Security is the responsibility of all members of the campus community. Because campus affiliates have access to information that is often personal and confidential, it is important to understand the tools available to protect that information.
Access to campus services may be protected using authentication services. Authentication is the process of comparing credentials provided (e.g., MultiPass username and password) with those on file for authorized individuals. At Duquesne, single sign-on (SSO) through DORI is used as the authentication service.
Authentication services can be discussed from two viewpoints: that of the end-user accessing a protected service or the service provider seeking to protect system data.
SSO for End Users
Web Login is a secure single sign-on service that verifies an individual's identity at Duquesne and allows access to restricted services. When you enter your MultiPass username and password into DORI, they are compared to those on file and access is granted if you are an authorized user of the service.
Currently, web application login pages can have two different looks: DORI login page and generic web application login page.
|DORI||Generic Web Application|
Federated Identity Management
Federated identity management makes life easier for people who use Web-based resources across institutions. It gives them access to multiple Web sites that require login without requiring them to remember multiple IDs and passwords.
With federated identity management, institutions join together in a group---a federation---and agree to trust each other's identity credentials. For example, a bank allows you to use your ATM card at the ATM of another bank where you do not have an account.
Duquesne University, for example, is a member of the InCommon Federation. This means that InCommon members agree to trust Duquesne University to vouch for the identity of someone who has logged in using the University's Web authentication method.
Duquesne has agreed to trust other InCommon members when they vouch for the identity of people who have logged in using their authentication methods. These institutions share additional identity information, called "attributes," to allow them to make authorization decisions.
Federations use federated identity management software to allow them to vouch for their users' identities and to share information about whether those users meet the authorization requirements for a particular service (for example, a license that limits access to students).
The InCommon Federation uses Shibboleth federated identity management software from Internet2. According to Internet2:
"Shibboleth is a standards-based, open source software package for Web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner."
If you are enrolled in multi-factor authentication with Duo, you will be required to perform an MFA login process when signing into any Shibboleth-supported web application (please see the list below for which services require MFA at this time). For more information on Shibboleth, click here.
|Service||When Will it Require Duo?|
|Banner Administrative Forms (formerly INB)||May/June 2019|
|Banner Document Management (BDM)||May/June 2019|
|ChromeRiver Prod||January 2019|
|ChromeRiver QA||January 2019|
|GlobalProtect VPN||January 2019|
|Internet2 (InCommon)||January 2019|
|Kuali Ready||January 2019|
|Lyris List Manager||N/A|
|Office 365 Email||June 2019|
|Slate CRM||January 2019|
|United Way||January 2019|
|Wall Street Journal||January 2019|
|XFINITY On Campus (XoC)||January 2019|
Note: these timelines are in some cases estimates and in some cases audit deadlines. We are striving to provide the most accurate information available regarding the Duo service as it continues to be refined.