Carnegie Mellon University

Single Sign-On

Authentication is the process of comparing provided credentials provided (i.e., Andrew userID and password) with those on file for authorized individuals. At Carnegie Mellon, Single Sign-On (SSO) through Web Login is the Authentication Service of record. Faculty, staff and student employees are required to use an added layer of security through the Two-factor Authentication (2fa) service.  This added protection is optional for the general student population and sponsored account holders.

Web Login

Web Login is a secure single sign-on service that verifies an individual's identity at Carnegie Mellon and allows access to restricted services. When you enter your Andrew userID and password through Web Login, they are compared to those on file and access is granted if you are authorized to use the service.

Two-Factor Authentication (2fa)

Two-factor Authentication (2fa) is an extra layer of security for services using Single Sign-On through Web Login. In order to authenticate, it requires something you know (i.e., your Andrew userID and password) and something you have (e.g. a smart phone or token). Some examples include: Box,, Workday, SIO/S3, Sparcs, GSuite, Taleo.

Faculty, staff and student employees are required to use 2fa. Students or sponsored account holders may optionally register for the service.

Note: 2fa is not available for VPN (General / Libraries), computer labs, and email clients (e.g. Outlook) at this time.