Published on 23 July 2021, by Catherine Micklethwaite
About using single sign-on for authentication
Benefits of single authentication
Having a single authentication system to allow our users to access all locally- and nationally-subscribed content is a real boon, but as many of you will be aware, there are some aspects of OpenAthens our users find troublesome:
- I can’t remember my password
- Why do I need yet another password? I already have too many
- I want to use the same password as I do for another system, but it won’t let me
- My account has expired and it won’t let me renew
- I don’t have the time to sign up for yet another account
When I joined the NHS in 2015 and started to hear this feedback, I started to investigate how we might ameliorate some of these issues for users in my trust. The answer was to align OpenAthens with our trust’s active directory management system (ADFS) to implement single sign-on, thereby enabling staff to log onto OpenAthens with their trust computer username and password.
Issues and their solutions
Can’t remember my password
The password is now the same as their computer password; if they forget their password, they can reset it from their phones or phoning the IT helpdesk 24/7
Too many passwords
A separate password is no longer required
Want to use the same password
A separate password is no longer required, they use one they have already set up
My account has expired
Their accounts remain active for the entirety of the period they are employed by the trust
Setting up the account
They automatically have an account as soon as they get a computer login
Hopefully you agree it’s a neat solution! It has taken six years and a lot of blood, sweat and tears to bring to fruition (it would have been five, but for the dreaded “C” word and lockdown) but we finally went live in April this year. We are the very first trust in England to offer single sign-on with OpenAthens (we were almost the first in the UK but NHS Wales beat us to it by a few months).
Keys to success
I would say that the following have been key to success:
- The trust having an active directory domain, linked to an active directory server, with the required certificates. Further details are available at https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/design/ad-fs-requirements
- An IT director supportive of single sign-on and an IT department willing to provide technical assistance
- Sign-off from Information Governance
- And probably above all, perseverance – never give up, keep pushing!
An important note is that this arrangement means our trust now sits outside the NICE national contract with Jisc for OpenAthens. HEE agreed to pay for us pilot the solution so that we could evaluate the implications and impact of single sign-on.
We will be evaluating:
- Whether this leads to more staff accessing resources now that barriers have been removed
- Whether this leads to a greater usage of resources
- Whether this leads to a better user experience
We will keep you posted!
Library Manager, Torbay and South Devon NHS Foundation Trust