ICT implements single sign-on

Thanks to the new single sign-on procedure, Wilfrid Laurier University’s online resources have become more user-friendly for students.

Photo by Josh Awolade
Photo by Josh Awolade

Thanks to the new single sign-on procedure, Wilfrid Laurier University’s online resources have become more user-friendly for students.

In the past, Laurier students had to log in each time they wanted to access online university resources, such as MyLearningSpace and the Library website.

They were also logged out of the resources after a period of inactivity.

Continuous logins and time-outs were the only way the university could verify that users were students and had the right to use these applications.

This changed when the department of information and communications technology at Laurier implemented single sign-on.

The idea is that students will now only have to sign in once to gain access to a multitude of resources that require credentials.

“We’re trying to strike that balance between access and security, and we think we’ve got it pretty good,” said Ken Boyd, director of ICT solutions at Laurier.

At the moment, the only applications that work with SSO are the student e-mail accounts and the online resources available through the Laurier Library website.

However, ICT plans on expanding. “We have a list of other applications we want to [make more accessible],” said Boyd. This includes MyLS, Navigator and LORIS.

Students are often frustrated by the time-outs and multiple logins that the system required before a single sign-on method. “This will definitely make it easier to use,” said Gunjan Marwah, a third-year business student.

Applications used by faculty will also be altered to work with SSO.

Consequently, the procedure has yet to be completely implemented. According to Yi Ruan, team lead of ICT infrastructure and one of the head workers on the project, there is no fixed timeline.

“There’s integration work that needs to be done on the application side,” said Boyd. Some applications, such as LORIS, will require more work than others.

Despite this uncertainty, Boyd predicts ICT will be able to integrate a new application every month.

SSO comes with one caveat: to log out of all active accounts, the student must close the web browser. “The concept is single sign-on, not single sign-off,” Ruan said. When a student logs onto the system, a token is created on the server.

That token allows the student to access all applications that work with SSO. However, the server does not know if logging out of one application “means [the student] wants to sign off of every other application [he or she is logged into],” explained Ruan.

As a result, the user cannot log out of all the open applications by simply logging out of one. The only way to do this — also called destroying the token — is to close the browser.

While this security issue does not pose a large threat when it is being used on a personal laptop, tablet or smartphone, it should be considered when using a public device or borrowing someone else’s device.

“Security is extremely important to ICT,” said Boyd. “And this helps us improve our security footprint without being too onerous.”

Leave a Reply