The document provides a comprehensive guide on implementing OpenAthens single sign-on (SSO) authentication, including an overview of SAML-compliant SSO, setup, implementation, and ongoing maintenance. Key features include secure user information transmission, a streamlined login experience, and compatibility with other authentication tools. It also outlines the EBSCO process for setup, user account management, and monitoring to facilitate access to resources.

1. Implementing
OpenAthens
Single Sign-On
Authentication
Myka Kennedy Stephens
Seminary Librarian
Lancaster Theological Seminary
Lancaster, Pennsylvania

2. OVERVIEW
▪ Introduction to OpenAthens
▪ Set-up and Implementation
▪ Ongoing Maintenance and Support
2

3. Introduction to

4. SAML-Compliant SSO
▪ SSO = Single Sign-On
▪ SAML = Security Assertion Markup Language
▪ Federation = group of publishers and
subscribers who agree on common rules for
access
▪ Shibboleth = identity federation, also SAML-
compliant, compatible with OpenAthens
4

5. IP Authentication
5
User
Organizational
Network
Content Provider
Local IP Network IP
IP Recognition and Resource Release

6. Proxy Authentication
6
User Proxy Server Content Provider
Proxy Server IP
IP Recognition and Resource Release
Username/Password

7. SAML Authentication
7
User
Identity
Provider
Content
Provider
Identity
Authentication

8. Advantages of
▪ More secure transmission of user information
▪ Log in once per session
▪ Track usage of individuals
▪ Compatible with other authentication tools:
Oauth2, LDAP, REST API
▪ Connect almost any subscribed content
8

9. Setup and
Implementation

10. What You Need To Know
▪ IP address(es) for your organization
▪ List of all resources (EBSCO and non-
EBSCO)
▪ How do you want users to log in?
▪ How many user groups are needed?
▪ How will users be created in OpenAthens?
▪ Clear vision of the user journey
10

11. The EBSCO Process
Getting Started
▪ Assigned to a
Coordinator
▪ OpenAthens Set-
up Questionnaire
▪ Supply information
for all content
providers
Link Content
▪ EBSCO & Eduserv
configure
resources
▪ Follow-up required
for some content
providers and
vendors
Establish Paths
▪ Access to the
OpenAthens
Administrator
Dashboard
▪ Create user groups
and permission
sets
11

12. The EBSCO Process (cont.)
User Accounts
▪ Bulk upload user
accounts
▪ Setup a connector
(Oauth2, LDAP,
REST API) with an
existing user
database, mapping
attributes to
OpenAthens fields
“Athenizing” Links
▪ Replace URLs to
content with a new
“Athenized” link
▪ EBSCO can
provide links, or
use tool in
Administrator
Dashboard
Go-Live & Testing
▪ May beta test first
with select users
and content
▪ Go-live activates
access to EBSCO
from OpenAthens
▪ 2-week testing
phase
▪ User Education!
12

13. Ongoing
Maintenance and
Support

14. 14
OpenAthens User Management

15. 15
Monitor Accounts Created with Connector

16. 16
Add, Remove, and Allocate Resources

17. 17
Generate Access Reports

18. 18
View Audit Reports and Logs

19. Thanks!
19
Myka Kennedy Stephens
Seminary Librarian & Assistant Professor
Lancaster Theological Seminary
Lancaster, Pennsylvania
Email: mkstephens@lancasterseminary.edu
Facebook: @mykakennedystephens
Blog: www.mission-information.org
Presentation template adapted from SlidesCarnival