Single Sign-On

What is single sign-on? new-idp-sso-prompt.jpg

Single sign-on (SSO) means that signing into one CruzID Gold application allows you to access certain other CruzID Gold applications without having to sign in again.

SSO can reduce the number of times you need to login during the day and provides access to other institutions' services and websites for collaboration and sharing.

Your SSO session will last for  12 hours, or until you quit your browser. You will not need to re-enter your CruzID and password for those applications that are participating in SSO.

Some applications will still require you to enter your CruzID and password. These applications often have higher risk data and protected information such as Payroll.


How do I log out of single sign-on?

Quit your web browser to end your single sign-on session. If you do not do this, the next person to use the computer will be logged in as you.

On Windows machines, select the ‘X’ on the upper right corner of the browser window to close it. All the windows for the browser you are using must be closed in order to end the session.

On OSX, select the browser menu and select Quit. A properly quit browser will not have a small dot by the browser icon in the applications dock. If you see a black dot, click and hold on the icon and select quit.


How do I use single sign-on on shared computers?

Shared computers include those in labs, public libraries, shared workstations in offices, or a computer borrowed from a friend.

Google Chrome, Mozilla Firefox and Internet Explorer all have private browsing modes. Always make sure to use a private browsing mode when using a shared computer. To activate a private browsing window use the following keyboard shortcuts.

Private Browsing Mode
Chrome
(Incognito)
Firefox
(Private Browsing)
Internet Explorer
(Inprivate)
OSX (Mac)
Command+Shift+N
Command+Shift+P
Command+Shift+P
Windows
Ctrl+Shift+N
Ctrl+Shift+P
Ctrl+Shift+P

Never check the "Remember me for 14 days" checkbox on a shared device.

Make sure you quit your browser. This way when you leave the workstation, you won’t stay signed in. If you do not do this, the next person to use the computer could go to a website and be logged in as you.

On Windows machines, select the ‘X’ on the upper right corner of the browser window to close it. All the windows for the browser you are using must be closed in order to end the session.

On OSX, select the browser menu and select Quit. A properly quit browser will not have a small dot by the browser icon in the applications dock. If you see a black dot, click and hold on the icon and select quit.

Taking these precautions will keep your account safe in shared locations. For added peace of mind, it’s also a good idea to shut down the computer when you leave.

See Procedures for Using Single-Sign On on Shared Machines for more information.


Why is my single sign-on session not working?

There are several reasons that you may be prompted to login again, including:

  1. The system that you are logging into requires you to enter your CruzID and password every time. Some systems such as CruzPay will always require you to login.
  2. You quit your browser and the cookies needed for SSO were removed.
  3. You moved your computer to another location which caused a new IP address to be assigned. This is common if you are using wireless (eduroam)
  4. Your computer is configured to not accept or save cookies.
  5. You have exceeded the 12 hour SSO session time limit.

Consent Feature

The consent feature is available for over 2,000 websites related to Higher Education and Research institutions that are also single sign-on participants.

When accessing these websites, a request to provide information will display. You will be asked to approve the release of certain attributes (information) about yourself in order to use the website. These attributes typically include first name, last name, email address and sometimes includes an agreement or terms of usage. wepa-sso.png

Attribute Release Consent Duration

Users may choose from three options when deciding the duration of their consent to attribute release.

"Ask me again at next login" Users will be prompted to consent to attribute release every time they login to the website.

"Ask me again if information changes" The default. Users will be prompted to consent to attribute release if attributes have changed since consent was previously given.

"Do not ask me again" Users will not be prompted to consent to attribute release again. All attributes will be released to any website that also uses Shibboleth.