Joining the 21st Century: OpenAthens and single sign-on

About using single sign-on for authentication

Benefits of single authentication

Having a single authentication system to allow our users to access all locally- and nationally-subscribed content is a real boon, but as many of you will be aware, there are some aspects of OpenAthens our users find troublesome:

  • I can’t remember my password
  • Why do I need yet another password? I already have too many
  • I want to use the same password as I do for another system, but it won’t let me
  • My account has expired and it won’t let me renew
  • I don’t have the time to sign up for yet another account

When I joined the NHS in 2015 and started to hear this feedback, I started to investigate how we might ameliorate some of these issues for users in my trust. The answer was to align OpenAthens with our trust’s active directory management system (ADFS) to implement single sign-on, thereby enabling staff to log onto OpenAthens with their trust computer username and password.

Issues and their solutions

Can’t remember my password

The password is now the same as their computer password; if they forget their password, they can reset it from their phones or phoning the IT helpdesk 24/7

Too many passwords

A separate password is no longer required

Want to use the same password

A separate password is no longer required, they use one they have already set up

My account has expired

Their accounts remain active for the entirety of the period they are employed by the trust

Setting up the account

They automatically have an account as soon as they get a computer login

Hopefully you agree it’s a neat solution! It has taken six years and a lot of blood, sweat and tears to bring to fruition (it would have been five, but for the dreaded “C” word and lockdown) but we finally went live in April this year. We are the very first trust in England to offer single sign-on with OpenAthens (we were almost the first in the UK but NHS Wales beat us to it by a few months).

Keys to success

I would say that the following have been key to success:

  1. The trust having an active directory domain, linked to an active directory server, with the required certificates. Further details are available at https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/design/ad-fs-requirements
  2. An IT director supportive of single sign-on and an IT department willing to provide technical assistance
  3. Sign-off from Information Governance
  4. And probably above all, perseverance – never give up, keep pushing!

An important note is that this arrangement means our trust now sits outside the NICE national contract with Jisc for OpenAthens. HEE agreed to pay for us pilot the solution so that we could evaluate the implications and impact of single sign-on.

Evaluation

We will be evaluating:

  1. Whether this leads to more staff accessing resources now that barriers have been removed
  2. Whether this leads to a greater usage of resources
  3. Whether this leads to a better user experience

We will keep you posted!

 

Catherine Micklethwaite

Library Manager, Torbay and South Devon NHS Foundation Trust