Web Policies

Single Sign-On

Single Sign-On (SSO) is a service which allows you to provide your username and password once to a trusted service and to have your identity securely, consistently and seamlessly provided to many web applications.  It lets you use certain web applications without having to log in more than once per session.

Logging in using Single Sign-On (SSO)

All members of the university with a BUCS account can use SSO to log in to web applications. This does not mean you will have access to every application that uses SSO; some of these applications will have additional controls that only allow access for certain individuals.

You should use your normal BUCS username and password, the same one you use to read your University email account.

Logging out

Most sites should provide a logout button which will log you out of Single Sign-On.

You can log out of SSO by visiting https://auth.bath.ac.uk/logout. Closing your browser will also log you out of SSO.

It is very important that you log out of SSO when you have finished using a computer, particularly if the computer is in a public place.

If you don't log out, then subsequent users of the computer may be able to access many applications as you, even if they weren't the applications you were using.

Completely shutting down your browser by closing all the browser windows is the safest way to ensure everything is logged out.

Advantages of Single Sign-On

The SSO service provides several benefits:

  • The same username and password allows you access to many services
  • You only have to provide your password to one trusted application at a well-known URL
  • You only have to type your username and password once per session
  • You can be confident that your username and password are treated securely

Check the Single Sign-On web address in your browser

Before entering your username and password into the Single Sign-On login form, you should check that the web address of the page being displayed begins with https://auth.bath.ac.uk/

By routinely checking the address of the login page you reduce the risk of entering your details into a page that is not part of our service.

This is especially important when logging in to services that you have not used before.

The trusted login URL

https://auth.bath.ac.uk/ is the URL you should trust for logging in to SSO. The URL may end in "login".

If you have been redirected to the SSO service whilst trying to access another web site you'll often find "?service=" and the web address of the application tagged on the end of the login URL - this allows the SSO service to send you back to where you wanted to be once it has successfully worked out who you are.

The "s" in "https" means that it is a secure site, offering both encryption of information and authentication of the server.

You can be sure that username and password information typed into this web form is only used by Single Sign-On for authenticating you for access to "approved" web applications.

  • The username and password you provide are not recorded and are not exposed to third parties.
  • Applications making use of SSO will be informed of your BUCS username but they will never see your password.