Overview
Authentication and Authorisation are two different but closely related concepts in security. Authentication is the process of verifying who you are, while authorisation is the process of verifying what you have access to. In the context of SEAtS, authentication is the process of verifying the identity of a user who is trying to access the SEAtS application, while authorisation is the process of determining what actions and resources that user is allowed to access within the application.
Authentication in SEAtS
SEAtS supports Single Sign-On (SSO) via your institution's identity provider. The following SSO integrations are supported: Microsoft Entra ID (formerly Azure AD), Shibboleth/SAML, and ADFS (Active Directory Federation Services). When a user logs into SEAtS, they are redirected to their institution's identity provider to authenticate. Once authenticated, the identity provider sends a token back to SEAtS, which verifies the token and logs the user in.
Authorisation in SEAtS
Once authenticated, a user's level of access within SEAtS is determined by their Access Profile. Access Profiles are configured in the SEAtS Administration site and define what features and data a user can access. SEAtS uses Role-Based Access Control (RBAC) to manage access to the system. This means that users are assigned roles, and roles are assigned permissions. The following roles are available in SEAtS: Administrator, Academic, Personal Tutor, Student Services, and Student.
Single Sign-On (SSO)
SSO allows users to log into SEAtS using their institutional credentials without needing a separate username and password. This simplifies the login process for users and reduces the burden of managing multiple sets of credentials. SEAtS supports SAML 2.0 for SSO integration.