Authentication & Authorization Services

  • Active Directory (UMROOT)
    Active Directory (UMROOT) authentication is used when accessing a number of U-M services, including MWireless, MiWorkstation computers, and more.
  • Kerberos at U-M
    Kerberos is used for authentication (to validate that you are who you say you are) when logging in to many services and systems at U-M. Going forward, the university will move toward use of single sign-on authentication options such as Shibboleth rather than using Kerberos directly.
  • Shibboleth at U-M​
    Shibboleth allows people to log in to web resources at other institutions using the ID and password they use at their own institution. U-M​ offers Shibboleth service with two protocol options, Security Assertion Markup Language (SAML) and OpenID Connect (OIDC).
  • Social Login at U-M​
    Social login can be implemented to allow guest access. It can allow people who do not have or use a uniqname and UMICH password to log in to a service at U-M​ using a social account (such as Facebook, LinkedIn, or others). See Implementing Social Login for U-M​ Services.
  • Two-Factor Authentication (Duo)
    Users of U-M systems containing sensitive university data are required to use two-factor authentication for increased security. Individuals can turn on two-factor for Weblogin to protect their U-M account and information. U-M units can implement Duo for their systems and services.