[wactclc-alma] Anyone using Okta for EZproxy authentication?

Tue Mar 5 14:50:46 PST 2024

SPSCC has hosted EZproxy and use Okta for authentication. When we switched over to OCLC hosted, we pretty much did the same thing that Kirsti did. EZproxy support and our IT staff talked and figured out how to configure it all.

Things are working well.

The only grumble I have is the multi-factor authentication (MFA) that was implemented last year. If your campus requires MFAs, then make sure you ask for a guest login that doesn't require MFA (yes, it can be done, but depends on whether or not your IT staff is willing) if you need one for AskWA chat. Also, my IT folks recommend students and employees to set up multiple MFA because sometimes MFAs fail, especially the MFAs that require internet access or cell signals (parts of my library are dead zones).

Be well,

Lily Kun
She/Her Pronouns
Systems and Electronic Resources Librarian
lkun at spscc.edu<mailto:lkun at spscc.edu> | 360-596-5436<tel:3605965436> | https://library.spscc.edu<https://library.spscc.edu/>

[cid:image001.jpg at 01D56E08.09265B00]<https://spscc.edu/>

From: wactclc-alma <wactclc-alma-bounces at lists.ctc.edu> On Behalf Of Thomas, Kirsti
Sent: Tuesday, March 05, 2024 2:21 PM
To: WACTCLC Alma Discussion <wactclc-alma at lists.ctc.edu>
Subject: Re: [wactclc-alma] Anyone using Okta for EZproxy authentication?

I should probably clarify-yes, we have our EZProxy set up for SAML authentication via Okta.

I basically put EZProxy Support in touch with our Okta manager & the two of them had one meeting to go over the details. I think it only took 2-3 hours of work on IT's side of things to complete the set-up.

It's been smooth sailing ever since.

Kirsti

From: wactclc-alma <wactclc-alma-bounces at lists.ctc.edu<mailto:wactclc-alma-bounces at lists.ctc.edu>> On Behalf Of Thomas, Kirsti
Sent: Tuesday, March 5, 2024 14:12
To: WACTCLC Alma Discussion <wactclc-alma at lists.ctc.edu<mailto:wactclc-alma at lists.ctc.edu>>
Subject: Re: [wactclc-alma] Anyone using Okta for EZproxy authentication?

We use both Okta and EZProxy.

Okta and EZProxy both authenticate patrons/users but in slightly different ways.

In general, there are 3 ways that companies allow remote access to e-content:

1)      Username + password - Most companies that serve libraries don't do this because it takes so much staff time to manage the number of library patrons who would need individual accounts.
2)      IP recognition - The content provider allows access if people are coming in from a specific IP address or set of addresses. EZProxy is a form of this.  With EZProxy, you have a server which is set up to confirm that people are patrons of a specific library (there are several ways of doing this). When the EZProxy server confirms that someone is a library patron, it sends a pre-registered IP address to the content provider so they know to grant access to the library patron. One of the benefits of IP recognition is that is can be used to allow access without people having to log in when they're on site.
3)      SAML authentication - This is a newer way of allowing access and it always requires someone to log in.  Okta, OpenAthens, CAS and Shibboleth are all different products that can provide SAML authentication.  In this situation, the content provider sends a message to the library/college's SAML authenticator when someone wants access. The SAML authenticator checks its internal directory and sends a message back to the content provider to say "Yes this person is one of our users" or "No, this person isn't with us."  One of the other benefits of SAML authentication is that you can automatically assign people to different & multiple groups based on information in the directory and then only allow access to people in specific groups. For example, SAML authentication could be set up to allow access to a specific product/site for only students, or only employees, or only faculty.

Hope this helps.

It will be ok!

Kirsti S. Thomas (Hear my first name<http://namedrop.io/kirstithomas>)
Library Technical Services Manager & Systems Librarian
Seattle Colleges
kirsti.thomas at seattlecolleges.edu<mailto:kirsti.thomas at seattlecolleges.edu>

From: wactclc-alma <wactclc-alma-bounces at lists.ctc.edu<mailto:wactclc-alma-bounces at lists.ctc.edu>> On Behalf Of Sarah Gray
Sent: Monday, March 4, 2024 13:17
To: WACTCLC Alma Discussion <wactclc-alma at lists.ctc.edu<mailto:wactclc-alma at lists.ctc.edu>>
Subject: [wactclc-alma] Anyone using Okta for EZproxy authentication?

Hi all,

Is anyone currently using Okta for EZproxy authentication? If so, I'd love to chat! Also interested in hearing from folks who have previously used (or attempted to use) Okta but had to change course.

Many thanks,
Sarah

--
Sarah Gray (she/her)
Systems & Collections Librarian
Library | 3rd Floor, Lynnwood Hall
425.640.1526

[college logo]
CAUTION: This email originated outside of the Seattle Colleges' email system. Do not click links or open attachments unless you recognize the sender and know the content is safe. Questions? Contact IT Services at x6333 (Central), x3630 (North), x5844 (South) or email ITHelp at seattlecolleges.edu<mailto:ITHelp at seattlecolleges.edu>.

CAUTION: This email originated outside of the Seattle Colleges' email system. Do not click links or open attachments unless you recognize the sender and know the content is safe. Questions? Contact IT Services at x6333 (Central), x3630 (North), x5844 (South) or email ITHelp at seattlecolleges.edu<mailto:ITHelp at seattlecolleges.edu>.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ctc.edu/pipermail/wactclc-alma_lists.ctc.edu/attachments/20240305/6fafa27a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6993 bytes
Desc: image001.jpg
URL: <http://lists.ctc.edu/pipermail/wactclc-alma_lists.ctc.edu/attachments/20240305/6fafa27a/attachment.jpg>