Skip to main content
Skip table of contents


Path to function: Management > Connections

This is where you manage your connections to things like federations, local authentication connections and self registration schemes. Selecting any from the list on the left will display that connection's details and allow you to save changes to any editable fields


Federations are groups of organisations and service providers that have agreed to a common way of managing access. For most of you if anything appears at all in the federation section of the page it will be the worldwide OpenAthens federation, but some of you may also be in a local federation such as the UK Access Management federation and may see more. These will have been set up for you when you registered.

The 'entityID' and 'scope' you see displayed here will be the details you need to pass to the service providers within that federation when you are arranging remote access to their service using OpenAthens.

Whilst you can update your display name for any federation here, this will only be picked up automatically by the OpenAthens federation. With any other federation you will need to tell them about the change.

Entity categories

If any entity categories appear, they are used to define standard attribute sets in some federations and are set by our service desk. For those interested they will relate to the REFEDS definitions at

Local Authentication

Existing connections

The local authentication section will list your connections. Usually you will only have one, but there could be more. The list will display the name of the connection, the type, and whether it is live, visible or in some cases default. Clicking on the name will display the details and allow you to maintain them.

There are two broad types of local connection.

Those where credentials are entered at our authentication point, such as LDAP or Sirsi

Those where the user is redirected to your own authentication point, such as SAML, ADFS, OpenAthens LA, Shibboleth or  the API

Local sources

The pages below cover how to set up each type of connector. We have a paid consultancy option available if you expect to have difficulties with time or any other aspects. 



Full name: Microsoft ActiveDirectory Federation Services
Type: Delegated (uses your login)
Description: Part of Microsoft’s ActiveDrectory, ADFS can create a 1:1 SAML connection with a ‘provider’ (in this case OpenAthens) and send ‘claims’ (attributes) about the user.


Full name: Aperio Client Access Server
Type: Delegated (uses your login)
Description: For version 5 and above. A version of the SAML connector optimised for Aperio CAS.


Full name: Local Directory Access Protocol
Type: Brokered (our login queries your directory)
Description: Used by ActiveDirectory and other LDAP servers since the 90s


Full name: Open ID Connect
Type: Delegated (uses your login)
Description: Uses the popular OIDC protocol for a simpler connection to things like Google Workspace


Full name: Security Assertion Markup Language
Type: Delegated (uses your login)
Description: A generic SAML connector. Used for things such as Microsoft Azure, Google Workspace and any other standards compliant SAML 2 identity providers.


Full name: SirsiDynix
Type: Brokered (our login queries your directory)
Description: Requires the SirsiDynix Symphony API and connects to your instance.


Full name: Application Programming Interface
Type: Delegated (uses your login)
Description: When there isn’t a dedicated connector for your system, you can use this to create your own.

Evergreen ILS

Full name: Evergreen ILS
Type: Delegated (uses your login)
Description: Uses the API connector in conjunction with an OpenAthens module in Evergreen

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.