As part of Penn’s Identity & Access Management (IAM) Program, Front Door Authorization for PennKey-protected applications was implemented in fall 2024 after a successful pilot.
What Is "Front Door Authorization"?
WebLogin generally provides user authentication but defers authorization to the protected PennKey application. “Front door” authorization is an expansion of WebLogin functionality that authorizes users when they log in and before redirecting to an application, which provides an added layer of security. Application owners will use a management UI to apply authorization policies to their PennKey-protected applications, selecting from a menu of pre-defined populations to restrict access for their applications.
Who Can Benefit from This Service?
Owners of PennKey WebLogin-protected applications should use front door authorization for their services.
Benefits
Benefits include:
- Provides an extra security control on top of service-specific authorization
- Provides defense in depth by authorizing users when they log in and before redirecting to an application; invalid users are stopped immediately
- Allows delegated admin to easily enable/disable/configure the front door
- Provides descriptive and customizable error pages that help users diagnose the problem
- Prevents users who leave Penn from accessing protected services
Info & Contact
- To request Front Door Authorization, submit a request via the Support Center.
- For detailed information, see the Front Door Authorization documentation website.
- Front Door Authorization is provided by ISC’s Access Management Services.