Shibboleth at U-M

Shibboleth is federated identity management software used to provide single sign-on. It allow members of the university community to log in to university-provided cloud services, such as U-M Google and U-M Box, using their uniqname and UMICH (Level-1) password.

With federated identity management, institutions join together in a group—a federation—and agree to trust each other's identity credentials for logging in to websites. U-M is a member of the InCommon Federation. For details about U-M's membership, see InCommon U-M Participant Operating Principles (POP).

People at U-M can use their uniqname and UMICH (Level-1) password to connect to Shibboleth-protected resources at other InCommon institutions. People at other InCommon-member institutions can use their institution's login credentials for logging into authorized U-M services that use Shiboleth. It's kind of like when banks allow you to use your ATM card at the ATM of a bank where you don't have an account.

Here's how it works:

  • The user goes to the website and clicks the link to log in.
  • When accessing services provided by other institutions, the user will be asked to select their home institution (U-M) from a list. When accessing cloud services contracted for by the university, the user may be connected immediately to the U-M Weblogin page.
  • The U-M Weblogin page is displayed, and the user logs in using their uniqname and UMICH password.
  • For services provided by other institutions, the user is shown the identity information that will be released to allow login and can confirm or deny the release.
  • If release is confirmed, the user is logged in.