OpenAthens is a single-sign-on solution provided by Eduserv, popular with libraries around the world. As a SAML-based authentication, it facilitates access without the use of a proxy service and provides its users with a seamless access experience.
Lean Library supports OpenAthens in two ways:
- In combination with an existing proxy server
- As the sole authentication method within Library Access
How does it work in combination with an existing proxy server?
Client wishing to use OpenAthens in combination with an existing proxy server will follow the setup steps outlined for Library Access here. Additionally, the library administrator will add OpenAthens details to the Dashboard, as outlined here.
For certain domains, the library administrator will switch the Access Type from Proxy to OpenAthens and when a user navigates to such a domain, we will use the OpenAthens Redirector for your organization instead of the proxy prefix to ensure access.
How does it work as the sole authentication method
If you have enabled the OpenAthens automatic login option, the user flow is as follows:
- As soon as the user selects your institution, they will be asked to login to OpenAthens before they can utilize the extension. Until this is completed, the Lean Library icon will be red
- The user will be redirected to your OpenAthens login page (this could be the OpenAthens Managed Directory, or it could be your Local Authentication)
- Once the user has successfully logged in, we will be given a special Token by OpenAthens, which the Library Access Extension exchanges for a list of E-Resource Domains appropriate for this user
- Once completed, the user will utilize Library Access Extension as any other user
A quick note on privacy when using OpenAthens automatic login:
The token we receive as a result of the login helps us safely and privately obtain the E-Resource Domains for a given user. We do not get any other data such as name or email address as a result of the login.
While the exchange of the token for E-Resource Domains is facilitated through an application on our server, we do not store the information obtained on the server itself, but pass it to the browser extension for storage.
Kindly note that the OpenAthens integration, does not change how sessions or logins are handled by OpenAthens.