Security is the responsibility of all members of the campus community. Because campus affiliates have access to information that is often personal and confidential, it is important to understand the tools available to protect that information.
Access to campus services may be protected using Authentication Services. Authentication is the process of comparing credentials provided (e.g., MultiPass username and password) with those on file for authorized individuals. At Duquesne, Single Sign-On through DORI is used as the Authentication Service.
Authentication Services can be discussed from two viewpoints: that of the end-user accessing a protected service or the service provider seeking to protect system data.
Single Sign-On for End Users
Web Login is a secure single sign-on service that verifies an individual's identity at Duquesne and allows access to restricted services. When you enter your MultiPass username and password into DORI, they are compared to those on file and access is granted if you are an authorized user of the service. View an example of Web Login.
Currently, Web Application Logins can have three different looks: DORI login, Office 365 Service login, and generic Web Application login.
|Office 365 Web Service||DORI||Generic Web Application|
Federated Identity Management
Federated identity management makes life easier for people who use Web-based resources across institutions. It gives them access to multiple Web sites that require login without requiring them to remember multiple IDs and passwords.
With federated identity management, institutions join together in a group---a federation---and agree to trust each other's identity credentials. For example, a bank allows you to use your ATM card at the ATM of another bank where you do not have an account.
Duquesne University, for example, is a member of the InCommon Federation. This means that InCommon members agree to trust Duquesne University to vouch for the identity of someone who has logged in using the University's Web authentication method.
Duquesne has agreed to trust other InCommon members when they vouch for the identity of people who have logged in using their authentication methods. These institutions share additional identity information, called "attributes," to allow them to make authorization decisions.
Federations use federated identity management software to allow them to vouch for their users' identities and to share information about whether those users meet the authorization requirements for a particular service (for example, a license that limits access to students).
The InCommon Federation uses Shibboleth federated identity management software from Internet2. According to Internet2:
"Shibboleth is a standards based, open source software package for Web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner."
Below is a list of Duquesne University web applications that support Shibboleth-supported SSO:
- ChromeRiver Prod
- ChromeRiver QA
- Example R&S SP
- Internet2 (InCommon)
- Kuali Ready
- United Way
- Wall St Journal
If you are enrolled in two-factor authentication with Duo, you will be required to perform a 2FA log in when signing into any Shibboleth-supported web application. For more information on Shibboleth, click here.