MyAccess is the name the University of California, San Francisco has given to its unified account login system. This single-sign-on system enables you to login once to access hundreds of applications using just one username and password.
Frequently asked questions about MyAccess account activation, resetting passwords, etc. can be found on the MyAccess Frequently Asked Questions page. You can also find links to request help and contact the Service Desk.
If you are a developer or are Information Technology support staff and would like to integrate the MyAccess login process with your application, please refer to the MyAccess Integration ToolKit.
MyAccess uses the Security Assertion Markup Language (SAML) based Shibboleth IdP software to handle user authentication which passes on relevant account information on to your application. It is a standards-based, open source software package for web-based single-sign-on across, or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. Shibboleth IdP is the software that handles the interaction between two key entities: an Identity Provider (IdP) and a Service Provider (SP).
The Identity Provider (IdP)
- Supported by the ITS Identity and Access Management team.
- Handles the entire user authentication process.
- Once a user is successfully authenticated, the IdP passes on ("asserts") any user information ("attributes") your application may need to determine if the user is authorized to access your application.
The Service Provider (SP)
- Supported by the application owner.
- Receives the asserted attributes from the IdP.
- Can determine whether the user is authorized to access the application or not.
- Passes the asserted attributes received from the IdP to your application either through environment variables or HTTP headers, allowing your application to perform user authorization tests.
The MyAccess Integration ToolKit outlines the steps you will need to take to configure your web-based application to work with our IdP.