Information Technology at JPL

Directory and Authentication Service

JPL IT - Directory and Authentication Service

JPL Directory and Authentication Service

The JPL Directory and Authentication service is a collection of resources that allow applications to authenticate and authorize users for access to their data.

Authentication is the process of determining whether someone is, in fact, who they declare to be. Authorization is the process of giving someone permission to do, or have access to something.

Service Offerings

  • JPL Directory (LDAP Directory) — Master directory for IT authentication and authorization. Contains identities for all JPL employees, contractors, applications, and sponsored external users. More >>
    There are multiple JPL Directory clusters serving:
    • Shared Services environment — most institutional applications
    • Enterprise Mission Support Area
    • Flight Projects Network
    • Messaging
    • MSL ATLO and Testbed
    • Out-of-state Disaster Recovery
  • JPL Directory Groups — Collections of identities used for authorization, email, and calendaring.
  • JPL Directory Projects Administration — Maintenance of data structures required for Linux and Solaris workstations to acquire their authentication and authorization from the JPL Directory Projects Space (NIS Replacement).
  • Password Synchronization (Password Maintenance) — User interface that allows a user to synchronize the three main JPL Passwords: JPL Password, JPL Domain password, and the NBS Password. Includes expiration notification service.
  • JPL Domain (Windows Active Directory) — Microsoft Windows Active Directory designed for authentication and authorization of Windows desktop systems. Also used by Windows Active Directory-aware applications such as Exchange, SharePoint, and JPL Chat. More >>
    There are three JPL Domain clusters serving:
    • Shared Services Environment
    • Messaging
    • Out-of-state Disaster Recovery
  • JPL Extranet Domain (Windows Active Directory for Extranet) — Microsoft Windows Active Directory that contains only lightly vetted, Extranet identities. There is a trust between the JPL Domain and this directory such that users in the JPL Domain may log into Extranet applications with their JPL Domain identity and password.
  • JPL Two-Factor Authentication (TFA) and RSA SecurID Tokens — Required to remotely access JPL's network. TFA also provides authentication to applications that require more secure authentication services then just a username and password.
  • JPL Kerberos (Heimdal Kerberos Service) — Provides an industry standard, highly secure, authentication mechanism capable of being used for single-sign-on. Repository for passwords used by the JPL Directory. More >>
    There are multiple Kerberos servers serving:
    • Shared Services Environment
    • Enterprise Mission Support Area
    • Flight Projects Network
    • MSL ATLO and Testbed
    • Out-of-state Disaster Recovery
  • JPL Directory White Pages (JPL User Lookup Services)

Costs

Help

https://directory.jpl.nasa.gov/