Security Audit Inspires Iowa State University Library to Discontinue Proxy Service and implement OpenAthens for single sign on authentication

Iowa State University, classified as a Carnegie Foundation Doctoral and Research University, enrolls approximately 32,000 students in a variety of academic programs including agriculture and life sciences, veterinary medicine, engineering, business, liberal arts, and design.

To support the research needs of Iowa State University students and faculty, the University Library maintains approximately 2.5 million physical volumes and 770 electronic resource collections. Recently, a security audit by the University’s IT department prompted the library to move from a proxy-based authentication method to OpenAthens, a SAML-based single sign on authentication and identity management system that offers seamless access, a personalized research experience, and greater security.

The challenges

Assessment and Planning Assistant Director Greg Davis and his team collaborated with the University’s IT department to conduct a security audit of all library applications. At the same time, the IT department had begun the process of phasing out local servers and applications and migrating to cloud-based services.

When IT learned that the library had experienced security issues that resulted in a temporary loss of guest users’ access to some publisher resources, both teams began looking for a more secure, single sign on authentication solution.

Although the library’s proxy-based solution offered a cloud-based option, Davis said, it would not provide the level of security that OpenAthens delivers.

The solutions

In March 2020, the Iowa State campus shut down due to the COVID-19 coronavirus pandemic. In May, at the height of the quarantine period, 12,000 accounts were automatically set up when users logged in to the University’s Okta system.

Davis said the implementation took a while, but it went smoothly.

By switching to OpenAthens, the library has reduced the risk of security breaches and satisfied the IT department’s request that all library users be required to log in, even when they are on campus. The library now utilizes OpenAthens managed proxy service for publishers who do not offer federated access and avoid the need for the locally hosted proxy server.

The library is now able to utilize OpenAthens as an IdP for guest authentication. ISU’s prior system required the participation of multiple departments to update a local directory (LDAP) server in order to create guest accounts. Now the library can create accounts directly in OpenAthens, allowing guests to log in and access e-resources in minutes. Besides saving time for the patron, library, and IT, this workflow allows to conform to data protection and policy requirements.

Benefits and results

Using OpenAthens’ managed proxy and IdP functionality has enabled Iowa State to reduce efforts and costs associated with managing local servers.

In addition, OpenAthens is providing library leaders with easier access to usage data. The library still relies on COUNTER data as the gold standard for measuring e-resource use, but Davis believes the OpenAthens data will help to fill in the gaps.

The library ran reports comparing May 2020 e-resource usage to May 2019, and the numbers were consistent.

Watch their case study

Watch Dr. Greg Davis discuss Iowa State’s experience with legacy IP authentication and moving to OpenAthens