February 5, 2018
Note: This topic is different from sharing identity data with publishers and other resource providers, which is a whole topic of its own. I’m just focusing on libraries tracking patron identity for internal purposes.
Verifying patron identities requires an integration with an Identity Provider (IdP) – a system that creates and manages identity information, and provides user authentication as a service. For many libraries, the IdP is their organization’s internal directory – managed by the IT department. Integrating that directory into the resource access workflow allows patrons to use their existing network credentials to authenticate, greatly simplifying login.
Even better, patrons who are already signed into a local IdP that supports Single Sign-On (SSO) will benefit from seamless access to a resource without an additional login screen.
As network credentials increasingly become the key that organizations use to manage access to internal applications, there can be categories of users whose identities are better managed in different ways and separate from the local directory.
For example, some organizations manage student identities on dedicated third party software that is managed outside of IT (e.g. the Bursar) and ties into other applications, such as grading systems.
Another example is affiliated users, such as visiting scholars, preceptors, or alumni, that aren’t listed in an internal network directory. These users may only need access to specific resources and/or for a specific time period.
Having multiple identity sources can bring significant challenges.
Each source will likely offer a distinct login experience, capture a unique set of user metadata, rely on a different technology, and might require you to liaise with different parts of your organization.
Library patrons can face disconnected access pathways, and resolving access issues are often more time-consuming. Worse, the library may be left with a splintered understanding of usage patterns unless access statistics can be aggregated across sources.
The solution is to design access pathways around simplifying the user experience, with technology as a means to end, not an end in itself.
1. Single Access Page
Deliver a single login page that integrates multiple IdPs under the hood. IdPs can come and go behind the scenes, but the access experience is consistent.
2. Use existing metadata
Minimize requests for additional user information by mapping your variant IdP metadata against a standard template to automate the creation of user profiles. These profiles can then be used to build easily maintainable resource access logic.
3. Remember user preferences
Enable users to bypass this unified screen when you already know their choice of IdP (with an option to avoid this on shared devices).
Best of all, this allows the library to record granular usage stats against these user profiles e.g. by role, department, location etc. Libraries concerned with patron privacy can use anonymous identifiers while still recording aggregate statistics at a meaningful level, such as user category or department.
By understanding resource usage, the library can maximize value from their resource budget.
We recently implemented resource access for a library that included all 3 of these examples:
If you’d like to learn more about how LibLynx can help you manage patron identity, please contact us.