Shibboleth (Web authentication)

accessService description

The Shibboleth system is a standards-based, open-source software package for Web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. ITS provides Shibboleth for Web authentication and authorization.



  • Provides a highly available Identity Provider (IdP) for Onyens and Carolina guest IDs
  • IdP provides single sign-on service to Service Provider (SP) protected Web applications
  • ITS-IDMGMT group provides assistance setting up Service Providers for new applications
  • ITS-IDMGMT group runs Service Providers for most enterprise applications (ConnectCarolina, ITS-hosted Web applications)

The Shibboleth IdP is hosted by ITS, as are some major service providers. Other service providers are hosted outside of ITS to provide authentication and authorization to non-ITS Web applications.


Entire campus as well as off-campus affiliates.

Customer responsibilities

  • Clients must remember to log out. We recommend closing all browser instances after logging out.
  • Web application owners must work with ITS-IDMGMT when setting up service providers.
  • Access by service providers to personally identifiable information via Shibboleth must be cleared by ITS Security.

Help and more information