OpenAthens Questionnaire for Connector (v2)

| Resume a previously saved form
Resume Later

In order to be able to resume this form later, please enter your email and choose a password.

Please select your language.
OpenAthens is a single sign-on (SSO) service that offers library end users a seamless experience and the benefit of secure SAML access. Library administrators can use OpenAthens to manage group authorizations and access, pull granular usage data, and consolidate both SAML and proxy IP authentication into a single, fully cloud-hosted solution.

This questionnaire outlines the information needed from customers to configure a connection between OpenAthens and the customer's IdP (Identity Provider) or Local User Directory to pass account information. 
IT may need to coordinate with the Library for some reporting or attribute release/mapping questions. 

More information can be found here as well. 
1. Customer Info
2. Information regarding your institution’s Identity Provider or Local User Directory
OpenAthens has the ability to connect to existing user accounts. This means that a user’s initial log-in to the Single Sign On (SSO) service will be with their institutional account – in most cases, the same email or username they already use to log into their institutional email and so on. 

Connecting OpenAthens to your institution’s Identity Provider(s) (IdP) or Local User Directory(ies) is a one-time process. A secure connection is established and your IT or IdP team release any data attributes needed to OpenAthens. 

This questionnaire is designed to gather the information necessary to establish this connection, therefore responses require knowledge pertaining to your Identity Access Management system. 

E.g. UK Fed, InCommon, or any other country wide federation. Refer to this page for a full list of options.
If unsure, indicate 'none', or 'unknown'.

Please note: the information needed for each connector should be provided individually in this questionnaire.
3. Connector Identificaton



Note: if one of these is selected, EBSCO implementation team will reach out to gather further information to complete the set up of the connector.

Once EBSCO's Implementation team receives this information, they will provide more detailed instructions for connecting to this API directory.
4. MetaData

Upload file :

Once the IdP's SAML metadata is ingested into OpenAthens, EBSCO Implementation team will provide an OpenAthens SAML metadata file to be configured in the IdP settings as a relying party trust.
5. Unique Identifier

The only data attribute that is required by OpenAthens is any data that uniquely identifies each account, such as an ID number, targetedID, or emailAddress.
Since privacy is a concern, it is important to know that OpenAthens does not require personally identifiable data.
For additional information on these parts of an OpenAthens setup and controls over data release, please see this FAQ.

FOLIO requires a fixed, transferable attribute to connect via Single-Sign-On both to OpenAthens and to EDS for Patron Empowerment. By default, OpenAthens releases to vendors only an anonymous unique identifier (Targeted User ID) which cannot be used as a match point when establishing a connection with other platforms. If you are a FOLIO customer or plan to be one, this identifier should not be used and another attribute should be released and mapped to FOLIO as unique identifier instead, whose values should match those present in the External System ID field within FOLIO.
6. Attributes to be released

Please note, this list may change based on project requirements - the library may also request for other attributes to be release based on permission or reporting requirements, or to allow personalization into resources when available, that often requires releasing First Name, Last Name, and Email address.

Examples: displayName, cn, name, etc.
Examples: givenName, forenames, firstname, etc.
Examples: surName, surname, LastName, etc.
Examples: email, mail, emailAddress, etc.

6. Evergreen ILS
6. SirsiDynix Connector
Note: 
To set-up a SirsiDynix connector, access to at least version 4 of the SirsiDynix Symphony Web Service (API) is required. 
Most of the information can be found in your web service url, e.g. https://sdcatalog.yourdomain:443/symws2015.10/
The components in this example are listed against the field names below for guidance. 

Contact your SirsiDynix account manager OR log a call with their support desk if you're unsure how to answer these questions. 
E.g. sdcatalog.yourdomain.com
E.g. 443
E.g. /symws2015.10
E.g. DS_CLIENT


Some required user attributes can only be retrieved with a Symphony administrator account with privileged/elevated status. Please provide an administrator login below.
A temporary account from the Local User Directory is to be used by EBSCO's Implementation team for testing during configuration. This is known to make the overall setup process more efficient. EBSCO will notify you when we no longer need the credentials and the account can be disabled/deleted. 

If provided a test account, EBSCO will run a SAML trace to confirm connector is functional and passing appropriate attributes. 
If no test account is provided, EBSCO will require additional time or effort from you to confirm that the connection is working and releasing all necessary attributes. 

