Single Sign-On

What is Single Sign-On?sso image

Single Sign-On (SSO) means that signing into one CruzID Gold application allows you to access certain other CruzID Gold applications without having to sign in again.

SSO can reduce the number of times you need to login during the day and provides access to other institutions services and websites for collaboration and sharing.

By default, SSO is disabled and the check box is 'checked'. If you leave this box checked, you will need to enter your CruzID and Gold password every time you access an application that uses Shibboleth (Gold) authentication.

To enable SSO, uncheck the single sign-on box. When you uncheck the single sign-on box, your CruzID and Gold password will securely be remembered by your browser (Firefox, Chrome, Safari or Internet Explorer) for 10 hours, or until you quit your browser. You will not need to re-enter your CruzId and Password for those applications that are participating in SSO. See list here.

Some applications will still require you to enter your CruzID and Password even though you unchecked the single sign-on box to enable SSO. These applications often have higher risk data and confidential information such as Payroll.


Why is my Single Sign On session not working?

Here are several reasons that you will be prompted to login even though you had unchecked the box to enable SSO. This includes:

  1. The system that you are logging into requires you to re-enter your CruzID and Gold Password. Some systems such as CruzPay will always require you to login.
  2. You closed your browser and the cookies needed for SSO were removed.
  3. You moved your computer to another location which caused a new IP address to be assigned. This is common if you are using wireless (eduroam)
  4. Your computer is configured to not accept or save cookies.
  5. You have exceeded the 10 hour SSO session time limit.

Consent Feature

The consent feature is available for over 2,000 websites related to Higher Education and Research institutions that are also Single Sign-On participants.

When accessing these websites, a request to provide information will display. You will be asked to approve the release of certain attributes (information) about yourself in order to use the website. These attributes typically include first name, last name, email address and sometimes includes an agreement or terms of usage.consent image

Attribute Release Consent Duration

You may choose from three options when deciding the duration of their consent to attribute release.

"Ask me again at next login" Users will be prompted to consent to attribute release every time they login to the website.

"Ask me again if information changes" The default. Users will be prompted to consent to attribute release if attributes have changed since consent was previously given.

"Do not ask me again" Users will not be prompted to consent to attribute release again. All attributes will be released to any website that also uses Shibboleth.