SB12. Servers or applications, whether managed directly by Harvard or via contract with a third-party service provider for Harvard's use (e.g. IaaS, SaaS), must use a centrally-managed authentication system that requires more than one factor for authentication. , e.g. HarvardKey or Harvard VPN, or comparable non-Harvard multi-factor authentication system (supported/approved by Harvard).

Publicly facing website content is not in scope.

See also: Level 3, Level 4, 6, 8, SB12, Servers B, Vendors, Level 3, Level 4, Level 3, Level 4

How To Comply

Manage Access

Refer to the university Harvard Sponsored Role Portal...

Coordinate Harvard authentication with Identity & Access Management (IAM)

Consult the IAM website for authentication protocol options and guides. For additional assistance, please email iam_help@harvard.edu or submit a ServiceNow ticket under the subcategory of Authentication Services: Consulting.

Information Security Policy

Harvard University

Central Authentication Services

How To Comply

Manage Access

Coordinate Harvard authentication with Identity & Access Management (IAM)

a5521c6de467d1f1f57b952884f5e43e