Quick Start

Available to: Students, Faculty, Researchers, Staff, Departments, Prospective Students, New/Incoming Students, Guests

Cost: No charge

Authentication services sit between client programs and secured services. Our primary authentication method is Shibboleth, but Boston University also supports: ADFS, Kerberos, and AD Authentication (use of Weblogin is now deprecated.) An application leveraging these services can then control client access based on the standard BU login names and webaccounts.

*Applications that utilize Shibboleth and ADFS authentication will be configured with Duo multifactor authentication.


The use of Authentication Services Improves the usability and security of applications by allowing the use of BU accounts for access.

Key Features

  • Enables use of a single password for multiple applications
  • Leverages account management over multiple applications
  • Simplifies access to third-party applications and services

What to Expect

This service normally will be available 24 by 7 except for standard change windows, as described in IS&T’s standard policies, procedures, and schedules for making changes.




  • Application can be hosted on-premises or off-premises.
  • Authorization of applications connected to ADFS can be managed by AD groups.


  • Host system for the application must be a modern, supported version of Linux or Windows.
  • Host system must be on the BU campus network.
  • Time clock on the host system must be synchronized with a Network Time Server.

AD Authentication:

  • Systems must be on preemies and joined to our AD Domain.
  • Systems must be windows, Linux or MacOS.

Multifactor Authentication (MFA):

  • Host system or service must be able to integrate with the Duo integration API. A full list of compatible services is here.
  • Duo MFA is already built into applications configured with Shibboleth and ADFS. Other applications (which meet the appropriate criteria) can be configured to use Duo. Please contact us for more information.

Getting Started