Skip to main content


On October 1, 2022, Microsoft will permanently disable Basic Authentication (“Basic Auth”) for Exchange email tenants. Basic Auth is an outdated authentication standard that allows users to connect to their mailbox using only a username and password and its continued use poses serious security...Read more

Cornell's Single Sign-On front-end, CUWebLogin, has been used with two back-end authentication methods.

CIT is migrating all services to use one method, Shibboleth, and retiring the other (CUWebAuth).

On August 1, 2021, Shibboleth and CUWebAuth will be separated, meaning they...Read more

Does the Cornell Identity Provider provide a logout service?

No. Our credentials remain valid until you close your browser. We recommend that you give the user instructions to quit the browser if they want to log out. If your application has a logout item in its menus, you might consider...Read more

EntityID for the Cornell Identity Provider

Prod IDP: Test IDP:

URL for Cornell IDP metadata more

You may remove a Two-Step Login device if you are no longer using the device or if the device is lost or stolen. If you are unable to remove a device, contact the IT Service Desk . You will need to visit the IT Service Desk with your ID or have access to a...Read more

When you have a new smartphone, there are a few steps you need to take to setup the phone you're using for your Two-Step Login account. What you do with your account depends on whether or not you kept your phone number or if you have a new number on your new smartphone.

These steps will...Read more