Using the login services

Normal login to university services proceeds in two steps: after authentication, you accept the disclosure of your credentials to the system and can then access the service.

Computers that are centrally administered by the University offer a single sign-on service to facilitate the work of university staff and students. After logging in to the computer with your username and password, you do not need to separately log in with the browser.

Multifactor Authentication (MFA) will be introduced for some of the university services. The authentication method will be expanded gradually, and the service owner will provide separate notification to users. Read more about these services.

 

Pay attention to information security

  • Check from the address row that you are on the right login page!
    Check the address bar to make sure you are on the right login page!
    The address must begin with (depending on the situation):
    https://login.helsinki.fi/
    https://login.microsoftonline.com (when signing in to Office365 services)
    https://stshy.helsinki.fi (separate login on home computers)
  • Remember to always lock your workstation when you leave your computer!
    If the single sign-on is in use and you leave your computer unlocked, anyone can access numerous university services with your credentials without separately logging in. 

Normal login to university services

Normal login to the services proceeds in two steps:

  1. Authentication
  2. Approval of the disclosure of your credentials.
    After this, the service is available.

A list of the personal data disclosed to the service is displayed on the approval page. If there are no changes to your information, this approval will only be required the first time you log in to each service.

See the Detailed help tab for illustrated instructions.

Multifactor Authentication

Multifactor Authentication (MFA) will be gradually expanded to a number of services. Users will receive separate notification from the service owner.

If multi-factor authentication is enabled, you will be redirected to the AD login used by the O365 services, after which the process will return to the normal login page (login.helsinki.fi) where you can approve the disclosure of data.

For detailed instructions on using MFA authentication, see the Detailed help tab.

Logging in to University services

In the future, login will be a two-step login process: after authentication, you accept the disclosure of information about yourself to the system, after which you can use the service.

On the approval page, you can see a list of the information disclosed about yourself to the service. If there are no changes to your information, this approval will only be required when you are first logging in to each service.

  • You can log into the service directly by entering your username and password (1) and clicking LOGIN (2).
  • If you want see the information which is disclosed about you to the service, enter your username and password, tick the option "Redisplay the page on accepting the disclosure of your information" and click LOGIN. You will be moved to a page on which you can see the information to be disclosed, and you can either accept or reject their disclosure.
  • On this page, you can see the information to be disclosed (1). The information to be disclosed depends on the service.
  • If you accept the disclosure of your information, click ACCEPT (2). You will be given the opportunity to move to the service you have selected.
  • If you do not accept the disclosure of your information, click REJECT (2). Note that you will be unable to use the service if you select this option.

If you later on want to see what information you have disclosed, on the login page (for instructions, see the first image), tick the option "Redisplay the page on accepting the disclosure of your information". You will be moved back to the page where you can accept/reject to disclose your information (see the second image in the instructions) and where you can see the information you have disclosed.

Single sign-on to services with university computers

These instructions are intended only for computers in the university’s centralised administration.

A single sign-on means that after logging in once with your username and password, you no longer need to separately log in with a browser.

Using the single sign-on service

  • Use the browser to open any university service that uses the university login service (e.g. Flamma). The login page will open (see below).
  • Click the “Use single sign-on” button (1).
    • Note! The button will only be visible if these requirements are fulfilled. If the alternative is not visible, continue to log in by entering your username and password.
    • If you want see the information which is disclosed about you to the service, you can check the option “Redisplay the page on the acceptance of the disclosure of your information”.

After this, when you open the following service (e.g. Flamma Workgroups or SAP HR), you can automatically log in to it if the service is included in the single sign-on service.

You can administer/remove the settings later in this webpage.

  • This setting is browser-specific and will be stored in a cookie.

  Conditions for using the single sign-on service

  • Works only on the university computers (Windows, Mac, Cubbli, vdi  in the internal network (university network, VPN and eduroam).
  • Supported browsers: IE, Edge, Firefox, Chrome and Safari
  • Browser settings for these browsers are made centrally for the university computers. If you encounter problems, see section Problem solving.

