Authentication in Alma
Authentication for a cloud-based SaaS application can be accomplished using one of two ways: entering a user ID and password in the user’s browser or using identity federation. The former method is pretty well known (and increasingly reviled). The latter method is well established and has superior security. In line with Alma's support for industry standard security measures, and in order to fulfill the requirements of Alma's various security certifications, Alma integrates with several federated authentication options. For more information about federated authentication see Background and introduction to federated authentication
Alma supports storing user information details in the Alma cloud for operational purposes. The user fields which can be stored in Alma include:
|Identifiers||Providing fulfillment services
|Phone numbers||SMS messages, staff contact
The recommended authentication methodology is federated authentication using the following options:
In cases where the institution has an Institutional/Enterprise Identity Provider, users can login using LDAP
or single sign on protocols (SAML
). An institution that does not have an Identity Provider can choose to subscribe to certified Cloud Identity Providers
. In any case, an institution may allow users to login using Social Networks
such as Google
in place of or in addition to the identity provider selected.
The following diagram shows the different authentication options:
The pages in this section describe each authentication option in more details.