Configure Authentication for Campus-Wide License Users

Configure authentication so users can access MathWorks^® products and services on your Campus-Wide License. MathWorks provides two user authentication methods: single sign-on (SSO) and email verification.

Option 1: Enable Access Using SSO (Recommended)

SSO allows users on a Campus-Wide License to access MathWorks products and services with their university credentials. The benefits of SSO include:

One password only, eliminating the need for users to keep track of multiple passwords
Streamlined user access by minimizing sign-in requests
Accelerated work processes with immediate access to apps and services
Enhanced security with a single point of authentication, limiting repeated password use
Centralized IT administration through central control of user accounts and role-based access provisioning

Universities can implement SSO directly (no federation membership required) or through affiliations with their InCommon or eduGAIN federation membership.

Users with non-university email addresses outside the domains associated with the Campus-Wide License cannot use SSO. They must enter their MathWorks Account email and password to sign in. See Option 2: Enable Access Using Email Verification.

SSO Requirements

SSO requires the use of an identity provider (IdP).

To use InCommon or eduGAIN SSO, your university must be an IdP participant of a federation affiliated with InCommon or eduGAIN.
To use direct SSO, your university must use an IdP with SAML 2.0 support.

Both SSO methods use SAML 2.0 to support the exchange of metadata between MathWorks as a service provider and your university's IdP.

SSO Configuration Process

SSO might have already been configured during your university's onboarding process. To check if SSO is enabled, try signing in to your MathWorks Account. If you are routed to your university sign-in screen, then SSO is already enabled. If SSO is not enabled, contact support to discuss the configuration process.

The configuration process is as follows:

(Direct SSO only) Exchange metadata files with MathWorks. This step is not required for InCommon or eduGAIN SSO because your university's metadata is already registered with the federation.
1. Integrate the metadata file sent to you by MathWorks into your IdP.
2. Send the metadata file for your IdP to MathWorks. If you are unable to provide the file, send the following information instead:
  - IdP entity ID
  - IdP public certificate
  - IdP binding method (HTTP-POST or HTTP-Redirect)
  - IdP login URL

Configure your IdP to pass required attributes to MathWorks. You can follow the eduPerson schema or a similar alternative. To avoid affecting user sign-in, do not restrict or filter any required attributes. This table shows the attributes to pass to MathWorks.

Attribute Description Sample Attribute Names

Unique ID

Attribute	Description	Sample Attribute Names
Unique ID	Unique identifier of the user MathWorks uses this attribute to validate the identities of users when they sign in.	`NameId` `eduPersonPrincipalName` (`ePPN`) `eduPersonTargetedId` (`ePTID`)
Affiliation	User affiliation This attribute determines which users can access products. Users with the affiliation `Faculty`, `Staff`, `Student`, `Employee`, or `Member` are granted access. Users with any other affiliation, such as `Alumni`, are denied access.	`Affiliation` `eduPersonScopedAffiliation`
Email Address	Email address of the user MathWorks uses this attribute to link any user with an existing MathWorks Account to the Campus-Wide License.	`mail` `email`
First Name	First name of the user In the form that new users fill out when creating a MathWorks Account, the First Name field is autopopulated with this attribute value. If you do not release this attribute, new users must manually fill out this field.	`firstName` `givenName`
Last Name	Last name of the user In the form that new users fill out when creating a MathWorks Account, the Last Name field is autopopulated with this attribute value. If you do not release this attribute, new users must manually fill out this field.	`lastName` `sn` `surname` `familyName`

Unique identifier of the user

MathWorks uses this attribute to validate the identities of users when they sign in.

NameId

eduPersonPrincipalName (ePPN)

eduPersonTargetedId (ePTID)

Affiliation

User affiliation

This attribute determines which users can access products.

Users with the affiliation Faculty, Staff, Student, Employee, or Member are granted access.
Users with any other affiliation, such as Alumni, are denied access.

Affiliation

eduPersonScopedAffiliation

Email Address

Email address of the user

MathWorks uses this attribute to link any user with an existing MathWorks Account to the Campus-Wide License.

mail

email

First Name

First name of the user

In the form that new users fill out when creating a MathWorks Account, the First Name field is autopopulated with this attribute value. If you do not release this attribute, new users must manually fill out this field.

firstName

givenName

Last Name

Last name of the user

In the form that new users fill out when creating a MathWorks Account, the Last Name field is autopopulated with this attribute value. If you do not release this attribute, new users must manually fill out this field.

lastName

sn

surname

familyName

Send MathWorks the email domains affiliated with your organization that are allowed to use the Campus-Wide License.
MathWorks automatically enables SSO for the following email domains:
- Email domains of all license administrators
- Subdomains of any allowed email domain
For example, suppose all license administrators on the Campus-Wide License are part of the email domain @university.com. Any user with the email domain @university.com or @student.university.com can use SSO and link to the license.
To make a request to add more email domains to the Campus-Wide License, contact support.
Run an SSO test with MathWorks to verify that SSO is set up correctly.

SSO for New Users

After SSO is configured, new users can access MathWorks products and services.

The user starts MATLAB^® or accesses another MathWorks product or service that requires sign-in. They are prompted to create a MathWorks Account with their university email.
MathWorks recognizes the email domain and redirects the user to your university's sign-in page. The user signs in with their university credentials.
The user completes their MathWorks Account by adding information that is required to enable SSO.
The user can now access the MathWorks product or service, including MATLAB and the Online Training Suite.

SSO workflow for a new user

Alternatively, users can go to their university portal for the Campus-Wide License and click Sign in to get started. Users are still prompted to sign in with their university credentials and create a MathWorks Account, but they do not need to enter their university email.

SSO for Existing Users

Users who already completed the above steps, or have an existing MathWorks Account linked to their university email, can sign in directly with their SSO credentials.

The user accesses a MathWorks product or service that requires them to sign in. The user signs in with their university email.
MathWorks recognizes the email domain and redirects the user to your university's sign-in page. The user signs in with their university credentials.
The user can now access the MathWorks product or service.

SSO workflow for an existing user

Option 2: Enable Access Using Email Verification

If your university does not support SSO, you can enable access by having the user create a MathWorks Account, which requires the user to verify their email address. If this email address matches a university domain allowed under your Campus-Wide License, the user is linked to the Campus-Wide License and can begin using MATLAB.

Periodically, users might be asked to verify their email address to confirm they are still eligible to use the license. Users can also opt in to Two-Step Verification for added account security.