Pre-Integration Checklist

The following checklist is a high level assessment for gauging the suitability of an application integration with LDAP:

  1. The application must be hosted on the trusted UBC network.
  2. The application URL must be on the "ubc.ca" domain.
    1. A Data Access Request and Approval are required: HERE or SNOW 
    2. Integration Process Steps can be found HERE
  3. The application must be hosted on trusted UBC owned and operated servers.
  4. Application servers must be secured, patched, and updated with industry best practices.
  5. Access to servers hosting the application and service accounts are restricted to trusted UBC personnel i.e. employees of UBC.
  6. Quarterly vulnerability assessment scans on the application servers to verify no high level vulnerabilities (CVSS score 7.0 to 10.0).
  7. Secure communications must be used in all cases with a minimum Security Strength Factor (SSF) of 128-bit encryption.
  8. SSL must be configured to verify the certificate chain using the correct root CAs when making connections i.e. SSL no verify must not be enabled.
  9. Certificates from a trusted certificate authority such as Thawte must be used in all production applications. No self-signed certificates are allowed.
  10. SSL encryption must be used throughout the communication chain i.e. from the front-end of the application through to the LDAP back-end.
  11. LDAP Service Account data must be held securely by the application.
  12. Integrating applications must utilize the best practices recommended for their environment to manage security and Web sessions.
  13. The application must not capture or store (including debug logging) CWL logins or CWL passwords in any form.
  14. Links to UBC Information Security and Responsible Use Policies must be provided on the application's login page.
  15. Links to CWL Account Administration must be provided on the application's login page.

Page last updated on April 4, 2025

UBC Information Technology

6356 Agricultural Rd
Vancouver, BC Canada
V6T 1Z2

Related Sites

Need Help?

UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Bluesky The logo for the Bluesky social media service. Bookmark A bookmark in a book. Browser A web browser window. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Time A clock. Chats Two speech clouds. E-commerce Cart A shopping cart. Facebook The logo for the Facebook social media service. Help A question mark in a circle. Home A house in silhouette. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Pencil A pencil indicating that this is editable. Telephone An antique telephone. Play A media play button. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Settings A single gear. Arrow indicating share action A directional arrow. Speech Bubble A speech bubble. Star An outline of a star. Twitter / X The logo for the X (aka, Twitter) social media service. User A silhouette of a person. Vimeo The logo for the Vimeo video sharing service. Youtube The logo for the YouTube video sharing service.