Shibboleth is an implementation of the Security Assertion Markup Language (SAML) authentication protocol. Shibboleth is commonly used in web applications -- such as Moodle, Lynda.com, and Library resources -- where a user's status at the University determines their level of access to these resources. The University operates a Shibboleth identity provider allowing faculty, staff, students, and other account holders to log in. Websites that run a SAML service provider can use Shibboleth to authenticate users.


  • Leverages users’ existing University credentials so that you don’t have to manage your users’ accounts and passwords
  • Your site never sees the users’ passwords; users enter passwords on the standard University login page only, so you don’t have to worry about handling passwords securely within your website or application
  • Works with both on-premise and hosted/cloud applications
  • Your application can get additional information back about users who logged in -- such as name, role, courses, job information, etc. -- that may be useful for access control (may require additional data access approval)
  • Your website or application could also leverage other universities’ accounts to log in for a more broadly-facing audience using the InCommon Federation