Single Sign On (SSO)
In an effort to decrease the number of passwords required to access computing applications across the University, DoIT has incrementally implemented its Web-based, NetID Single Sign On (SSO) service since 2008. Users can log in to campus applications such as Google Apps for Education and WolfMart without having to sign on multiple times or remember many passwords. The SSO service is only used for those applications accessed through a Web browser. Client-based applications, such as the mail client on a smart phone, do not use the Stony Brook SSO.
The technology behind Stony Brook’s SSO is called Shibboleth.
It’s an open source, standards-based SSO solution that implements the Security Assertion Markup Language (SAML), an open-standard data format for exchanging authentication and authorization data between parties.
Stony Brook's Single Sign On Services
As a member of the InCommon Federation – a group of organizations focused on creating a common framework for collaborative trust in support of research and education – Stony Brook may participate in Single Sign On (SSO) with other colleges and universities and their partners.
As the InCommon Federation is also part of eduGAIN, which is an international interfederation service, Stony Brook may participate in SSO with member institutions all over the world. This means there are thousands of possible services around the world that could be accessed today using our SSO services.
The SSO service is now protected by Duo 2-Factor Authentication.
- Alma
- Qualtrics
- Campus Labs
- Digication ePortfolios
- Echo 360
- EDUCAUSE
- Google Apps for Education
- ILLiad
- WolfMart
- Microsoft E-Academy
- National Institute of Health (NIH)
- Navigate
- OnBase
- Online Course Evaluations
- SB Engage (CORQ)
- SB Guardian
- SEARCH discovery system
- Taleo (TMS)
- University Libraries e-journals
- Voice Thread
- ZebraNet (Career Center)
- Zoom
Important SSO Information
When a person signs out of an application that they used SSO to sign into, it is best to close the Web browser. The reason this is important is because there are no guarantees in an SSO environment that you are properly logged out of your applications, so closing the Web browser when finished is the best way to be sure that you've actually logged out. If you do not close the Web browser, there is always a chance that you will still have an active session to one of the applications you had signed into.
If you are not sure what your NetID or NetID password is, log into the SOLAR System and select NetID Maintenance for more information. Please remember to change your NetID password on a regular basis to protect your access.
Frequently Asked Questions
This knowledge base article is in reference to the Single Sign-On upgrade on December 21, 2016.
Please note that while we will be rewriting URLs as appropriate, this may result in odd behavior for some CAS clients. Please be sure your web site’s CAS client is configured to use the new URLs as of 12/21/16.
Base URL
- https://sso.cc.stonybrook.edu/cas is now https://sso.cc.stonybrook.edu/idp/profile/cas
Logout URL (note that ‘cas’ is not in the URL)
- https://sso.cc.stonybrook.edu/cas/logout is now https://sso.cc.stonybrook.edu/idp/profile/Logout
Login URL
- https://sso.cc.stonybrook.edu/cas/login is now https://sso.cc.stonybrook.edu/idp/profile/cas/login
Service Validation URL
- https://sso.cc.stonybrook.edu/cas/serviceValidate is now https://sso.cc.stonybrook.edu/idp/profile/cas/serviceValidate