Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security
What is Single Sign-On (SSO)?
This article explains the use of single sign-on at the University of Chicago.
Once you log into an application that uses single sign-on (SSO), such as the campus portal, you will be able to conveniently access certain university resources on campus or wherever you may be located via the web without needing to log in each time for other web-based applications you would like to access; hence the term "single sign-on." These resources include:
- Library resources, including internal and external resource databases and the campus proxy server
- my.uchicago.edu, the campus portal
- Online Directory
- Knowledge Base
A non-comprehensive list of applications that use Single sign-on may be found in the article 2Factor Authentication (2FA) - Top UChicago University Sites Using Shibboleth.
How does it work with sites or applications?
Single sign-on uses Shibboleth technology, which allows you to securely access sites across applications and organizations by using your university credentials. Shibboleth is a two-step process involving authentication, done through a university login using your university credentials, and authorization, where the application, such as myUChicago or the Online Directory, determines whether or not to grant you access based on the credentials you provide. Your access persists until you exit your session by closing your browser, or until the session times out, typically after eight hours. To begin a new session, you will need to log in again.
- Not all university applications use Shibboleth
- Of the applications that do use Shibboleth, your access to some Shibbolized sites does not imply that you can access all Shibbolized sites. Your access to an application or site will still depend upon your role in the university as faculty, staff, or as a student.
How do I use it?
You use your CNetID/UCHAD ID and password to log in once when directed to a Shibbolized site's login page. After logging in to one application that uses Shibboleth (like myUChicago), you'll be able to access other Shibbolized applications for which you have permission. The only action required on your part is to sign in as usual to the applications you normally use.
If you are accessing sensitive information or personal data, be sure to quit your browser to log out of your Shibboleth session when you are finished to make sure your information remains private. If you are the administrator of a resource interested in implementing Shibboleth, the article Authentication Service Overview may be useful.
How can I tell if a university site or application is Shibbolized, that is, uses Shibboleth?
You can tell whether or not a site uses Shibboleth on sight by the little white hippogriff icon in the bottom right corner of the login screen, or by the inclusion of the word “shibboleth” in the URL.