When the AP does not know is not told by the resource where the user is from they can search for their organisation. This search is towards the right or the bottom depending on your browser's resolution and orientation.
This is only necessary when the AP doesn't already know where the user is from AND the site is using local authentication. When the organisation has been pre-selected at a resource, this part of the page does not appear as the AP has already been told where the user is from. It also does not appear if the user successfully authenticated at a delegated login such as ADFS the last time they were seen.
When the AP knows where a user is from, the organisation logo can be displayed above the login area. If If the organisation is selected by discovery at a resource though, or the user is following a wayfless URL, the search section is not necessary so is omitted:
This version of the page has some additional text options under the domain preferences and if you are using a delegated login such as SAML or ADFS, the behaviour is a little different.
When the AP isn't told this useful bit of information by the resource but remembers where a user was successfully authenticated last time, the organisation logo is displayed above the login area (or if you're using a delegated login as above, the user is sent there). If you're using something like LDAP or Sirsi, you'll see this and the user can enter their local credentials on the left:
(If you have not uploaded a logo, the organisation name as set on the domain administrator's account is used. If this name is long, you may find that not all of it is visible.
If the organisation is selected by discovery at a resource, or a wayfless URL, the search section is not necessary so is omitted:
This version of the page has some additional text options under the domain preferences.
There is a link below the sign in button that can help users. Here they can find the forgotten password function and organisation contact details.
- The user selected a home organisation at a service provider
Because the AP has a unique address for each organisation, selecting your organisation at the service provider (or by a wayfless URL) will get the user to the AP in a known-organisation state so can go immediately to the correct authentication method. This will ignore any organisation the user has previously selected.
- The home organisation has been previously discovered and remembered by the AP.
Both the first scenario OR a user using the search box can initiate this, but the location is not stored until the user successfully authenticates. The location is stored in a cookie, so will be affected by any circumstance that clears cookies such as being on a kiosk machine. The setting is also cleared if the user does not pass authentication (so that users who select the wrong organisation are not stuck forever)
- The user is accessing a resource via the Redirector
The redirector uses links that are specific to your OpenAthens domain so users will should always be recognised by the AP
Can I connect local authentication systems to sub-organisations?
This is not workable usually desirable from a user experience standpoint because the pre-discovery scenarios described above can only direct users to the domain organisation, not a sub-organisation (not even one with a unique scope). Sub organisations that are found on the AP will show the local connectors that are set up Instead you should set up the connection at the domain organisation though and users can be mapped level and use the map to sub-organisation function - sub-organisations found at the AP will use this connection.
Which organisations can be found in the search box?