Single Sign-On for End Users
Authentication is the process of comparing credentials provided (e.g., AndrewID and password) with those on file for authorized individuals. At Carnegie Mellon, Single Sign-On through Web Login is the Authentication Service of record.
Effective April 20th, faculty, staff and student employees are required to use 2fa with an option for the general student population to opt-in to the service.
Web Login (Shibboleth)
Web Login is a secure single sign-on service that verifies an individual's identity at Carnegie Mellon and allows access to restricted services. When you enter your Andrew userID and password through Web Login, they are compared to those on file and access is granted if you are an authorized user of the service. View an example of Web Login.
For more information on adding Web Login (Shibboleth) protection to your service, visit the Single Sign On for Service Providers pages.
Two-Factor Authentication (Duo)
Two-factor Authentication (2fa) is an extra layer of security for your Andrew account. In order to authenticate, it requires something you know (i.e., your Andrew userID and password through Web Login) and something you have (i.e., a smart phone). To provide this added security, individuals may opt-in to Two-Factor Authentication with Duo.
- Use multiple devices with 2fa (e.g. smart phone, tablet)
Note: You must use personally owned devices (e.g. a smart phone) that are supported and/or Help Center provided tokens.
- Keep your information secure with an additional layer
- No data usage charges are incurred on your mobile device
Most Common Example of 2faAutomated Teller Machine
|1. You insert your bank card
(SOMETHING YOU HAVE)
|2. Then you provide your PIN.
(SOMETHING YOU KNOW)
|3. You receive money.