OSU Login Services ensures a simple and seamless login experience for accessing various applications and services. Relying on modern authentication methods, it enables users to sign in once and securely access multiple resources without repeated prompts. OSU Login Services is powered by:
- Shibboleth, the backbone for single sign-on (SSO), streamlines access to web-based applications and enables collaboration with research and government platforms through InCommon federation.
- Cooperative Authentication, a branded feature, connects Shibboleth with Microsoft's Entra authentication services to minimize login prompts, facilitating secure access to Microsoft 365 applications and Shared Directory and Endpoint Services (SDES) managed devices.
- Microsoft Entra ID, enhancing security and convenience, enables device-level authentication and supports applications integrated with Microsoft 365.
By working together, these systems provide secure, efficient, and user-friendly access to resources, enabling the university community to focus on education, advancing research, and innovation without technical interruptions.
Announcements and Open Discussions
The webauth-users mailing list is open to any OSU subscriber and is used for general help, discussion, and for important announcements regarding the operation of the service.
All deployers are expected to subscribe to this list. Communications are generally infrequent.
Help
General Assistance
If you have trouble accessing or using SSO, please contact the support for the application you are having trouble with. Otherwise, contact the IT Service Desk 24/7 at 614-688-4357 (HELP), Self Service, or servicedesk@osu.edu
Application Owners and Vendors
The webauth-admin@lists.osu.edu address is the official contact point for the service and is not a list you join, it's just an address that can be use for internal communication.
Frequently Asked Questions
Do our applications have to be changed or "re-integrated" against Entra ID to do this?
No. Applications that are integrated with our SSO service can remain entirely as is and no new technical work is required by customers (or in fact by us for the most part). This is only a change to how users interact with our SSO services to login.
Is this replacing Shibboleth or the existing SSO service?
No, this is a "behind the scenes" exercise that changes how users login to some applications but does not otherwise change how any of our services work or are used by customers like yourselves.
What is Cooperative Authentication?
It's a technical process whereby applications integrated with the "enterprise" Web Single Sign-On service (i.e., Shibboleth) can rely on Microsoft's Entra ID platform for user authentication.
What is the value proposition?
We have many widely used applications such as email and calendaring, Teams, and other related Microsoft-hosted applications that rely on Entra ID for authentication today, and users interact with them heavily (some more than others of course).
In addition, the SDES project includes a trusted managed device feature that greatly streamlines authentication for users on connected devices.
Thus, leveraging Entra ID for authentication to applications using the existing enterprise SSO service provides benefits in many cases that will reduce additional login prompts for many users.
The specific benefits to users will vary by user population and their interaction "patterns" with our services, and the purpose of these meetings is to determine which applications will most benefit from such a change.