Shibboleth is federated identity management software used to provide single sign-on. It allows members of the university community to log in to university-provided cloud services, such as U-M Google and U-M Dropbox, using their uniqname and UMICH (Level-1) password.
With federated identity management, institutions join together in a group—a federation—and agree to trust each other's identity credentials for logging in to websites. U-M is a member of the InCommon Federation. For details about U-M's membership, see InCommon U-M Participant Operating Principles (POP).
People at U-M can use their uniqname and UMICH (Level-1) password to connect to Shibboleth-protected resources at other InCommon institutions. People at other InCommon-member institutions can use their institution's login credentials for logging into authorized U-M services that use Shibboleth. It's kind of like when banks allow you to use your ATM card at the ATM of a bank where you don't have an account.
Here's how it works:
- The user goes to the website and clicks the link to log in.
- When accessing services provided by other institutions, the user will be asked to select their home institution (U-M) from a list. When accessing cloud services contracted for by the university, the user may be connected immediately to the U-M Weblogin page.
- The U-M Weblogin page is displayed, and the user logs in using their uniqname and UMICH password.
- For services provided by other institutions, the user is shown the identity information that will be released to allow login and can confirm or deny the release.
- If release is confirmed, the user is logged in.