Skip to main content
Skip table of contents

Connections

Path to function: Management > Connections

This is where you manage your connections to things like federations, local authentication connections and self registration schemes. Selecting any from the list on the left will display that connection's details and allow you to save changes to any editable fields

Federations

Federations are groups of organisations and service providers that have agreed to a common way of managing access. For most of you if anything appears at all in the federation section of the page it will be the worldwide OpenAthens federation, but some of you may also be in a local federation such as the UK Access Management federation and may see more. These will have been set up for you when you registered.

The 'entityID' and 'scope' you see displayed here will be the details you need to pass to the service providers within that federation when you are arranging remote access to their service using OpenAthens.

Whilst you can update your display name for any federation here, this will only be picked up automatically by the OpenAthens federation. With any other federation you will need to tell them about the change.

Entity categories

If any entity categories appear, they are used to define standard attribute sets in some federations and are set by our service desk. For those interested they will relate to the REFEDS definitions at https://wiki.refeds.org/display/ENT/Entity-Categories+Home.

Local Authentication

Local Authentication connections are what you configure when you want to hand off the username and password part of OpenAthens to an existing authentication provider such as Azure, LDAP or Google. You will not need to pass these details to service providers, but you will need to coordinate them with whoever looks after your authentication source.

Local authentication connections must be created at the domain level and depending on your subscription may involve additional cost.

Existing connections

The local authentication section will list your connections. Usually you will only have one, but there could be more. The list will display the name of the connection, the type, and whether it is live, visible or in some cases default. Clicking on the name will display the details and allow you to maintain them.

There are two broad types of local connection.

Those where credentials are entered at our authentication point, such as LDAP or Sirsi

Those where the user is redirected to your own authentication point, such as SAML, ADFS, OpenAthens LA, Shibboleth or  the API

Local sources

The pages below cover how to set up each type of connector. We have a paid consultancy option available if you expect to have difficulties with time or any other aspects. 

ADFS connector
API connector
CAS connector
LDAP connector
OIDC connector
SAML connector
SirsiDynix connector
Attribute mapping
Permission set rules
Local authentication certificates
Suspend rules
Organisation mapping
Attribute transformation
Sorting connections
Evergreen ILS connector

Descriptions...

ADFS

Full name: Microsoft ActiveDirectory Federation Services
Type: Delegated (uses your login)
Description: Part of Microsoft’s ActiveDrectory, ADFS can create a 1:1 SAML connection with a ‘provider’ (in this case OpenAthens) and send ‘claims’ (attributes) about the user.

CAS

Full name: Aperio Client Access Server
Type: Delegated (uses your login)
Description: For version 5 and above. A version of the SAML connector optimised for Aperio CAS. https://www.apereo.org/projects/cas

LDAP

Full name: Local Directory Access Protocol
Type: Brokered (our login queries your directory)
Description: Used by ActiveDirectory and other LDAP servers since the 90s

OIDC

Full name: Open ID Connect
Type: Delegated (uses your login)
Description: Uses the popular OIDC protocol for a simpler connection to things like Google Workspace

SAML

Full name: Security Assertion Markup Language
Type: Delegated (uses your login)
Description: A generic SAML connector. Used for things such as Microsoft Azure, Google Workspace and any other standards compliant SAML 2 identity providers.

SirsiDynix

Full name: SirsiDynix
Type: Brokered (our login queries your directory)
Description: Requires the SirsiDynix Symphony API and connects to your instance.

API

Full name: Application Programming Interface
Type: Delegated (uses your login)
Description: When there isn’t a dedicated connector for your system, you can use this to create your own.

Evergreen ILS

Full name: Evergreen ILS
Type: Delegated (uses your login)
Description: Uses the API connector in conjunction with an OpenAthens module in Evergreen



JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close