What is the University Central Directory
The University uses Microsoft’s Entra ID (formerly Azure Active Directory) as its directory service for users, groups and other objects. It is part of the Office 365 cloud suite.
The University’s Microsoft Entra ID instance holds user details of many people from both inside the Collegiate University and also from outside. It is the recommended solution for authentication at Cambridge supporting both OpenID Connect and SAML2.
Users in our Entra ID system are forced to authenticate using multi-factor authentication (MFA).
Blue active directory (AD)
Blue Active Directory (AD) is an on-premise directory linked to the Entra ID directory. Once a user has authenticated to Entra ID, they are automatically authenticated to Blue AD.
Blue AD contains the subset of Entra ID users who have a UPN ending with "@cam.ac.uk"
IT staff are encouraged to use Entra ID in preference to Blue AD where ever possible.
Understanding users and groups in Microsoft Entra (formerly Azure Active Directory)
Users are created automatically based on data feeds from other systems in Microsoft Entra. You can manage groups locally but UIS also provides some groups centrally that they may find useful.
Find out how users and groups are created in Microsoft Entra
Toolkit
Toolkit gives local authorised users the ability to manage selected objects in Blue Active Directory, Microsoft Entra ID and Office 365 for their institution. You can use it to manage users, groups, mailboxes, and more.
Authenticate users to the University Central Directory service using OpenID Connect
How to authenticate users by implementing Open ID Connect (OIDC) using the University of Cambridge’s Microsoft Entra ID. Entra ID authentication replaces ucam-webauth, which has been deprecated.
Find out using OpenID Connect to authenticate users
Authenticate users to the University Central Directory service using SAML2
We do not currently offer a self-service option for setting up SAML2 application registrations. To request a SAML2 registration, please complete the Configure SSO for an application service request.