Login and Authentication Services

Log-in Services

UCS offers different standards for the authentication of users like LDAP, Kerberos, PAM, SAML and OpenID Connect. The system’s central data management ensures that the data required for log-ins with different standards are constantly available and the contents are synchronized at all times.
This allows users to log in to different clients with the same user data securely and encrypted, regardless of whether Apple macOS, Microsoft Windows or Linux is installed as the operating system.


Use UCS Core Edition for Free!

Same User, Same Password

The use of the different standards makes it possible to use several services with the same username and password.
Consequently, users only need to remember one password for the entire environment instead of individual passwords for each application and service. This makes it easier to choose more complex and thus safer passwords, which can also be changed autonomously if and as required.

Single Sign-on

Users in UCS environments only need to log in once. After that, the solutions integrated in UCS take over the subsequent log-in procedures for the different services and applications. This saves a great deal of time as it is not continually necessary to re-enter the user data. UCS single sign-on mechanisms are offered via Kerberos, SAML and OpenID Connect.

One-time registration for Web Services with SAML and OpenID Connect

Univention Corporate Server implements the role of a SAML and OpenID Connect Identity Provider, providing Web single sign-on. Thanks to this users can also benefit from a single sign-on for Web services such as Google Workspace, Microsoft 365 and many services from the Univention App Center as long as these services support the open SAML standard.
This allows UCS users to use different, provided web services without redundantly storing and maintaining user data for the individual services. The reliability of distributed domains is increased by storing configurations directly in the OpenLDAP directory service and thus synchronizing them automatically.

Univention Management Console LDAP UCS 5
SAML Identity Provider in UCS 5

With the OpenID Connect Provider app, UCS offers another technology that enables administrators to connect services to UCS and offer end users a single sign-on. The app uses the UCS identity management for authentication and keeps the passwords in the UCS domain.
In order to use OpenID Connect providers, the services to be connected must have an interface that is able to work as OpenID Relying Party.

Data sovereignty remains with the user himself, as no user account information is exchanged with the service provider.

Download UCS now