Problem solving

Please note that if you bring your own computer to the university (e.g. in the eduroam network), the Use single sign-on button will be displayed on the screen, but it does not work. Since your computer is not under the university’s centralised administration, its login details are not the same as on the university’s computers.

Helpdesk supports you only if:

  1. you are using a university computer under centralised administration
  2. you are in the university network (including VPN and eduroam)
  3. you are using a supported browser

 

Browser settings for supported browsers

Browser settings for these browsers are made centrally for the university computers, but sometimes you may need to adjust them. You can find instructions for adjusting them below.
Microsoft Edge and Internet Explorer
Specify the login service as an intranet page in Internet Explorer (IE) as follows:

  • Open Internet Options
  • Select the Security tab and Local intranet
  • Click Sites, select Advanced and add https://login.helsinki.fi as a reliable service
  • Close Sites and other windows
  • Restart the browser

IE may show the login page incorrectly. Select then Settings > Compatibility View settings and remove the check from the checkbox Display intranet sites in Compatibility View.

Chrome
Windows:

  • Chrome will function when the IE’s settings are adjusted correctly.

Linux:

  • Start Chrome with the command: “chrome --auth-server-whitelist='https://login.helsinki.fi”

Firefox

  • Enter the following address on the browser row: about:config
  • Firefox will warn you that changing the settings may endanger the functioning of the browser. Please note that you make the changes at your own risk. Be careful and only make the change that is advised here.  Ignore the warning by clicking “I accept the risk!”
  • Search for the setting by entering the following on the search row: network.negotiate-auth.trusted-uris
  • Enter value https://login.helsinki.fi
    • There may be an already set default ad.helsinki.fi, in which case, you can enter them both by specifying the value as: ad.helsinki.fi, https://login.helsinki.fi

 

Ending use

  • It is not possible to end the use of the single sign-on alternative on the university computers under the centralised administration, but you can disable single sign-on by removing the check from the checkbox here. This must be done separately for each browser.
  • Another alternative is to clear the browser’s cache

 

Error situations

When you log in to a computer, information about this is transferred to the back-end systems. The transferred information is used to enable single sign-on to other university services. This information is valid for 10 hours at a time.

If single sign-on stops working, check the validity of the authorisation in the University menu > Computer Info. If the authorisation is no longer valid, the words “Ticket: no” will be displayed in Computer Info.

Do the following to revalidate the authorisation:

  • Open Terminal, enter the command kinit and enter the password for your username (the terminal will not show the characters you enter).

OR

  • Put the computer to sleep for a while (Apple Menu > Sleep) and then wake it up (by clicking one of the keys on the keyboard). Enter your password when logging in. Do not log in with Apple Watch or your fingerprint.

The authorisation is now valid for another 10 hours. Single sign-on works as long as the authorisation is valid.

If you use fingerprint authentication or Apple Watch, the authorisation is not renewed. This affects, for example, single sign-on and, thus, printing.

Tip: Shut down your computer at the end of the day. You will save energy and in addition, single sign-on services will work normally throughout the working day.

Multifactor Authentication

Multifactor Authentication (MFA) will be gradually expanded to a number of services. Users will receive separate notification of this.  

If the service you are logging in to requires Multifactor Authentication, log in as follows:

  • Office 365 authentication will be displayed. Log in with your username in the form username@ad.helsinki.fi (e.g., the username of Raimo Keski-väänto is rkeskiva, so he signs in with rkeskiva@ad.helsinki.fi)
  • You will be forwarded to the University’s login page.
  • Enter your password and click on Sign In.

You will then be requested for additional authentication, as specified by the owner (e.g., in the Microsoft Authenticator application).

You can choose that the service remembers your authentication.

  • When logging in through login.helsinki.fi, the service remembers your authentication for only three hours.
  • O365 services remember your authentication for a maximum of 90 days.

After authentication, you return to the normal single sign-on where you can approve the disclosure of your information.
(If you have already given your consent for information disclosure, this stage may not be needed.)

  
Tämän jälkeen pääset palveluun. 

Give feedback

The instructions site of the University of Helsinki's IT Helpdesk helps you with IT-related issues related to your work. Let us know how we can improve our instructions. We greatly appreciate your feedback!

How would you improve these instructions?
Back to top