FAQ content

System Settings: Restrict access to LibAnswers using LibAuth authentication

In this article

LibAuth authentication rules allow you to restrict access to your LibAnswers site's public pages (the entire system or for specific FAQ groups), your queues' question forms, and LibChat widgets. If a user attempts to view the content restricted by LibAuth, they will be prompted to log in via your SSO first, then they will be able to view your content as normal.

Using LibAuth authentication can be helpful if you want to restrict access to content to only valid users of your institution, such as current students, faculty, and staff. This is also a great way to restrict access to your content, while also allowing valid off-campus users to easily authenticate to view it. For CAS and SAML/Shibboleth/ADFS users, you can even add configurations that cover specific group permissions, allowing you to control access to question forms, FAQ groups, or chat widgets at an even more granular level.  

Additionally, LibAnswers can also autofill the email and name (where available) from your SSO in the question/chat form, saving users time -- allowing them to skip over typing in their contact details after authenticating.

Example of a question form restricted via LibAuth
Example of a question form restricted via LibAuth

Add and manage LibAuth configurations to LibAnswers

Before LibAuth can be applied to a question form, FAQ group, or chat widget, at least one LibAuth configuration must be added to your LibAnswers site. When adding a configuration you will be able to add/edit the custom message that will display to public-side users in instances where you have applied a LibAuth configuration to restrict access.

Additionally, you can see what pages, queues, and chat widgets in your site are currently using a configuration.


Add a configuration

  1. Go to Admin > System Settings.
  2. Click on the Access Rules tab.
getting to the Access Rules tab
  1. In the Manage Authentication (LibAuth) in LibAnswers box, click the Add Configuration button.
clicking the Add Configuration button for LibAuth
  1. From LibAuth Configuration modal, select the LibAuth configuration to use.
  2. Click Continue.
selecting the configuration to use
  1. From LibAuth Configuration modal, give the configuration a Name.
    • Note: this is for internal use only and is not visible to patrons.
  2. Optionally, give the configuration a Description -- only visible via the Access Rules tab.
  3. If you selected a CAS or SAML/Shibboleth/ADFS configuration, you can use the LibAuth Group Rule to optionally apply one of your configuration's group permissions. This can allow you to implement a more specific restriction.
    • For example, if your LibAuth configuration has a group permission for library staff, you could apply that to your staff intranet FAQ group. That way, only authenticated users who belong to the library department would be able to view FAQs in that group.
    • Consult with your LibApps admin and IT staff for help creating your own group permissions in LibAuth.
  4. Set the Instructions that will be displayed above the login button when a user is presented with the authentication page.
    • Note: HTML can be added to this field.
  5. Set the Button Text for the login button.
  6. Click Save.
filling out the name and details for a configuration

Manage configurations

  1. To edit a configuration's name, description, group rule, instructions, and/or button text, click on its Edit () icon in the Actions column.
  2. Click the See Mappings () icon in the Actions column to view the details for any question forms, chat widgets, and FAQ groups that are currently using the configuration.
  3. To remove a configuration, click on its Delete LibAuth Config () icon in the Actions column.
    • When deleting you can choose to have any mapping associated with the config reassigned to another configuration.
    • Alternatively, you can choose to not have the mappings reassigned. When the mappings are not reassigned, deletion will remove authentication from all mappings associated with the configuration.
Options for managing LibAuth configurations in LibAnswers

Enable LibAuth authentication for a queue's question form

The question form for any queue in your LibAnswers system can be put behind LibAuth authentication. This allows you to limit who can submit questions via the question form. If enabled, users will need to authenticate against your institutional authentication system in order to submit tickets via your question form. Additionally, LibAnswers can also autofill the email and name (where available) from your SSO in the question form, so users don’t have to spend time typing in their contact details after authenticating.

To access a question form's General Settings go to Admin > Queues, click on the queue's Edit Queue () icon, then click on the Question Form tab, and expand the General Settings panel.

The option to enable LibAuth authentication for a question form
Option to enable LibAuth authentication for a queue's question form

Please note: queues that have their question form linked to another queue, must still have LibAuth authentication enabled in that queue's settings.


Enable LibAuth authentication for an FAQ group's public pages

Any FAQ groups (not including 24/7 Staffing or Group Member Policy FAQ groups) can be put behind a LibAuth authentication rule to require users to login before accessing that FAQ group's public pages. If you place your default group (aka your LibAnswers' landing page/primary FAQ group) behind LibAuth, it will require any users visiting the public side of your site to authenticate before they can view any public pages.

Please note: LibAuth access rules will only apply to the public side of your LibAnswers FAQ group(s), not the admin pages.

To access an FAQ group's Group Availability settings, go to Admin > FAQ Groups, find the group you want to customize and click on its edit () icon in the Actions column, then under the General tab click on the Group Availability panel to expand it.

The option to enable LibAuth authentication for an FAQ group
Option to enable LibAuth authentication for an FAQ group's public pages

Enable LibAuth authentication for a chat widget

Any LibChat widgets that have been created can be configured to limit who can chat by enabling LibAuth authentication in the widget. If enabled for a chat widget, users will need to authenticate against your institutional authentication system in order to begin the chat. Additionally, LibAnswers can also autofill the email and name (where available and when the chat widget has the Prompt for contact info option enabled) from your SSO in contact info for the chat, so users don’t have to spend time typing in their contact details after authenticating.

When creating/editing a chat widget, the option to enable LibAuth authentication for it can be found in the Widget Name & Type section of the widget creator.

The option to enable LibAuth authentication for a chat widget
Option to enable LibAuth authentication for a chat widget

For more information on creating and configuring chat widgets, please see the Create LibChat widgets Springboard.