What is it?

OpenAthens is a single-sign-on solution provided by Eduserv, popular with libraries around the world. As a SAML based authentication it facilitates access without the use of a proxy service and provides its users a seamless access experience.

Lean Library supports OpenAthens in two ways:

  1. In combination with an existing proxy server
  2. As the sole authentication method witin Library Access

How does it work in combination with an existing proxy server

Client wishing to use OpenAthens in combination with an existing Proxy Server, will follow the setup steps outlined for Library Access here. Additionally the library administrator will add OpenAthens details to the Dashboard, as outlined here.

For certain domains, the library administrator will switch the Access Type from Proxy to OpenAthens and when a user navigates to such a domain, we will use the OpenAthens Redirector for your organization instead of the proxy prefix to ensure access.

How does it work as the sole authentication method

If you have enabled the OpenAthens automatic login option, the user flow is as follows:

  1. As soon as the user selects your institution, they will be asked to login to OpenAthens, before they can utilize the extension. Until this was completed the Lean Library icon will be red
  2. The user will be redirected to your OpenAthens login page (this could be the OpenAthens Managed Directory, or it could be your Local Authentication)
  3. Once the user has successfully logged in, we will be given a special Token by OpenAthens, which the Library Access Extension exchanges for a list of E-Resource Domains appropriate for this user
  4. Once completed, the user will utilize Library Access Extension as any other user

A quick note on privacy when using OpenAthens automatic login:

The token we receive as a result of the login helps us safely and privately obtain the E-Resource Domains for a given user. We do not get any other data such as name or E-Mail address as a result of the login.

While the exchange of the token for E-Resource Domains is facilitated through an application on our server, we do not store the information obtained on the server itself, but pass it to the browser extension for storage.

Kindly note that the OpenAthens integration, does not change how sessions or logins are handled by OpenAthens.

Did this answer your question?