Admins, Remote Access: Remote access options
", patrons can access your ebrary site without providing credentials if we've pre-validated your on-campus IP addresses (IP-authentication)."Off-campus
", patrons can access your ebrary site if you provide a remote access protocol requiring them to log in with a unique username/password or barcode.REMOTE ACCESS OPTIONS
1. Proxy server
- If your institution/company uses a proxy server to provide access to online shared resources, we can work with you to easily configure it for ebrary. This is a desirable solution if your patrons are already familiar with their proxy server login credentials. Typical proxy servers are EZproxy, WAM, and Squid.
- For EZproxy servers, you can choose a Single Sign On (SSO) option that sends users through the proxy server to sign in to their personal ebrary account as well. This method provides faster remote access than basic proxy access, and patrons typically appreciate needing only one set of login credentials. (EZproxy v4.0+ is required, v5.0+ is preferred.)
- These authentication methods work particularly well if your patrons are already familiar with their login credentials.
- To sign in to a personal ebrary account, users will be sent to the institution's Athens or Shibboleth login page and must sign in there.
- Shibboleth authentication is offered through the following federations:
- UK Federation - SP WAYFless access (UK)
- German Federation - SP WAYFless access (Germany)
- EduGate Federation (Ireland)
- RedIRIS Identity Service (SIR, Spain)
- eduID.cz Federation (Czech Republic)
- GakuNin (Japan)
- Check with firstname.lastname@example.org for Shibboleth authentication availability in other regions.
- Shibboleth authentication requires the following 2 attributes to be passed:
- eduPersonTargetedID -OR-eduPersonPrincipalName -OR-eduPersonPersistentID
, Virtual Private Network:
- ebrary works well with VPNs as long as they are not URL-rewriting.
4. Referring URL
- If your institution or company website already offers a secure login for your patrons, we might be able to pre-validate users accessing ebrary from behind the login page.
- You would put a link to ebrary on one or more of your webpages that can only be accessed after having signed in through your website's secure login. You would then give us the URL of that webpage, and we would pre-validate all users coming from that URL. Your off-campus patrons would need to access ebrary using the link on that webpage.
- It often works well to provide links to ebrary from behind the secure login of Course Management Systems such as BlackBoard or Moodle. (Note, Canvas is not an option at this point because of its https restrictions). We would pre-authorize any users coming from http pages behind the login.
- Important criteria for the webpage/URL to be used as a referring URL:
- It must be an http URL (not an https URL)
- Exceptions are links to these pages in ebrary which do support https:
- It must only be accessible once a user has signed in. (That is, if you paste the URL into a browser, it won't take you there; it will either give an error or take you to the login screen)
- There needs to be a direct link to the ebrary site on the page that's setup as the referring URL
- An imbedded URL will not work
- The link to ebrary needs to come through from the same session and the same window
- Typically we use a "Referring URL" approach with BlackBoard (see above).
- There is also a single-sign-on option with BlackBoard using ebrary BlackBoard building blocks. It requires additional setup on both your side and ours. This is not yet available for BlackBoard version 9.x and newer. If you are interested in this approach, please contact email@example.com for more information.
6. ebrary-hosted Single Sign On
, often referred to as RPA
REMOTE ACCESS OPTIONS THAT DON'T WORK:
- ebrary can host remote access for your ebrary site if you provide us with a file containing either:
- A unique username and password for each patron
- Or, a unique barcode for each patron
- This method requires patrons to use that same username/password or barcode to sign in to their personal ebrary account.
- The library admin sends firstname.lastname@example.org the list of username/passwords or barcodes to authorize. The admin can request changes, additions, and deletions over time.
- Users cannot manually change their own passwords; changes can only be made by the site's admin, the admin submits changes to email@example.com
- This is consistent with industry-standard Single Sign On (SSO) implementations such as Shibboleth, Athens, and EZproxy SSO
- Note RPA does not work smoothly with IE 10See rpa-ie10
- Apache proxy servers DON'T work well with ebrary.
- VPNs that re-write the URL DON'T work with ebrary.