Note, the test user must emulate an actual patron. It must have all attributes and permissions assigned to it to verify the connection is correct. 
6.1. LDAP

The root certificate for the LDAP server is required to establish a trusted connection. If you need assistance locating your root certificate, this document may be helpful.
6.1. OIDC Connection

Additional Connectors


3bis. Connector(s) Identification



Note: if one of these is selected, EBSCO implementation team will reach out to gather further information to complete the set up of the connector.

Once EBSCO's Implementation team receives this information, they will provide more concise instructions for connecting to this API directory.
4bis. MetaData

Upload file

Once the IdP's SAML metadata is ingested into OpenAthens, EBSCO Implementation team will provide an OpenAthens SAML metadata file to be configured in the IdP settings as a relying party trust.
5bis. Unique Identifier

The only data attribute that is required by OpenAthens is any data that uniquely identifies each account, such as an ID number, targetedID, or emailAddress. Since privacy is a concern, it is important to know that OpenAthens does not require personally identifiable data. For additional information on these parts of an OpenAthens setup and controls over data release, please see this FAQ.
6bis. Attributes to be released

Please note, this list may change based on project requirements - the library may also request for other attributes to be release based on permission or reporting requirements, or to allow personalization into resources when available, that often requires releasing First Name, Last Name, and Email address.

Examples: displayName, cn, name, etc.
Examples: givenName, forenames, firstname, etc.
Examples: surName, surname, LastName, etc.
Examples: email, mail, emailAddress, etc.


6bis. Evergreen ILS
6bis. SirsiDynix Connector
Note: 
To set-up a SirsiDynix connector, access to at least version 4 of the SirsiDynix Symphony Web Service (API) is required. 
Most of the information can be found in your web service url, e.g. https://sdcatalog.yourdomain:443/symws2015.10/
The components in this example are listed against the field names below for guidance. 

Contact your SirsiDynix account manager OR log a call with their support desk if you're unsure how to answer these questions. 

E.g. sdcatalog.yourdomain.com
E.g. 443
E.g. /symws2015.10
E.g. DS_CLIENT


Some required user attributes can only be retrieved with a Symphony administrator account with privileged/elevated status. Please provide an administrator login below.
6.1bis. LDAP

The root certificate for the LDAP server is required to establish a trusted connection. If you need assistance locating your root certificate, this document may be helpful.
6.1bis. OIDC Connection
7. Personalization
Federated access can be anonymous OR provide personalization. ‘Personalization’ is when providers automatically log users into a personal account on their platform, e.g. to bookmark citations etc. or for tailored permissions based on their role (e.g. student versus faculty)

Some providers offer personalized authentication and access to their websites. Typically, providers use an anonymous OpenAthens user identifier called targetedID (more info here) to personalize access. It is anonymous in the sense that it contains no identifiable information about the user. 

However, other providers request additional attributes to augment the personal experience. The most commonly requested attributes include: first name, last name, email address, role/position (e.g. student/staff/faculty, etc.). 

OpenAthens can’t control how providers use this data after it is received. Each provider has its own privacy policy outlining how they use/store personal data. 

By default, OpenAthens only releases anonymous data to your providers (more info here). 
Please read the complete OpenAthens privacy policy here

It is the institution who decides which attributes should be released to providers. EBSCO and OpenAthens can help strike the correct balance between ease of use and privacy. 

8. Walk-In Users

The Library may be required to help with this question.

To support Walk-In Users, please speak with the EBSCO Implementation Project Manager about the options available depending on the answers above.
9. Test Account

If multiple Local User Directories need to be connected, please provide a test account for each.
10. Additional Contacts

One email per field.
11. Additional Comments

For questions, comments, or concerns in regards to your general OpenAthens implementation, please contact your Implementation Project Manager or email SaaS Implementations.

Submission

Upon submission of this form, the EBSCO Implementation team will provide the necessary information to complete the OpenAthens Connector setup. 

They will then continue to work with the library to launch the service for your institution's subscriptions. 

Once completed, your end users will be able to log into your library's subscribed content using OpenAthens. When they start a new browser session, they will be prompted to log in using their institutional account. A single log-in through OpenAthens will represent the beginning of their single sign-on session, so additional clicks to full text options will not require an additional log-ins. 

For additional information and documentation on the OpenAthens service during this time, please reference the following:


Thank you for your submission! Your EBSCO Implementation team will be in touch soon. 

Please note, if you have translated this form, the submission output will be in English.

Save my progress and resume later | Resume a previously saved form

Contact Information