Skip to main content
Skip table of contents

Information for the IT team

OpenAthens can usually be run independently of the IT team should you choose to do so. There are some things that the IT team need to be aware of though so that they do not cause problems by accident when they change settings or implement new policies. This page will provide a brief overview of OpenAthens aimed at the IT team, and the technical information they may need

OpenAthens overview

It's a single sign-on system that uses SAML to work with the kind of federated access the library use to provide access to online journals and databases to the end-users. Identities can be managed within a hosted platform, but there are options to devolve that to your systems if they are compatible. As it uses SAML, it can also be used to access enterprise applications.


OpenAthens administration and end-user access all occurs over https. If you are restricting secure traffic, you will need to allow certain hostnames. See: What are the hostnames I need to allow my users to connect to from within my network


In most cases, making sure * isn’t blocked will be sufficient, especially for end users.

If your end-users tend to have personal emails rather than your own it is worth checking the email templates for text that may trigger filtering. This can be things such as words in all caps, attachment types, and even words like 'free', or currency symbols. 

If it is your own mail server, then it may also need to know that the emails come from severs at or * with return paths of or The return paths can look a bit strange due to measures put in place for bounce detection by MailJet (to find out more, see:

Mandatory data fields

The mandatory fields on OpenAthens accounts are:

  • first name

  • last name

  • email address

The mandatory fields on Local accounts are: 

  • a unique identifier passed by your systems

  • a display name (can be the same as the ID)

The data OpenAthens passes to service providers about your users

  • Default: a pseudonymous unique identifier, a role (e.g. member), and identifiers for your organisation

  • All other user attributes are restricted by default but have options to release them should you want to


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.