Single sign-on and federated authentication


Wondering why you're being prompted to log in again? Some IU applications, most notably Canvas, have moved to the latest version of IU Login, which exists on an entirely new authentication infrastructure. While it looks almost identical to the existing IU Login, login sessions between the two infrastructures are not shared. This means you may be prompted to log in once for each infrastructure, depending on the application you are visiting. You can expect this experience until all applications have migrated to the latest version.

One change you may notice with the latest IU Login version is the appearance of two tabs to the right of the IU Login branding. These University and Guest tabs allow account holders of different types to log in with a variety of authentication methods. Unless you are using a Guest account to log in, you'll continue to use the University tab with your IU username and passphrase.

Single sign-on (SSO, also often referred to as reduced sign-on) is the name for a group of technologies that allows you to access a variety of web applications without entering your username and password each time. Federated authentication allows members of one organization to use their authentication credentials to access a web application in another institution. The two are often combined to "stack" the benefits of both technologies.

Indiana University uses both CAS and SAML protocols for SSO authentication; see Integrate IU Login with a web application.

For more, see Wikipedia's Single sign-on.

This is document bbrl in the Knowledge Base.
Last modified on 2020-10-13 13:28:31.