Authentication & Authorization Services

  • Active Directory (UMROOT)—U-M Windows Forest
    Active Directory (UMROOT) authentication is used when accessing a number of U-M services, including MWireless, MiWorkstation computers, and more.
  • Cosign at U-M
    Cosign is the secure, single sign-on authentication system used to provide access to protected web resources at U-M. See Using Web-Authenticated Resources (Weblogin Using Cosign) at U-M.
  • Kerberos at U-M
    Kerberos is used for authentication (to validate that you are who you say you are) when logging in to many services and systems at U-M. Going forward, the university will move toward use of single sign-on authentication options such as Shibboleth rather than using Kerberos directly.
  • Shibboleth at U-M
    Shibboleth allows people to log in to web resources at other institutions using the ID and password they use at their own institution.
  • Social Login at U-M
    Social login can be implemented to allow guest access. It can allow people who do not have or use a uniqname and UMICH password to log in to a service at U-M using a social account (such as Facebook, LinkedIn, or others). See Implementing Social Login for U-M Services.
  • Two-Factor Authentication (Duo)
    Users of certain systems containing sensitive university data are required to use two-factor authentication for increased security. Individuals can turn on two factor for Weblogin to protect their U-M account and information.