is eligible to use HKUST-SSO Integration Service. Please click below to fill out the form for registering an application:

  • CAS (Limited to CSC only)

  • OIDC (Limited to CSC only)

  • SAML (Please submit request to cchelp@ust.hk)

Learn More

Support

General Enquiries cchelp@ust.hk
Suggestions & Complaints cclisten@ust.hk
Serviceline +852-2358-6200