Single sign-on (SSO) at Waterloo
What is it?
Single sign-on (SSO) provides a secure method of accessing multiple web-based systems and applications without being required to log into each one.
How it works
Log into one supported University of Waterloo web-based system, and access other supported applications without having to enter your credentials again.
End a session
Simply close your browser (all browser windows) to end your single sign-on session.
If you do not close the browser, your SSO session may still be active and may provide other users unapproved access to applications, even if they weren't the applications you were previously using. This is especially important if working on a public machine.
Benefits of single sign-on
Spend your time doing the things you need to, not logging into applications.
Reduce the number of times you're prompted for and entering your credentials.
An enhanced user experience
Log in once and move seamlessly between applications.
Initiating a single sign-on session
Logging into a supported application
All University of Waterloo employees and students will enter their firstname.lastname@example.org address and WatIAM password when logging into a SSO supported application.
If you have opted in for two-factor authentication (2FA) or are required to use it as part of your role, you will receive a DUO 2FA authentication prompt when accessing supported systems, even though single sign-on is enabled.
Things to remember
SSO is browser specific
If you open and begin working in a different browser, you will be prompted to begin a new SSO session.
Updated login pages
Login pages for single sign-on will look different than the login pages you may be used to seeing.
SSO session lengths
The length of a SSO session will depend on the specific application, and may range from one to 24 hours.
Applications supporting single sign-on
- Microsoft Office 365 (staff)
- EZproxy (Library e-resource access)
We'll update this list as new applications support SSO.
Want your application to support single sign-on?
It must be using the Active Directory Federation Service (ADFS) first.
Get help moving to ADFS
Complete the ADFS request form.
Already using ADFS?
You're all set! Your application supports single sign-on.