Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security
What is Web Single Sign-On (SSO)?
This article explains the use of Web Single Sign-On at the University of Chicago.
Once you log into an application (like the campus portal) that uses Single Sign-On (SSO), you will be able to conveniently access certain University resources on campus or wherever you may be located via the web without needing to log in each time for other web-based applications you would like to access - hence the term "Single Sign-On." These resources include:
- Library resources, including internal and external resource databases and the campus proxy server
- The campus portal, my.uchicago.edu
- The online Directory
- The Knowledge Base, answers.uchicago.edu
- Workday, workday.uchicago.edu
A non-comprehensive list of applications that use Single Sign-On may be found here.
How does it work with sites or applications?
Single Sign-On uses Shibboleth technology, which allows you to securely access sites across applications and organizations by using your University credentials. Shibboleth is a two-step process involving authentication, which is done through a University login using your University credentials, and then authorization, where the application (such as myUChicago or the online Directory) determines whether or not to grant you access based on the credentials provided. This access continues until you exit your session (browser) or until the session expires, typically 8 hours, at which point you will be asked to authenticate (log in) again if you would like to continue accessing various University resources. Note that firstly, not all University applications use Shibboleth ("Single Sign-On"), and secondly, of the applications that do use Shibboleth, your access to some Shibbolized sites (i.e., sites that use Shibboleth) does not mean that you can access all Shibbolized sites. Your access to an application or site will still depend upon your role in the University as faculty, staff, or as a student.
How do I use it?
You use your CNetID/UCHAD ID and password to login once when directed to a Shibbolized site's login page. After logging in to one application that uses Single Sign-On (like myUChicago), you'll be able to access the other applications that use Single Sign-On: the only action required on your part is to sign in as per usual to applications you use.
If you are accessing sensitive information or personal data, be sure to quit your browser to log out of your Single Sign-On session when you are done to ensure that your information remains private. If you are the administrator of a resource interested in implementing Web Single Sign-On, this Authentication Service Overview may be useful.
How can I tell if a University site or application is Shibbolized, that is, uses Shibboleth?
Whether a site uses Shibboleth may be determined on sight by the little white hippogriff icon in the bottom right-hand corner of the login screen or by the inclusion of the words “shibboleth” in the URL.