Alma supports authentication via social networks: A staff user can login into Alma using his social network details, and patrons can login into Primo. Currently Google, Facebook and Twitter are supported, with plans for additional networks in the near future.
Social login is based on the OAuth 2.0 standard which is used by many websites and applications. Alma will only add the user’s unique social network identifier to the user record in Alma, and will not be able to post anything to the social network, nor change any information there. What is stored in Alma cannot be used to gain access to a user’s social account.
In order to login with social network details, the user in Alma should have an identifier with the social network id. This identifier is necessary for Alma to link the social network authenticated user with the Alma user. Note that this identifier is not displayed in the Alma UI but is visible via the Export Job or APIs.
Note that both external and internal users can be authenticated using social login.
The following steps are required in order to allow social login:
- Have a Google/Facebook/Twitter accounts for the library
- Configure OAuth app for these accounts
- Configure the “Social/Email Login” integration profile in Alma
- In order to allow login to Primo, Primo should be configured as well. Make sure you use Primo’s new UI and new authentication
- Activate authentication via a social network provider for existing user accounts in Alma
Configuring the Social network and Alma
The option to login with social login details is opt-in.
The following pages provide details on how to enable social login with the social network providers:
A site can pick and choose which account or accounts to use as a separate Integration Profile is configured for each one of the above.
In order to allow patrons to login to Primo using their social login details, Primo’s new UI should be used with the new Authentication (not PDS). See here for more details regarding the required configuration in Primo.
Activating authentication via a social network provider
In order to activate authentication via a social network provider for an existing user account in Alma, Alma should send an email with a registration link to a user (“SocialLoginInviteLetter”). The user clicks the link and follows the instructions to authenticate with the social network and provides permission for Alma to access basic user information. The email can be sent in the following ways:
- For a specific user: using the “Send message” – “Social login mail” from the user management Alma UI
- For a group of users: using the “update and notify users” job, with the “Send message” – “Social Login invitation” option.
Note: The link in the SocialLoginInviteLetter expires 14 days after the email is sent. Please consider customizing the email and instructing new users to press the link as they receive the email (as opposed to waiting until they need library services).
After following the flow, a Success message is displayed, and a 2nd email is sent to confirm it: SocialLoginAccountAttachedLetter.
The Success message includes a link to Alma for a login (if the user has non-patron roles). The text in the Success message can be customized in “Social Login Labels” code-table, accessible from the main configuration menu.
If a user has already attached his account to social media and follows the attach flow again by clicking on the link in the first email, there will be no change in Alma as the account is already attached, a success message will be displayed and the SocialLoginAccountAttachedLetter will be resent.
The following diagram illustrates the attach account workflow:
Login to Alma with social network details
After the social network id is added to the user in Alma, it is possible to login to Alma using the social network details. The login to Alma with social network details is done using the regular login URL, with “/social” suffix. For example: https://alma.exlibrisgroup.com/institution/INST_CODE/social, or uni.alma.exlibrisgroup.com/social for institution-specific domain names.
The following diagram illustrates the login workflow:
Login to Primo with social network details
After the social network id is added to the user in Alma, it is possible to login to Primo using the social network details. Institutions can also allow guest users to perform self registration: After a user is authenticated by the social network, if he does not exist in Alma, Alma might be configured to create a new user for him. This depends on the configuration of the “self registration” part of the social login integration profile in Alma.
The following diagram illustrates the login workflow in Primo:
Note: The benefit of Social Login is the ease of use after the initial login. A user which followed the attach-account flow once will be able to login the next day without typing a single character. As Facebook and Google keep a permanent cookie on the browser there is no need to login even after the browser (or even the computer) is shut down. However on a shared PC a user which has signed in to Primo using Social Login should keep in mind to log out of Facebook/Google before leaving the PC.
As emphasized at the top of this page OAUTH is a widely used protocol and the information exchanged between Alma and the Social Network provider is minimal. You may consider customizing SocialLoginInviteLetter and explaining it as you see fit to your audience to avoid concerns.
Management of Users attached to Social Network
If you would like to keep track of who has implemented Social Login you can create an Analytics report using the Identifier types (of the various “social login”) under the Subject Area: Users > Identifier.
In the case that a user wants to detach his account from the Social Network the user needs to contact the library to detach his account. This is done in Alma using a button that is displayed at the top of the User Details General Information page, Detach from Social Account. Click this button to disassociate the social login from the patron. See here for more details.