The UA NetID WebAuth service provides a single point of authentication, as well as Single Sign-on (SSO) facilities, for UA Web sites that require UA NetID authentication.

The technical details

WebAuth is a service utilized by Web-based applications that require the UA NetID for authentication. It relies on a central “login server”, to which users are redirected upon their first attempt to access a WebAuth-enabled application. Upon successful WebAuth login, authentication “credentials” are carried in a temporary cookie — stored by the user's Web browser — until the browser is closed or the credentials expire. These credentials allow the user to access multiple WebAuth-enabled applications, without requiring the re-entry of “username/password” information for each. In order to utilize this Single Sign-on capability, Web browsers must be configured to accept cookies.

Security Note

One security note before beginning to use WebAuth: Make sure you exit your browser session when finished, especially when using a public access computer. If you don’t exit the browser, your WebAuth session will remain active, allowing someone else to access your sensitive and personal data. When you logoff a WebAuth-enabled Web site, you will be able to logoff WebAuth, as well, by following a link on the site's logout page. (See below.)

How to login

You can login to WebAuth by going directly to the application you wish to use, such as WebMail. You will be directed by a link from the WebMail login page to the WebAuth login page. Once you login to WebAuth, you will be able to enter any other WebAuth-enabled Web site without having to re-login, as long as your WebAuth session is still active and the site allows single-sign-on (some applications may require re-authentication). See “Set Your WebAuth Timeout” below in order to set the length of your WebAuth session.

How to logout

When you logout of a WebAuth-enabled Web page, your WebAuth session may still be active, meaning you’ll be able to return to that and other applications without having to re-login, depending on your WebAuth timeout setting. The best way to logout of a WebAuth session is to completely exit your browser. You can also logout of the application you are using — in this example WebMail — and receive the following or similar notice:

Setting preferences

Explore the WebAuth Preferences page.

While use of WebAuth is required to login to services such as WebMail, the ability to utilize Single Sign-on is a user preference. Single Sign-on allows you to access other UA Web services without having to re-authenticate through WebAuth.

Enable/Disable WebAuth Single Sign-On

Single Sign-on permits multiple WebAuth-enabled applications to authenticate you via your UA NetID credentials, while requiring you to login only once per browser session.

To set your Single Sign-on preference:

Follow the 1. Set your WebAuth Inactivity Timeout link from the preferences Web page. Enter your UA NetID and password in the spaces provided. You may then select whether you wish to enable or disable WebAuth's Single Sign-On capability for your UA NetID. WebAuth Single Sign-On is enabled by default for all UA NetIDs.

Set Your WebAuth Timeout

You have control over how long your WebAuth session will last. If you don't access many WebAuth-enabled applications on a frequent basis, you may be better off using a short timeout period (e.g., 5-10 minutes). If you frequently access several WebAuth-enabled applications within a single browser session, you may wish to specify a longer timeout interval. The default timeout interval is two hours.

To set your WebAuth Timeout preference:

Follow the 2. Enable/Disable WebAuth Single Sign-On link from the preferences Web page. Enter your UA NetID and password in the spaces provided. You may then enter your desired WebAuth inactivity timeout interval in minutes. The value you enter here will be the maximum amount of time your WebAuth login credentials will remain valid without authenticating to a WebAuth-enabled application.

Webauth for Programmers: API

Full details on the webauth API for programmers can be found at https://netid.arizona.edu/apidocs/webauth/index.html