HKUST SSO Service provides a secure Single Sign-On (SSO) platform for users to access web applications or systems without the need of entering credentials every time.
Starting from 6 June 2022, the Central Authentication System (CAS) login service will be merged into the Microsoft login that is used in Office 365 applications. We name them collectively the "HKUST SSO Service". Please note that Duo 2FA is mandatory for staff and students to all applications after the merge.
Microsoft login is built on the cloud Azure Active Directory (AAD) infrastructure, which provides enterprise graded features like strong security, robustness, resiliency, and easy integration with cloud services.
The change will extend our current Single Sign-on (SSO) extensively. User login experience will be streamlined with reduced sign-in and 2FA frequency, without security degrade. This is also to prepare for the "passwordless authentication" initiative which is the ultimate goal in phasing out password-based authentication.
Upcoming Guangzhou account will be also supported by HKUST SSO Service that means the applications in CWB campus can permit Guangzhou account to sign in.
1. New CAS Login Experience
The login URL address of any CAS protected application remain unchanged, but the login will be redirected to the Microsoft login screen. Please sign in with your primary Email Address in firstname.lastname@example.org or email@example.com instead of the account name alone.
Sign in to https://login.microsoftonline.com/...
||Or, Pick an account|
When you access to a CAS protected application with your web browser, please note the following:
- Type your Email Address, or Pick the correct email address when prompted (Microsoft login will remember your previous login account, or select Use another account if necessary)
- Input your password when prompted and then perform the required Duo 2FA. 2FA will be required for all applications and the "remember me" option will be extended to 45 days. If you would like to avoid the frequent prompt of 2FA, you may want to check this option.
(Students only) Some users might be prompted to accept the below agreement if they have never signed in to this Microsoft login before. Please accept accordingly and this will not show again.
In case you got any problem to sign in, please restart your web browser and sign-in to the application from fresh, or you will need to clear the browser cache. You may also invoke a new private window (New InPrivate window for Edge, New Incognito window for Chrome or New Private window for Safari / Firefox) and sign-in again if you work with different accounts.
Never sign in your Work or School account with a web browser on any public terminal (e.g. Internet cafe, airport). If it is deemed necessary, use a New Private Window (e.g. Ctrl+Shift+N for Edge / Chrome) to sign in and close all the Windows sessions after used.
2. Single Sign-on between CAS applications and Office 365 web apps
Authentication for CAS protected application can be skipped if you have previously signed on to Office 365 web apps, and vice versa. This single sign-on experience happens within the same web browser (with different browser windows or tabs).
3. Single Sign-on to web applications from Windows Work Account
Windows 10 or above devices can support Single Sign-On to web applications from Window work account. It can further reduce the number of times in keying in the password and thus it is more secure. Please refer the Enable Browser Single Sign-on (SSO) in Windows 10 under the Learn More section below.