Carnegie Mellon University

Single Sign-On

Single Sign-On is an authentication process that allows a user to access multiple applications, accounts, and services with one set of login credentials (i.e., Andrew userID and password).

Web Login

Web Login is a secure single sign-on service that verifies an individual's identity at Carnegie Mellon and allows access to restricted web pages and services. When you enter your Andrew userID and password through Web Login, they are compared to those on file and access is granted if you are authorized to use the service. At Carnegie Mellon, Single Sign-On (SSO) through Web Login is the Authentication Service of record.

Two-Factor Authentication (2fa)

Two-factor Authentication (2fa) is an extra layer of security to protect identify and university data. 2fa uses supported devices (including smart phones and tablets) or hardware tokens to complete secondary authentication and enhance security beyond just a username and password. 

CMU uses DUO Security to support 2fa for services using Single Sign-On through Web Login (including Box, lynda.com, Workday, SIO/S3, Sparcs, GSuite, Canvas, Taleo). CMU also uses DUO Security for 2fa with some services that don't require Web Login (including VPN, Citrix, and Campus Cloud). Visit DUO's list of supported applications for additional integration options, and contact Identity Services for additional 2fa support.   

Faculty, staff and student employees are required to use 2fa. Students or sponsored account holders may optionally register for the service.

Note: 2fa is currently not available for General & Library VPN, computer labs, or mail client software (e.g., Apple Mail or Microsoft Outlook).