CloudPublish

CloudPublish Support:

User authentication options


CloudPublish does not itself provide any user authentication (or indeed any user database). Authenticaiton is assumed to be carried out in your own website. The following are some user authentication mechanisms in common use. We are able to offer technical advice on any of these; please contact your account manager for assistance.

Username and password

A simple system whereby a username and password are assigned to each user. The disadvantage for institution users is the administration of notifying many users of their account details, who could end up with many different sets of credentials for online resources, and managing lost / stolen details.

Single Sign-On

Rather than many users having different usernames for different services, it is preferable in an institution to give users a "single sign on" which will give access to any resource to which the institution has a subscription. The following systems offer different ways of achieving this.

OpenAthens

A popular "single sign-on" system sold by Eduserv, this is a very common solution for academic institutions. Each user in the institution has a single OpenAthens username and password, which is administered centrally (within the institution). Resources are also controlled centrally, access to which can be "cascaded" to groups of users for fixed periods of time. For service providers, it is normal to include a "Login with OpenAthens" button that links to OpenAthens with extra configuration to ensure that the user is returned to your site, which will pick up their logged-in state. This, therefore, requires some integration at your website with OpenAthens software, which we at CloudPublish are happy to advise on (please contact your account manager for assistance).

More information: About OpenAthens by Eduserv

Shibboleth

This open-source federated identity management software uses similar technology to OpenAthens, and indeed OpenAthens can act as Shibboleth "Identity Provider" (or IdP) software. The principle is the same as for OpenAthens, in that users at an institution ("Identity Provider") have a single set of credentials providing access to centrally-controlled resources, which are supplied (in the Shibboleth terminology) by "Service Providers".

More information: Shibboleth

IP

A very simple mechanism whereby any user originating from a specified IP (or IP range) is automatically allowed to access a resource. While simple and efficient, the main drawback is the difficulty of identifying users individually. Therefore, this solution is often combined with a username-and-password system where any form of personalisation or user-level tracking is required.

EZProxy

A variation on IP access and single-sign-on, EZProxy is software (made by OCLC) that will proxy a resource but also provide single sign-on capability. Therefore, the IP address of the EZProxy server is known to the service provider, and the users must connect via the EZProxy server (i.e., use it as a proxy). They are required to login to the EZProxy server (using a single set of credentials), which can be configured to allow access to resources to different groups of users.

More information: EZProxy by OCLC