Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

Jump to: how to configure IP ranges

Redirector When using redirector links, you can optionally add redirector IP bypass zones which will allow you to bypass OpenAthens authentication at locations known to you where the resources will allow access via IP authentication. This is very useful if you have to maintain separate links to resources in your library catalogue, portal or link resolver tool depending on when account holders are inside or outside of your network. Redirector bypass zones will work with any resource that has either an access URL (bypassable) or a redirector configuration (redirectable).

When a user follows a redirector link, the redirector will decide whether to pass the user straight to the service provider, or pass the user to the OpenAthens authentication point where the user would be challenged for username and password if they were not already signed in.


User follows Redirector link
Location recognised
Location not recognised

Passed directly to resource
for IP authentication

OpenAthens authentication
Stats recorded



Configuring IP ranges


Code Block

Ranges may only be specified within the last two octets. If you have a range expressed with a slash it will need to be translated into an accepted format.

In most cases it will be sufficient to specify these ranges at the domain level, but additional ranges can be added per organisation to cater for local circumstances - for example where a local organisation has additional IP ranges, especially if they are connected with local resource subscriptions.  You should ensure that local administrators are aware of the impact of mistakes though; see below.


  • If you specify a range of addresses that is too big - i.e. includes addresses that are not IP authenticated by your resources - then users may find themselves in a location where they cannot gain access.
  • If you specify a range of addresses that is too small - i.e. does not cover all the addresses that are IP authenticated by your resources - then users may find themselves asked for OpenAthens credentials when they do not expect to be.


  • .


Changes to bypass zones or resource exceptions do not go live immediately, they apply immediately and it can take up to 6 14 hours for changes to go live.

When access does not go though the OpenAthens authentication point, we cannot record statistics.