Single Sign-On for End Users-Computing Services - Carnegie Mellon University

Single Sign-On for End Users

Button - Learn more and register for DUO 2faAuthentication is the process of comparing credentials provided (e.g., AndrewID and password) with those on file for authorized individuals. At Carnegie Mellon, Single Sign-On through Web Login is the Authentication Service of record.

Faculty, staff and student employees are required to use 2fa with an option for the general student population to opt-in to the service.

Web Login (Shibboleth)

Web Login is a secure single sign-on service that verifies an individual's identity at Carnegie Mellon and allows access to restricted services. When you enter your Andrew userID and password through Web Login, they are compared to those on file and access is granted if you are an authorized user of the service. View an example of Web Login.

For more information on adding Web Login (Shibboleth) protection to your service, visit the Single Sign On for Service Providers pages.

Two-Factor Authentication (Duo)

Two-factor Authentication (2fa) is an extra layer of security for your Andrew account. In order to authenticate, it requires something you know (i.e., your Andrew userID and password through Web Login) and something you have (i.e., a smart phone).


  • Use multiple devices with 2fa (e.g. smart phone, tablet)
    Note: You must use personally owned devices (e.g. a smart phone) that are supported and/or Help Center provided tokens.
  • Keep your information secure with an additional layer
  • No data usage charges are incurred on your mobile device

Most Common Example of 2fa

Automated Teller Machine

 credit card

 Pin Number
Insert ATM Card

 Money is Dispensed 

1. You insert your bank card
2. Then you provide your PIN.
3. You receive money.