- On This Page
- Overview
- How to sign in
- How to sign out
- Known problems
- Getting help
Overview
When you access protected resources such as MyUW, Canvas, MyPlan, Workday, as well as some desktop and mobile applications such Outlook, Zoom, and Husky OnNet you will be asked to sign in with your UW NetID, also known as single sign-on (SSO). Learning how to sign in and sign out will help you protect your privacy and prevent unauthorized use of your UW NetID by others. The sign in experience may differ depending on the application and which UW identity provider that application is integrated with–the UW Shibboleth IdP, UW Entra ID (Microsoft), or UW Google IdP. So your sign in experience may vary–all expected experiences are documented below.
How to sign in
When asked to sign in, first enter your UW NetID and password.
If password verification is successful, you may be asked to sign in with two-factor authentication (2FA) for added security:
If the verification process is successful, you will continue to the protected resource.
Successful sign-in also creates a single sign-on session to reduce how often you have to sign in again (reauthenticate) during a browsing session.
Note that some resources require you to re-establish your presence by forcing you to reauthenticate during a browsing session.
When signing in with UW NetID to access UW Microsoft Office 365 and other applications integrated with UW Azure Active Directory, the Microsoft sign-in process will be used.
The Microsoft sign-in experience for users with Duo will be changing. For most users, the experience will change 9/26/2024, but a few users will see changes as early as 9/19/2024. What is documented below reflects the new sign-in experience, where Step 3 reflects what users may not see until 9/26/2024.
This description represents via words and pictures what an uw.edu Entra ID user can expect to experience at sign-in.
Step 1: The Microsoft sign-in page.
https://login.microsoftonline.com should be the URL of the Microsoft sign-in page.
You should enter your user principal name (UPN), e.g. pottery@uw.edu.
Important: The "Can't access your account?" link in this Microsoft interface is non-functional for UW Microsoft accounts. Clicking it will result in a "Get back into your account" page which will not be constructive. To recover your account, use the UW NetID system.
Note: you may be asked to choose a work/school account or personal account immediately after step 1. See /tools-services-support/it-systems-infrastructure/msinf/other-help/faq/aad-terms/#accountTypes for more info.
Step 2: Enter password in Microsoft sign-in page
The Microsoft sign-in page detects your @uw.edu UPN and reacts by giving you the appropriate UW authentication experience. You will need to enter your password in the Microsoft sign-in page, as shown below:
Note the UW logo at the top, the UPN you entered in step 1, and the UW-specific help text at the bottom.
You enter your UW NetID password into the password field.
Important: The "Forgot my password" link in this Microsoft interface will result in sending you to the UW NetID password help page.
Step 3: Pick the 2FA method
This step has a lot of possible differences to it, depending on whether you have chosen to register other authentication methods with Entra ID. If you have registered other Entra authentication methods, your experience will be different than what we describe here.
You should next see a “Verify your identity” challenge with a list of possible methods to perform 2FA, as shown below:
Note the UW logo at the top, the UPN you entered in step 1, and the UW-specific help text at the bottom. You need to pick the Duo option.
If you have registered other Entra authentication methods, you won’t see the above “pick your option” screen at all, unless you tell Entra that you can’t use that method, in which case you will then see the option screen. Note that if you satisfy one of your other Entra registered methods, you won’t get a Duo challenge from Entra.
Step 4: Duo 2FA challenge (may not be required)
Assuming you entered a valid password, if 2FA is required, you’ll be directed to a Duo 2FA page from duosecurity.com as shown here:
Note the UW logo. You should see the same authentication methods that you have enrolled in via https://identity.uw.edu. The Duo default method should fire automatically, but you can manually pick any of the Duo methods listed.
Note: This screen will only show the last 4 digits of any phone number used as a Duo authentication method. For privacy purposes, we’ve blurred these in the screenshot above.
Depending on your web browser’s configuration, you may also see a prompt asking “Do you trust uw.edu?”. If so, click “Continue”.
If you are using the Duo App on your mobile device, you should see something like the following. Note that “UW Entra ID EAM” will be listed as the requesting application (“UW Entra ID” for users who have not yet switched to the new experience).
Step 4: Stay signed in (SSI)
After you’ve successfully passed the Duo 2FA challenge (or just the password challenge, if 2FA wasn’t required), you should be redirected to the following page, with a question about whether you want to stay signed in:
Note the UW logo at the top, the UPN you entered in step 1, and the UW-specific help text at the bottom.
You can select either option. If using a public or shared computer, such as a kiosk, you should choose No.
After selection, you should be redirected to the application that started the Entra ID sign-in process.
When signing in with UW NetID to access UW Google G Suite and Google Cloud Platform (GCP), the Google sign-in process often starts by entering your UW Google ID (e.g. alice@uw.edu).
How to sign out
Although sessions will time out on their own, it’s better to be proactive about signing out. Follow these recommendations for common situations and types of devices.
