OpenAthens can usually be run independently of the IT team should you choose to do so. There are some things that the IT team need to be aware of though so that they do not cause problems by accident when they change settings or implement new policies. This page will provide a brief overview of OpenAthens aimed at the IT team, and the technical information they may need
It's a single sign-on system that uses SAML to work with the kind of federated access the library use to provide access to online journals and databases to the end-users. Identities can be managed within a hosted platform, but there are options to devolve that to your systems if they are compatible. As it uses SAML, it can also be used to access enterprise applications.
OpenAthens administration and end-user access all occurs over https. If you are restricting secure traffic, you will need to allow certain hostnames. See: What are the hostnames I need to allow my users to connect to from within my network
In most cases, making sure
*.openathens.net isn’t blocked will be sufficient, especially for end users.
If your end-users tend to have personal emails rather than your own it is worth checking the email templates for text that may trigger filtering. This can be things such as words in all caps, attachment types, and even words like 'free', or currency symbols.
If it is your own mail server, then it may also need to know that the emails come from severs at
*.mailjet.com with return paths of
@bnc3.openathens.net. The return paths can look a bit strange due to measures put in place for bounce detection by MailJet (to find out more, see: https://www.mailjet.com/blog/deliverability/return-path-customization-explained/)
Mandatory data fields
The mandatory fields on OpenAthens accounts are:
The mandatory fields on Local accounts are:
a unique identifier passed by your systems
a display name (can be the same as the ID)
The data OpenAthens passes to service providers about your users
Default: a pseudonymous unique identifier, a role (e.g. member), and identifiers for your organisation
All other user attributes are restricted by default but have options to release them should you want to