Ready to Learn?Ex Libris products all provide open APIs

Authentication in Alma

Authentication for a cloud-based SaaS application can be accomplished using one of two ways: entering a user ID and password in the user’s browser or using identity federation. The former method is pretty well known (and increasingly reviled). The latter method is well established and has superior security. In line with Alma's support for industry standard security measures, and in order to fulfill the requirements of Alma's various security certifications, Alma integrates with several federated authentication options. For more information about federated authentication see Background and introduction to federated authentication.
 
Alma supports storing user information details in the Alma cloud  for operational purposes. The user fields which can be stored in Alma include:

User informationPurpose
IdentifiersProviding fulfillment services
NameDisplay
AddressesHome delivery
Phone numbersSMS messages, staff contact
Email addressesNotifications
 
The recommended authentication methodology is federated authentication using the following options:

 

 
In cases where the institution has an Institutional/Enterprise Identity Provider, users can login using LDAP or single sign on protocols (SAML, CAS). An institution that does not have an Identity Provider can choose to subscribe to certified Cloud Identity Providers. In any case, an institution may allow users to login using Social Networks such as Google or Facebook in place of or in addition to the identity provider selected.
 
The following diagram shows the different authentication options:
 
 Authentication Options
 
The pages in this section describe each authentication option in more details.