What is federated single sign-on?
Federated access or single sign-on (SSO) describes mutually agreed, trusted policies for sharing user information, resources and services. Using one username and password to access resources across different platforms, applications and locations is called single sign-on. SSO significantly reduces the administrative burden on subscribing organisations and removes barriers to access.
Larger UK and US-based publishers were some of the first in the world to adopt federated access. Federated SSO is increasingly adopted by small and medium-sized publishers, especially since the start of the global pandemic.
Most federated SSO solutions are based on the SAML standard. Managed solutions aren’t the only show in town, but they do stack up well when other options are considered.
Open source solutions (e.g. Shibboleth) are one option. They look attractive because they are free at the point of use, but often specific development expertise is required. Publishers need to factor in developer costs for implementing and maintaining the software. This requires not just SAML expertise but PKI (digital certificate) experience, a technology with its own complexity challenges.
The jobs market is not saturated with SAML experts. Every year, there are cases where a publisher is left with a black box because the developer who built it left without documenting it.
Benefits of managed federated SSO
Using a managed service can save publishers time and effort on learning a new technology.
Open source solutions rely on community development, documentation and advice. Whereas a managed service comes with technical support built into your SLA.
Compared with open source, a managed service is also more consistently applied and can enhance user experience. Features such as a clean login user journey and WAYFless / deep linking are often overlooked by inhouse teams, even though most library professionals consider them a ‘must have’.
Poor user journeys result in barriers to access. Frustrated users inevitably seek out dubious sites such as SciHub which steals publisher content and user credentials. Publishers that focus on good user experience and UX design can prevent this scenario. A trusted software vendor or industry consultant can work alongside your IT teams to create a simpler user journey.
Technical support services are important and usually included in managed options. Publishers regularly trip up when upgrading or migrating to a new platform by unnecessarily breaking personalisation for existing users because the publisher’s team doesn’t fully understand SAML.
Migrations should be clearly communicated to library customers. Sometimes librarians are not informed of changes in a publisher product which requires local updates, eg. in an LMS, VLE, ILS or other library-managed platforms.
Recent years have seen initiatives started to find universal solutions to access issues, notably the RA21 initiative and SeamlessAccess.
Publishers should consider conducting a health check or audit of their user journey to identify improvements. Freely available guidance can be consulted: NISO-approved RA21 recommended practices and SeamlessAccess. A check against the latest accessibility regulations is also advised.
The challenges faced by publishers cannot be underestimated. An ongoing problem is combining all the service features together and ensuring good quality content alongside the commercial imperative and the need for technical expertise. All this is occurring in a rapidly advancing technological world where access needs to be underwritten with strong privacy and security protocols.
The pandemic has brought the need for reliable remote access into sharp focus. The American Chemical Society faced this last year when US universities switched to online learning. At the same time, it moved to a federated access model for 300 China-based institutions which reported extreme spikes in access. It has since enabled worldwide federated access to all its publications.
IOP Publishing faced the issue of a legacy system. IOP Publishing’s software engineering manager John Leopold explains: “We were running an old version of Shibboleth software. The wrapper code was written 13–15 years ago and the people who’d written it had left. The server it was running on used an old, end-of-life OS that we couldn’t patch. It was a horrible system – and we needed to do something about it.”
The shift to a new system was made more complex by existing agreements with eight federations. The organisation chose to migrate to a SaaS (software as a service) system and then integrated it with their IOPscience website using a serverless architecture hosted on the Amazon Web Services cloud.
Despite the need to co-ordinate this technically advanced migration with eight separate identity federations, it was completed at the first attempt, in less than two hours.
User experience a priority
Users should be at the heart of decisions when it comes to access. The user interface and user experience of different publishers varies greatly. This is where UX designers and SAML specialists can work alongside publishers to ensure a consistent experience. In a world where technology is changing a pace, publishers need a robust and reliable access solution to ensure they are maximising their audience potential.
We make it easy for people to access knowledge through single single-on. Our mission is to enable people to achieve great things by connecting them to knowledge and information, whenever and wherever they need it.
We strive to be the world’s most user-friendly single sign-on experience. We help more than 2,600 organisations world-wide to provide simple and secure access to online resources for their end users.
To find out more about OpenAthens: