The new MyNewSchool uses single sign-on technology to make it possible for you to move between several commonly-used Web-based applications, including MyNewSchool, Google Apps, Canvas, the Student Success Network, and online bill payment, without having to re-enter your username and password. In general, the single sign-on process should be transparent to you, behaving in the “expected” way most of the time. However, if you use multiple devices or multiple web browsers simultaneously, this article will help you understand how that usage affects your use of single sign-on.
Single sign-on works at the individual browser level (for those more technically minded, it relies on browser cookies). As long as you stay in the same browser session, you can move from one single sign-on enabled application to another without having to re-enter your username and password. If you use multiple devices, each device has a separate browser, and therefore a separate single sign-on session. This means that even if you’ve already signed onto an application on your laptop, you’ll still have to sign on again if you then switch to the web browser on your phone. Likewise, if you open MyNewSchool in a Chrome browser session, and then visit Canvas with Firefox, you’ll have to sign in to Canvas again, because it doesn’t share information with Chrome.
With the old MyNewSchool, you had to sign into MyNewSchool before you could use any of the “automatic sign-on” links to other applications. With the new MyNewSchool single sign-on, this isn’t the case--you can “start” by signing on to any single sign-on equipped application you want, and all the other single sign-on applications will just work. So you can start with MyNewSchool and then go to the Student Success Network, or you can start with Google Apps and then go to Canvas. Here are the specifics on how it works (this assumes you’re using the same web browser on the same device):
- When you first start a new web browser, you’re not signed in to any applications.
- When you visit a single sign-on enabled application (say, MyNewSchool), the application server asks your browser for the “application ticket” it needs to let you into the application. If your browser doesn’t have a ticket (and it won’t, since you haven’t signed in yet), the application tells your browser to go to the single sign-on server to get one.
- The single sign-on server checks its database and also requests some information from your browser to determine whether you’ve signed in already. Since you haven’t signed in yet, the single sign-on server will prompt you for your username (NetID) and password.
- Once the single sign-on server determined that you’ve signed in, it creates the special “application ticket” to tell the application that you’re all signed in and allowed to use the application, and then it tells your browser to go back to the application server.
- The application server again asks your browser for the “application ticket” it needs to let you into the application. But this time, your browser has one, so the application checks to make sure the ticket is valid, and then grants access.
- Later, when you visit another application (say, Google Apps), the same set of steps (starting at Step 2) is followed. But this time, when you get to the single sign-on server, you’ll already be signed in, so you won’t be prompted to enter your username and password. The “application ticket” will be generated for the new application, you’ll be sent back to the application server, and access will be granted.
It all sounds more complicated than it is. The important thing to remember is that “application tickets,” and the additional information the single sign-on server users to determine whether you’re already signed in, are stored in your web browser. If you completely exit the browser, all your single sign-on information will be forgotten and you’ll have to sign in again with your NetID and password. If you sign in using one browser, and then start up a different browser, the second browser will not know that you’re signed in (because browsers don’t share information), so you’ll have to sign in again with your username and password.
We hope that you find single sign-on a useful new feature of the new MyNewSchool. Over the coming months we plan to enable additional applications for single sign-on, making it even easier for you to get things done.