Our platform offers flexible authentication methods to fit your institution’s IT environment. Below you’ll find each option, its advantages, and what we’ll need from you to get started.
IP Range Authentication (with Member Code to enable off-site access)
IP Range Authentication (with Member Code to enable off-site access)
What it is
This method allows users to register for nkoda when connected to your institution’s registered IP addresses. After registration, they can access nkoda from anywhere.
How it works
Users must register through a unique link that we will provide and be on campus/site (i.e. in the range of the permitted IPs). Once signed up, a Member Code is automatically applied to their account. They will not have to continue using unique link after registration, and can then log in using the email and password sign-in option from any location.
An optional EZProxy setup allows users to register even when off-campus, as long as they're routed through the institutional proxy.
What we need from you
Registered IP ranges
If using EZProxy: to implement the stanza information provided below and resulting EZProxy domain generate for nkoda (to be whitelisted)
EZProxy Stanza for IP & Proxy Access
If you are using EZProxy, please implement the stanza below. Once done, please send us the final EZProxy-generated access URL (e.g., app.nkoda.com.[institutional-custom-domain]) for us to whitelist.
HTTPMethod OPTIONS HTTPMethod DELETE HTTPMethod PUT AnonymousURL +https://app.nkoda.com/* AnonymousURL +https://identity.nkoda.com/* AnonymousURL +https://cms.nkoda.com/* AnonymousURL +https://api.nkoda.com/* AnonymousURL -OPTIONS +https://api.nkoda.com/* T Nkoda U <https://app.nkoda.com> HJ <https://api.nkoda.com> HJ <https://identity.nkoda.com> HJ <https://cms.nkoda.com> HJ <http://app.nkoda.com> HJ <http://identity.nkoda.com> DJ nkoda.com AnonymousURL -*
Member Code Authentication (Email Registration)
Member Code Authentication (Email Registration)
What it is
This is a flexible method that doesn’t require an IP range. Users register with their institutional email address using a custom link, and receive access via a unique Member Code.
How it works
Institutions can:
Distribute individual Member Codes
Send bulk invitations via email
Use a single group access link
Once registered, users can access nkoda from any device using email and password.
What we need from you
Allowed email domains (i.e. what follows the @ symbol in your institution’s email addresses, e.g., musicschool.ac.uk) </aside>
G Suite / Google Workspace SSO
G Suite / Google Workspace SSO
What it is
This option allows users to log in to nkoda using their institutional Google account—ideal for organisations already using Google Workspace for Education.
How it works
Users sign in through Single Sign-On (SSO) using their verified institutional email domain. Access is granted automatically to anyone using a recognised domain.
What we need from you
List of authorised Google Workspace email domains (e.g., musicschool.ac.uk)
OpenAthens / Shibboleth
OpenAthens / Shibboleth
What it is
OpenAthens and Shibboleth are widely used federated identity providers. They allow users to access nkoda using their institution’s existing login system, offering secure, centralised authentication.
How it works
Users log in through their institution’s identity provider. nkoda checks their entitlement via the institution’s Entity ID and scope. No separate nkoda credentials are needed.
What we need from you
OpenAthens or Shibboleth Entity ID
OpenAthens Scope
Confirmation that nkoda is part of your federated access system
Need Help?
Need Help?
If you’re unsure which method is best for your institution, we’re happy to advise. Reach out to your nkoda contact and we’ll guide you through the setup. Just get in touch with us via institutions@nkoda.com