Mason provides authentication services to protect Mason applications, such as Patriot Web and Banner. Authentication service provisioning is available and automatic for eligible students, faculty, and staff.
Additional information and instructions for non-system administrators are available in the knowledge base.
Two-Factor Authentication (2FA)
Two-factor Authentication (2FA) is required for all Mason employees (faculty, staff, and student workers) and students. For more information, see the Two-factor Authentication (2FA) service page.
- 2FA Account Login to enroll in 2FA or manage your 2FA Account
Accounts are automatically created upon employment or enrollment at Mason. The Active Directory account is automatically activated when a user activates their NetID or email account.
Central Authentication Services
If you are not enrolled in Two-Factor Authentication (2FA), you will not be able to access any CAS-enabled websites/applications. If you attempt to log in with your NetID and Patriot Pass Password, your access will be denied. You must enroll in 2FA immediately in order to access these systems.
To log in to CAS, Mason employees enter their NetID and Patriot Pass Password (first factor) and confirm their identity using a physical device (second factor). The physical device may be a smartphone, tablet, mobile phone, landline phone, or Yubikey.
Service Offerings for System Admins
All websites and applications using Active Directory Federation Services (ADFS), Central Authentication Service (CAS), or Shibboleth must be registered with ITS.
System administrators may request authorization, authentication, and account services for their websites and applications.
Active Directory Federation Services (ADFS)
Active Directory Federation Services (ADFS) provides central authentication and authorization of all users and computers that connect to MESA and desktop management services for Windows-based computers through Mason's Service Center, a self-service tool for users that provide security updates, remote delivery of software, and group policies. Generic accounts for specialized applications or services may be created and assigned with approval by Architectural Standards Review Board (ASRB).
Generic accounts for specialized applications or services may be created and assigned with approval by IT Security. To submit a request for a generic account, contact the ITS Support Center.
Central Authentication Services (CAS)
Central Authentication Service (CAS) is a single sign-on service used by a variety of Mason websites and applications to authenticate individuals. Its purpose is to permit users to access multiple sites while providing their credentials (NetID and Patriot Pass Password) only once. CAS coupled with 2FA offers a secure environment for sensitive data.
Shibboleth (Mason Federated Login) is a single sign-on (login) system that allows users to sign in using just one identity to various systems run by federations of different organizations or institutions (oftentimes other universities or public service organizations). InCommon is the Federation currently tied into Shibboleth.
Requests are processed during normal business hours.
Getting This Service
Requests for authorization, authentication, and account services may require Architectural Standards Review Board (ASRB) approval.
- Select Register Website or Application to register your website or application
- Select Request AAA to request CAS or Shibboleth.
- Select Request ASRB Consultation to request Active Directory (ADFS).