Skip to content
  • Create
  • Support
    • Getting Started
    • FAQ
    • Knowledge Guide
    • Help
    • Training
  • Updates
  • Login

Identity Single Sign-On (SSO)

August 27, 2018

Single Sign On (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session.  NYU […]

Single Sign On (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session. 

NYU IT provides two methods of Single Sign-On (SSO): 

  • Shibboleth (SAML2)
  • OpenID Connect (OAuth2) — Recommended! 
Requirements Shib (SAML2) OpenID Connect (OAuth2)
Main Purpose SSO for Enterprise SSO for Enterprise & Consumers
Usage Web Applications, Website, Blogs, etc. Websites, Web and Mobile Applications, APIs and IoT
Limitations Not suitable for mobile, native applications, and API None
Integration Difficulty High Low
Personal information release Consent is NOT enforced Consent is enforced (better  compliance support)
Social identities support No Yes
Federation support Enterprise Federated Identity Management Enterprise Federated Identity Management is still limited
Multi-Factor Authentication Yes Yes
Passwordless Authentication Coming soon Coming soon

Legacy authentication(s) – not recommended 

  • Lightweight Directory Access Protocol secure (LDAPs) – open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory. There is no MFA provided, no consent, no terms of service that can be provided for web applications using LDAP. 
  • Active Directory (AD) – Microsoft standard directory service providing authentication, directory, and group management. There is no MFA provided, no consent, no terms of service that can be provided for web applications using AD. 

Forthcoming authentication(s):

  • Identity Federation – ability for users to authenticate with their own credentials to NYU resources using SSO.
    • Users using University & Institutions credentials via InCommon Federation for participating institutions configured in NYU Identity Systems. NYU and NYU Langone Health  are both members of InCommon. 
    • Users using Social Identities – also know as Federated Identity, allows users to authentication with social providers as Google, LinkedIn, WeChat, etc. 
  • WebAuthN – Web based API authentication standard provided by W3C that is being monitored closely by NYU IT. It is our understanding that applications using SSO will be able to take advantage of WebAuthN, however this has not been yet architected and suggestions are welcome. 
  • Create
  • Updates
  • Support
  • Terms
  • Login

Subscribe by Email

Completely spam free, opt out any time.

Please, insert a valid email.

Thank you, your email will be added to the mailing list once you click on the link in the confirmation email.

Spam protection has stopped this request. Please contact site owner for help.

This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.