Single Sign-On

What is Single Sign-On?

• Single Sign-On (SSO) permits you to sign on a single time and access multiple supported resources without having to sign on separately for each resource.
• It also offers more secure authentication because you enter your credentials on a single on-campus SSO system rather than entering your credentials on a variety of different systems including many operated by external vendors.

How Single Sign-On works

• You cannot log directly in to Single Sign-On without going directly to a specific resource.
• When you try to access a resource protected by Single-Sign On, you will be presented with the sign on screen.
• When you enter your university credentials and click "Sign On", you will be sent directly to the resource you were trying to access.
• If you then try to access another resource protected by Single Sign-On within the same web browser session, you will bypass the sign-on page and be sent directly to the new resource without having to type in your university credentials.
• If you try to bookmark the Single Sign-On logon page or use your browser's back button to get back to the logon page you will be presented with an error message. Instead, bookmark the URL or link you used to navigate to the resource you'd like to bookmark, before it redirects to the sign-on page.
• Single Sign-On requires that you have cookies in your browser enabled.

Important SSO Single Logout Information

• SSO Single Logout is not currently widely supported, so there is no single logoff button.
• You will remain signed on until your browser session is ended or your sso.bloomu.edu session cookie is destroyed. This may happen when all web browser windows are closed (PC) or you quit your web browser program (Mac). See below for more detailed information.
• While some resources offer a logout button, this can only perform a best-effort single logout. Very often you are not logged out of other resources you've accessed within your browser session, but any access to additional resources will require re-authentication.
• It is especially important to remember to end your browser session if you are using a kiosk computer or share a single computer logon with other people.
• If you leave your web browser session open and unsecured after signing in to a resource, if someone tries to access any resource protected by Single Sign-On in that browser session, they will be signed on as you automatically without having to enter your university credentials - so always remember to lock your computer or end your browser session when you are finished to secure your account.
• If you have an option on your browser set to restore your previous session on startup, it is likely that closing your web browser will not effectively sign you off because session cookies may also be restored. Especially when accessing your computer using a shared account, you should set your browser to either open a specific home page or a blank page when it starts.
• If you want to effectively be logged off completely when you fully close your browser, your browser should NOT be configured for these options:
  • Google Chrome: Settings, "On startup", "Continue where you left off"
  • Mozilla Firefox: Options, General, "When Firefox starts", "Show your windows and tabs from last time"
  • Microsoft Edge: Settings, "Open Microsoft Edge with", "Previous pages"
  • Internet Explorer: Internet Options, General, "Startup", "Start with tabs from the last session"
  • Safari: Preferences, General, "Safari opens with:", "All windows from last session"
  • Any other browser: Take a look in the browser's settings for a similar option.
• If you want to double check you are logged out of a specific resource, try browsing to the resource in a new tab to see if it prompts for credentials or not. If you get in without credentials, look for a Logoff or Logout link within that resource to trigger a logout directly on that resource.

Single Sign-On Errors

• Most errors are caused by accessing the sign-on page without using the correct resource address. Be sure not to bookmark the sign-on page or use your browser's back button to get back to the sign-on page after you sign in. Instead find and use the correct link to the resource you want to access.
• Make sure cookies are enabled in your browser and that your system clock is set correctly. If the date, time, or timezone on your computer is set incorrectly, it could produce warnings or errors.
• Faculty/Staff that have trouble authenticating may have an expired password, which can be determined by logging in to a campus computer or to Outlook on the web.
• In rare cases, you may need to try one of the following to resolve or work around an issue:
  • Close all web browser windows to end your browser session and then restart your browser to start a new browser session. On a Mac, you need to quit the program completely to end your browser session. If your browser is set to restore the previous session upon startup, you will need to change that option in your browser options so you truly start a new browser session.
  • Clear your browser's cache/history, cookies, and/or active logons.
  • Try using an alternative browser, such as Firefox if you were using Internet Explorer (PC) or Apple Safari (Mac) or Google Chrome (PC/Mac).
  • Try starting the private/incognito mode of the browser to obtain a new session to check if it works in a new session.
• Once you try one of the above recommendations, you should go directly to your desired resource and try to log in again to see if your issue has been resolved or worked around.

Related Information

• Account and Password info: Faculty/Staff | Students.
• Please keep your password to yourself and beware phishing scams attempting to obtain your credentials. See the Account/Password Phishing Information page for examples of past phishing scams emailed to BU email accounts.
• If you ever click a link in an email message that takes you to the SSO login page, you should verify the address in your browser's address bar starts with "https://sso.bloomu.edu/" or "https://sso.commonwealthu.edu/" to ensure you are on the authentic SSO login page and not a phishing site collecting credentials that copied the look of the university web page. It is safest to get to the login page through usual methods such as typing an address shortcut directly in the address bar or by clicking a link on our website that you get to by typing bloomu.edu directly in the address bar.