Authentication
Authentication for a cloud-based SaaS application can be accomplished using one of two ways: entering a user ID and password in the user’s browser or using identity federation. The former method is pretty well known (and increasingly reviled). The latter method is well established and has superior security. In line with Alma’s support for industry standard security measures, and in order to fulfill the requirements of Alma’s various security certifications, Alma integrates with several federated authentication options. For more information about federated authentication see Background and introduction to federated authentication.
Alma supports storing user information details in the Alma cloud for operational purposes. The user fields which can be stored in Alma include:
| User information | Purpose |
|---|---|
| Identifiers | Providing fulfillment services |
| Name | Display |
| Addresses | Home delivery |
| Phone numbers | SMS messages, staff contact |
| Email addresses | Notifications |
In cases where the institution has an Institutional/Enterprise Identity Provider, users can login using LDAP or single sign on protocols (SAML, CAS, OpenID Connect). In any case, an institution may allow users to login using Social Networks such as Google or Facebook in place of or in addition to the identity provider selected.
The pages in this section describe each authentication option in more details.