SSO Terms Of Service
Users will be able to initiate Single Sign On (SSO) from ANY CAS protected application throughout the University. This means that once a person logs into an application via CAS, that person can enter new applications without the need to provide his/her credentials again.
As a good security practice, applications are recommended to provide an application log-out and have an inactive session time-out. Upon a user session end with an application, the application should provide a security notice to the user: “For security purposes, please close your web browser when you are done accessing services that require authentication”. This security notice will also be added to the CAS log-in page.
Note: Rutgers computing environments should follow the security standards regarding insuring University computers have a password protected screen saver while unattended, https://it.rutgers.edu/information-security/knowledgebase/minimum-security-standards-for-data-protection/. Please review these recommendations with your departments.
If an application owner believes their CAS protected application should not participate in Single Sign-on, justification for an exception can be submitted for security review and an executive management decision at this web page, using Request SSO opt-out approval request category-type: Request Access.