XSEDE Web Single Sign-on (Web SSO)

Most XSEDE websites—including the XSEDE User Portal (XUP) and related sites like the Jetstream web portal, Globus, Research Software Portal, online training sites, and XD Metrics On-Demand (XDMOD)—use a common login service: XSEDE Web Single Sign-On (Web SSO).

Most XSEDE websites—including the XSEDE User Portal (XUP) and related sites like the Jetstream web portal, Globus, Research Software Portal, online training sites, and XD Metrics On-Demand (XDMOD)—use a common login service: XSEDE Web Single Sign-On (Web SSO). If you login to any of these websites, you'll use XSEDE Web SSO. Beyond its role as the login mechanism for XSEDE and XSEDE-related websites, XSEDE Web SSO provides a number of extra features you might find useful, such as the ability to use existing campus credentials to login instead of an XSEDE password. This page outlines these features and how to use them.

Logging in with XSEDE Web SSO

If the website you're using offers any of the three buttons shown in Figure 1, you can use XSEDE Web SSO. The version on the left is used by websites operated by XSEDE. The center version is used by XSEDE-related websites provided by other organizations. The version on the right is used by the XSEDE User Portal (XUP), which also allows you to login by entering your XSEDE username and password.

       

Figure 1. The three versions of the XSEDE Web SSO buttons

When you click any of these buttons, you'll either be logged into the website automatically (if you've already logged in with another XSEDE Web SSO website), or you'll see a page where you can choose an organization to login with. This page is provided by Globus, XSEDE's Web SSO provider. Figure 2 shows what this page looks like. Pick "XSEDE" to use your XSEDE username and password, or pick another organization where you have an account. 


Figure 2. Choose an organization where you have an account (including XSEDE)

If you choose another organization and you haven't already linked it to your XSEDE account, you'll be prompted to link your XSEDE account after you login. If you haven't registered with XSEDE yet, you can register when you login. Your login won't complete until your XSEDE account is linked.

XSEDE Web SSO features

Beyond the login experience described above, XSEDE's Web SSO provides some extra features. Some of these features are behind the scenes and mostly invisible to you. For example, your private credentials (password, multi-factor authentication codes) aren't shared with the website you're logging into, which is an important security feature. You might also notice that once you've logged into one website using XSEDE Web SSO, clicking the "Login with XSEDE" button on other sites logs you in immediately: you don't need to re-enter your password. The sections below detail a few other features you might find useful.

Sign out of XSEDE Web SSO

Ordinarily, XSEDE Web SSO remains active indefinitely on any device where you've used it. If the device itself is secure and only you can use it, this is fine. If you're using a public device or if you need to leave a device unattended without locking it, you can sign out of XSEDE Web SSO. When signed out, the next time someone uses the device to access an XSEDE website, they'll need to login.

An easy way to sign out of XSEDE's Web SSO is to visit the Globus web app and click Logout in the side panel, as shown in Figure 3. 


Figure 3. Sign out of XSEDE Web SSO using the Globus web app

Because Globus provides XSEDE's Web SSO experience, logging out of Globus also signs you out of XSEDE Web SSO. If, for any reason, you cannot use the Globus web app, clicking this link will accomplish the same thing: https://auth.globus.org/v2/web/logout

Link another account

You can link an account you already have with another organization (such as your home university, your ORCID ID, or a Google account) to your XSEDE account and then use that account to login to XSEDE websites. To link another account, first sign out of XSEDE Web SSO. (The previous section detailed how to sign out.) Then, click the "Login with XSEDE" button on a website and, when prompted to choose an organization, find the organization you want to link in the list. When you finish logging in with that organization, you'll be prompted to link your XSEDE account. Once linked, you can login using that account instead of your XSEDE account, and the website will still recognize you by your XSEDE username.

If the organization you want to login with isn't available in the "choose your organization" list, contact the organization and tell them you'd like to be able to use your account with them when logging into XSEDE and other federated research services.

Review and manage linked accounts

You can review the accounts you've linked to your XSEDE account and unlink any that you no longer want linked to your XSEDE account. If you unlink an account from your XSEDE account, you won't be able to use that account to login with XSEDE Web SSO. (If you try, you'll be prompted to link your XSEDE account again.)

An easy way to review the accounts you've linked to your XSEDE account is to visit the Globus web app and click Account in the side panel, as shown in Figure 4. (If you aren't already logged in, login to the Globus web app using your XSEDE account.)


Figure 4. Review and manage your linked accounts in the Globus web app

The list of linked accounts will be displayed. Click Manage Identities if you want to unlink any. Click the trash can icon next to an account to unlink it.

Review and manage permissions

The first time you sign into a website using XSEDE Web SSO, you'll be asked to give the website permission to access your identity information. You might be asked to grant additional permissions, such as the ability to transfer files, open SSH connections, or manage your group memberships. These permissions are active whenever you're logged into the website until you say otherwise. 

You can review the websites to which you've granted permissions, see the specific permissions for each website, and revoke these permissions if you've changed your mind or don't want these permissions used any longer. An easy way to review the permissions you've granted is to visit the Globus web app and click Account in the side panel, then click the Consents tab at the top of the page. Figure 5 shows how to do this.


Figure 5. Visit the Globus app, click Account on the left, and the Consents tab at the top

You'll see a list of every website you've given permissions to, and can expand each website to see the specific permissions you've granted the website, as shown in Figure 6. 


Figure 6. View applications you've granted permissions to; revoke permissions with the trash can

Clicking the trash can icon next to the website will revoke your permissions to that website. The next time you use that website, you'll be asked to give these permissions again.

Add XSEDE Web SSO to another application

If you are a website or science gateway developer and you want to allow people to login to your site using their XSEDE accounts, see the developer documentation for XSEDE Web SSO.

Key Points
XSEDE SSO Explained
Logging in to use XSEDE services
Extra useful features of XSEDE SSO
Contact Information