Authentication Services

Authentication Services provides central authentication services that Fermilab service providers can leverage to allow users of their service authenticated access to the service

Active Directory

Active Directory (AD) is a directory service that Microsoft developed for the Windows systems. AD provides directory-based identity-related services using standards such as LDAP, Kerberos, and DNS.


Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography. The Kerberos protocol uses strong cryptography so that clients and servers can prove their identity to each other across the network.
Fermilab specific configuration files are available here.


The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.


Eduroam is a federated authentication service that allows participating institutions to provide access to their wireless networks to users from other Eduroam participating institutions. Individuals use their home institution credentials to access the network.


Fermilab is a member of the InCommon Federation. Single Sign On (SSO) services are available for use with InCommon members and Fermi applications.

Staff and users can see what SSO groups they are in here


Multi-factor authentication (MFA) is a method of confirming a user's claimed identity in which two or more mechanisms such as knowledge, possession and inherence are used.

For more information on these services please contact the Fermilab Service Desk