Using the login services

In the future, login will be a two-step login process: after authentication, you accept the disclosure of information about yourself to the system, after which you can use the service.

On the approval page, you can see a list of the information disclosed about yourself to the service. If there are no changes to your information, this approval will only be required when you are first logging in to each service.

• You can log into the service directly by entering your username and password (1) and clicking LOGIN (2).
• If you want see the information which is disclosed about you to the service, enter your username and password, tick the option "Redisplay the page on accepting the disclosure of your information" and click LOGIN. You will be moved to a page on which you can see the information to be disclosed, and you can either accept or reject their disclosure.

• On this page, you can see the information to be disclosed (1). The information to be disclosed depends on the service.
• If you accept the disclosure of your information, click ACCEPT (2). You will be given the opportunity to move to the service you have selected.
• If you do not accept the disclosure of your information, click REJECT (2). Note that you will be unable to use the service if you select this option.

If you later on want to see what information you have disclosed, on the login page (for instructions, see the first image), tick the option "Redisplay the page on accepting the disclosure of your information". You will be moved back to the page where you can accept/reject to disclose your information (see the second image in the instructions) and where you can see the information you have disclosed.

These instructions are intended only for computers in the university’s centralised administration.

A single sign-on means that after logging in once with your username and password, you no longer need to separately log in with a browser.

Using the single sign-on service

• Use the browser to open any university service that uses the university login service (e.g. Flamma). The login page will open (see below).
• Click the “Use single sign-on” button (1).
  • Note! The button will only be visible if these requirements are fulfilled. If the alternative is not visible, continue to log in by entering your username and password.
  • If you want see the information which is disclosed about you to the service, you can check the option “Redisplay the page on the acceptance of the disclosure of your information”.

After this, when you open the following service (e.g. Flamma Workgroups or SAP HR), you can automatically log in to it if the service is included in the single sign-on service.

You can administer/remove the settings later in this webpage.

• This setting is browser-specific and will be stored in a cookie.

Conditions for using the single sign-on service

• Works only on the university computers (Windows, Mac, Cubbli, vdi  in the internal network (university network, VPN and eduroam).
• Supported browsers: Edge, Firefox, Chrome and Safari
• Browser settings for these browsers are made centrally for the university computers. If you encounter problems, see next section (Problem solving).

Problem solving

Please note that if you bring your own computer to the university (e.g. in the eduroam network), the Use single sign-on button will be displayed on the screen, but it does not work. Since your computer is not under the university’s centralised administration, its login details are not the same as on the university’s computers.

Ending use

• It is not possible to end the use of the single sign-on alternative on the university computers under the centralised administration, but you can disable single sign-on by removing the check from the checkbox here. This must be done separately for each browser.
• Another alternative is to clear the browser’s cache

When you log in to a computer, information about this is transferred to the back-end systems. The transferred information is used to enable single sign-on to other university services. This information is valid for 10 hours at a time.

Do the following to revalidate the authorisation:

• Open Terminal, enter the command kinit and enter the password for your username (the terminal will not show the characters you enter).

OR

• Put the computer to sleep for a while (Apple Menu > Sleep) and then wake it up (by clicking one of the keys on the keyboard). Enter your password when logging in. Do not log in with Apple Watch or your fingerprint.

The authorisation is now valid for another 10 hours. Single sign-on works as long as the authorisation is valid.

If you use fingerprint authentication or Apple Watch, the authorisation is not renewed. This affects, for example, single sign-on and, thus, printing.

Multifactor Authentication (MFA) will be gradually expanded to several services. Users will receive separate notification of this.  

If the service you are logging in to requires Multifactor Authentication, log in as follows:

• Office 365 authentication will be displayed. Log in with your username in the form username@ad.helsinki.fi (e.g., the username of Raimo Keski-väänto is rkeskiva, so he signs in with rkeskiva@ad.helsinki.fi)

• You will be forwarded to the University’s login page.
• Enter your password and click on Sign In.

You will then be requested for additional authentication, as specified by the owner (e.g., in the Microsoft Authenticator application).

You can choose that the service remembers your authentication.

• When logging in through login.helsinki.fi, the service remembers your authentication for only three hours.
• O365 services remember your authentication for a maximum of 90 days.

After authentication, you return to the normal single sign-on where you can approve the disclosure of your information.
(If you have already given your consent for information disclosure, this stage may not be needed.)

  
Tämän jälkeen pääset palveluun.