Federated access is the future of authentication
Libraries aren't just book-lined spaces anymore. With resources distributed across the web they're almost boundless. Their patrons could be just about anywhere too, accessing resources on a variety of devices. This means old access management methods don't pass muster, but federated access offers a better way. Our technical consultant, Adam Snook, explains why...
Freedom to roam
What does federated single sign-on offer that library users don’t have with traditional single sign-on?
“If single sign-on provides library users with a smoother, more efficient journey around the byways of their institution’s systems and services, federated single sign-on takes them out on the open road,” says Adam. “In the OpenAthens Federation, each partner organization authenticates its own users and verifies their credentials to every other partner. It enables library patrons to roam through more resources more freely.”
Better still, it gives content providers opportunities to provide a richer user experience. As Adam says:
“Federated authentication makes it possible for content providers to create a secure, anonymized profile for users to track their interests and preferences. By default, OpenAthens does not release personal identifiable information, and librarians can choose how much to share. This option brings the possibility of user-friendly features like saved searches, annotation and suggestions for related content, as well as continual professional development (CPD)."
“And for library staff federated single sign-on means less admin. Because users have to remember fewer passwords staff spend less time on resets. At the same time, institutional security is improved; there’s less chance that poorly managed passwords will open systems up to attacks and data breaches. Users are also less likely to share their organisational credentials with others.”
With federated authentication, user identities are managed in a user directory, typically by IT. Usually, IT will set controls over how authentication works: if multi-factor authentication is enabled and who has access to which resources. They can also manage changes as people move through the organization. When you choose federated authentication your institution’s systems are generally better protected in the sense that they are in your control and you have full visibility. Compare this with having many accounts in third-party systems – in this case, you have neither of these things.
Federated authentication allows IT to do what it does best and means library staff can focus on supporting library patrons. That might be outreach or other work that improves the user experience, boosts library engagement and delivers a better return on investment.
“While federated access wins out on two fronts by enabling library users to do their work more easily and freeing up library staff to add value, not all content providers offer it,” comments Adam. “The most common alternative is IP recognition, which clearly has downsides with regard to remote access. This is where proxy services are commonly used.
“For an institution, self-hosting proxy servers can be hard work and time-consuming. Most librarians face a steep learning curve to make sure they can do it reliably. Not surprisingly, more and more are opting for a managed service instead.
“Certainly, at OpenAthens, growing numbers are signing up for our managed proxy service. By taking on the complex parts of the job we bridge the gap between the library and IT, allowing them to focus on their core responsibilities. We enable library staff to manage their authentication costs and be more independent in how they manage library services.”
OpenAthens offers a quick and practical way to get serious about remote access. It future-proofs libraries through federated authentication, while also allowing access to content through the OpenAthens managed proxy. This allows libraries to enjoy some important benefits from both, including seamless access for users.
As well as a better, more personalized user experience, federated access offers enhanced privacy, while a proxy solution means users are simply less well-protected. For example, they may have to provide additional information to content providers such as an email address to do something as simple as save a search. With federated single sign-on the user’s anonymized identity is all that’s needed.
Adopting federated access will ensure your library can offer the freedom, choice and user experience that its users expect in a world where they use their own devices to study and work anywhere they want.
Which solution to choose? In terms of getting users to resources seamlessly they all do much the same thing. But in choosing the cloud-based OpenAthens federated access management solution you can avoid more of the grunt work. It integrates with multiple widely used systems and directories – so if you’re an ADFS, Microsoft Azure or G-Suite user, for example, there’s no problem.
We offer plenty of choice about how to onboard users for maximum efficiency and – crucially – our technical experts will work with you to decide the optimal solution for your organization. They’ll help you through the implementation too.
Want to know more about federated single sign-on?
Check out our recent webinar where Christos Skoutas, our senior business development manager, dives into what is federated single sign-on and the benefits it provides.