This section assumes a basic level of familiarity with the OpenAthens LA interface. If you run into difficulty the OpenAthens LA documentation or our service desk will be able to help.
Add the login.openathens.net metadata
- In the OpenAthens LA admin console go to configurations, select your user facing configuration and then the connection settings tab.
- Click the green plus button in the SAML metadata section and select the 'From URL' option
- Enter 'https://login.openathens.net/saml/2/metadata-sp' as the metadata URL
Which of your authenticated users should be able to access things via OpenAthens MD? Often it is all of them, so we would use the 'Everyone' category that should already exist. For the purposes of this example though we will say we want just the staff and students to have access.
If we do not already have those categories set up we will need to create them by clicking the green plus button at the top of the page
The example above assumes that all students are in a security or distribution group that contains the word 'student' however there are likely to be several ways you can identify users for the desired categories. Repeat for any categories you need but do not already have.
If you already have any of these attributes set up, you should reuse them and release them to OpenAthens MD in the next step instead of creating new ones. This is probably the case with something like username so you would just need to identify or create any other attributes you want to pass to OpenAthens.
Datastore attributes, where a value is taken from your datastore, are most often best in this situation and this example will assume you want to pass an email address for mapping onto a local record, and a membership field that will be used for assigning permission sets based on rules.
- Add a new datastore attribute by clicking the green plus button. All your datastores will appear at the top of the list.
- In the right hand panel, fill in the fields:
- Target name: what you want to call the attribute. You can call it whatever you wish.
- Friendly name: this is used to group attributes together, if you want to.
- For system use: leave this unchecked
- Assign to user categories: Using the green plus button add in the relevant categories of user. In our example it's just the staff and student categories
- Source name: In our case, email address is stored in our datastore as 'mail'. The drop down list will show all the possibilities.
- Value filter and target: these are used for modifying the data. Leave them blank.
- Click Add
- Repeat for any other attributes you need
- Create a new policy via the add button. To name the policy, double click the name.
- Now select the policy again and click edit
- Set it to apply 'when' 'serviceProvider' matches 'https://login.openathens.net/saml/2/metadata-sp'
- Add attributes using the green plus until you have listed all the attributes you will be using. In our example we are releasing Username, Membership & Email.
- Apply & Publish
- Return to the SAML connector documentation