Good Practices

A strong password or passphrase uses a combination of length and character types. Learn what to do and not to do to keep it safe. For extra protection, use two-factor authentication where available.
When using computers in the labs around campus, be sure that you protect your account by understanding how to fully log out of all applications.
Your internet ID and password are very powerful, granting access to everything from course assignments to financial aid.
Challenge We need an email address for our group and a Google Drive account to store our group’s documents.

Planned Changes

Stay secure and connected!
For Instructors
Try the troubleshooting tips below if Duo isn't working for you. If you need additional assistance contact Technology Help 24/7.
Congratulations on your new phone! Learn how to reactivate, add, or remove phones with Duo.
Even if you have no access to WiFi or cellular service, you can still use Duo Security.
Duo’s "Remember Me" feature saves you time while keeping your information safe. It is like the "remember my computer" or "keep me logged in" options you may have seen on other websites.
You can use Duo authentication when traveling internationally, unless you are traveling to a U.S. embargoed country.


To accommodate browser vendors' plans to phase out support for SHA-1 signed certificates, InCommon has now made available certificates signed using the SHA-2 hash family.
Departments may also sponsor an internet account for a University-affiliated individual, as long as that individual provides a service or function that directly impacts students, faculty, or staff.
A single SAML entityID can be used for many different servers, both physical and virtual.
Reitired: redirected to Compare Authentication Options page
An Entity ID is something that you choose as a SP. This page should help you choose a good entityId for your shibboleth configuration.
Once you have the Apache Shibboleth Module installed and configured, you can add Apache Auth directives to any appropriate content-control block ( <Directory>,<File>, <Location>) in your virtual host
Overview In this file you are telling Shibboleth a few key pieces of information so it knows how to authenticate your users. Those items are
If you've gotten this far, you have probably already chosen an Entity ID. If you have not, please see the Choosing your Shibboleth Entity ID topic.
Users agree to comply with the laws or regulations of the United States Department of Commerce, the United States Department of Treasury Foreign Assets Control, or any other applicable United States foreign agency or
This resource shows a world-wide map of locations where you can access eduroam.
This link goes to eduroam's official list of participating institutions. 
This four-minute video shows how to enroll a variety of devices, such as cell phones, for use with Duo two-factor authentication.
For an overview of the sequence of events during Shib authentication see: Understanding Shibboleth: How It A
For web-based single sign on, you should use Shibboleth authentication instead.
The InCommon certificate service allows for delegated administration, so designated people can submit and approve certificates for their department without intervention from OIT.
If you are logged into an application that uses the University's central Sign In page for authentication (pictured below) and you wish to use an additional application in the same browser, you will not be requir
Through the InCommon Federation, University of Minnesota researchers can access national research and scholarship applications and web services, such as virtual organizations and
Generate a Certificate Signing Request
Sometimes you may want to retrieve additional attributes about the user after the user authenticates.
Common Error Messages
Picking an entity ID If you have not done so, please read Choosing your Shibboleth Entity ID
Official installation instructions are on the official Shib wiki.
Download For now, please see the official Shib Wiki docs on Windows installation.
These are some of the important concepts and terminology used when talking about SAML or Shibboleth.
Understanding Logout
(See also InCommon's Cert FAQ, which includes browser/device support lists.)
SSL certificate code to proceed to the enrollment form on the InCommon certificate enrollment site:
Web/System administrators who request SSL certificates can go here when having problems connecting to a certificate request page.
Meeting slides from the Email Technical Coordinators meetings, 2004-2008 are archived below. 
This one-minute video demonstrates how to use a push method on your mobile device to authenticate with Duo two-factor authentication.
Google APIs use the OAuth 2.0 protocol for authentication and authorization. Google supports common OAuth 2.0 scenarios such as those for web server, installed, and client-side applications.
The University uses a two-factor authentication system for users who need access to its enterprise-level applications, to ensure another level of security when working with sensitive data.

Self-Help Guides

Duo Security is the University's way of adding another layer of security to the information you access online.
Learn about Shibboleth, an open-source single sign-on infrastructure, and how to install and configure it.
Learn how Secure Sockets Layer (SSL) Certificates identify and encrypt digital communication. You can request SSL Certificates to protect data entered into your applications.