When using your own personal device such as a smartphone, tablet, or computer, you can stay signed in as long as you lock the screen and use auto-locking settings to prevent use by others. Always lock your device before leaving it unattended.
When using a lab computer or kiosk, follow posted instructions on how to sign in and sign out. If instructions aren’t posted, ask for help before you sign in with your UW NetID.
When sharing a device with other people, discuss with them ahead of time how each person will sign in and sign out to prevent unauthorized use of your UW NetID.
In many situations, you can sign out simply by exiting your web browser. However, some browsers use a “continue where I left off” or similar setting to keep you signed in, even if you exit your browser. To be confident you are signed out, clear your browser’s cookies.
You may want to end your single sign-on (SSO) session explicitly, terminating the UW Shibboleth IdP 12 hour single sign-on duration for this browser. To do so, visit the identity provider sign out link. If you’d like, you can bookmark this link for future use.
Note that this does not sign you out of every website that you have signed into, instead it requires your password for future UW NetID web sign-ins. If you want to ensure that you have signed out of other websites too, make sure you clear your cookies and other browsing data.
The UW Shibboleth IdP explicit sign out method has no effect on your UW Entra ID single sign-on session. To explicitly sign out of your UW Entra ID session, either sign out of the Windows device (if you are using a Windows device), clear your browser’s cookies, or go to My Account (microsoft.com) and choose the “Sign out everywhere” option.
Known problems
- Inactive MI user account
- Corrupt or incorrect identity token or stale browser cookie
- Duo error: Looks like something went wrong
- Your email access has been blocked
- Microsoft product licensing
- Office installed previously for another user causes sign in issues
- Unexpected Duo prompt during Windows sign in
- User disabled registered device
- Your organization has deleted this device
- There is an Entra ID Device Registration Service problem
- Device registration failure due to Intune device restriction policy
- UW Remember Me doesn’t work or I have to sign in to Entra ID a lot
- UW NetID compromise
- Conditional Access policy from another tenant
- Risk-based conditional access policy from another tenant
- Current browser software is recommended: The sign-in process is known to work with recent versions of all major browsers. Other browsers may not be compatible.
- Cookies are required: The sign-in process makes use of browser cookies. Your browser must be configured to accept cookies.
- TLS is required, and SSL is not supported: Sign-in requires TLS (Transport Layer Security) for secure website connections. It doesn’t support SSL (Secure Sockets Layer). Recent versions of all major browsers support TLS. If your browser isn’t configured to use TLS, you will be unable to establish a secure connection. As a result, your browser might display an error such as “SSL error” or “cypher mismatch,” or it might suggest that you turn on support for TLS. Some browsers erroneously report “the web page is not available.” Contact us for assistance.
- Shortened domain names: The sign-in process is sensitive to shortened domain names. When you open a location that relies on the sign-in process, use the full unabbreviated domain name. For example, use depts.washington.edu rather than just depts.
- Back button problems: Many browsers have problems backing through the part of your browser history that includes the sign-in process. Sometimes you can work around this problem by clicking the back button an extra time or two. You can also get back to recent locations using your browser history. For example, click and hold the back button to choose a website from your recent browsing history. (Note: This problem is less common with newer versions of most browsers. Consider upgrading your browser if you encounter this problem.)
- Opening or bookmarking the sign-in page: The sign-in page isn’t useful by itself. Its usefulness is tied to some other resource (e.g. MyUW) that relies on the sign-in process. Therefore, it isn’t very useful to visit or bookmark the sign-in page itself.
- Problems uploading files while signing in: The sign-in process cannot help you sign in to a website and upload a file at the same time. It is a limitation that must be worked around by signing in to the website before trying to upload any files.
- “I want to switch from one UW NetID to another and it won’t let me!!”: If you want to switch from being signed in with one UW NetID to another one, you must sign out first (see “How to sign out” above). This prevents two people from accessing each other’s personal information.
- “My roommate is signed in automatically!!”: If you try to sign in to MyUW or some other personalized UW website and your roommate or someone with whom you share a computer is signed in automatically, they may not have signed out. Please sign out for them and then try to sign in again.
- “Your sign-in failed. Please try again”: The sign-in process fails when the UW NetID and password aren’t successfully verified. Make sure you enter your UW NetID using all lowercase characters, and do not enter your full UW email address. Your UW NetID is the part of your UW email address to the left of the @ symbol (i.e. “uwnetid” is the UW NetID in uwnetid@uw.edu). Also, make sure your Caps Lock key is off and your Num Lock key is on.
Getting Help
If your issue isn’t solved via a solution for a known problem listed above, contact us for assistance.
The Entra ID Authentication Troubleshooting Guide can guide you through what information to collect so when you contact us, we can help you–the suggestions in it for what to collect are true whether your issue is with the UW Microsoft sign in experience or not. The guide also can suggest resources which may allow you to help yourself.