Using LibAuth in your Springshare tools
LibAuth allows you to securely integrate your institution's authentication system with LibApps. This feature is a standard part of Springshare's tools—if you license LibCal, LibAnswers, LibGuides, or LibWizard, you have access to LibAuth, too. This provides library staff with an additional option for logging into LibApps and allows you to prompt patrons to authenticate before interacting with your Springy tools.
Patrons can be required to log in with their standard institutional account or library credentials before they can view content, submit tickets and chats, book spaces and appointments, complete forms and surveys, and much more. This is flexible—you can choose how LibAuth is applied within each Springy tool, allowing you to make some content freely available while other things are locked down or restricted to certain groups within your existing authentication structure, all while ensuring patron data is secure.
This Springboard is intended for product-level Admin users who are interested in understanding how to use your LibAuth configuration throughout all of your Springshare tools once you've created and tested your LibAuth configuration.
Below you'll find more info about where LibAuth integrations are available and how to use them.
For most configuration types, you have the option of using LibAuth to log into your LibApps system. This option can be activated directly in your LibAuth configuration's settings. For the login functionality to work:
- Users must have a LibApps account in the system using the same email address that is being returned by the email attribute in your LibAuth configuration.
- If a person's email addresses do not match, they can always update their LibApps account's email address on the My Account page.
- LibApps admins also have the ability to update email addresses from Admin > Manage Accounts (this has to be done via the LibApps dashboard—not from each individual app).
Additionally, you can choose to require users to log in to LibApps via your LibAuth configuration. When your LibApps system is set up for users to log in using your LibAuth configuration, the LibApps login page will be bypassed and staff will be prompted to login directly to your SSO.
- LibAuth: Edit a configuration's LibApps Login settings
- LibAuth: Require users to sign in to LibApps with your SSO
Within LibAnswers, you can add a LibAuth configuration to your site that can be used to limit submissions to a queue's question form, require a user to authenticate before initiating a new chat with LibChat, and/or restrict access to the public pages of your FAQ groups. If you are using a SAML, Shibboleth, ADFS, CAS, SIP2, OAuth 2, Microsoft OAuth2, or Google OAuth 2, you can also apply any of your LibAuth group permissions to a configuration in LibAnswers to further restrict access to a staff-only FAQ group, a chat widget intended only for graduate-level students, a question form for library card holders' circulation questions, and more.
- Question forms: When activated in the general settings for a queue's question form, all users will be required to authenticate with LibAuth before they're able to submit a question.
- Chat widgets: Authentication is controlled at the individual chat widget level (via the widget builder), allowing you to have widgets that require authentication and widgets open to anyone.
- FAQ groups: A LibAuth authentication rule can be put in place to require users to log in before accessing your FAQ Group's public pages, including your default group (aka your LibAnswers home page).
- System Settings: Restrict access to LibAnswers using LibAuth authentication
- Queues: Activate LibAuth authentication for a queue's question form
- LibChat: Activate LibAuth authentication for a chat widget
- FAQs: Activate LibAuth authentication for an FAQ group's public pages
Within LibCal, you can activate LibAuth authentication to restrict event registration to valid patrons, require a patron to authenticate before booking a space or piece of equipment, keep access to select Appointments users to only those that have signed in to your SSO, and/or lock down the booking of tickets and passes. Additionally, if you use SAML, Shibboleth, ADFS, CAS, SIP2, OAuth 2, Microsoft OAuth2, or Google OAuth 2, you can also apply any of your LibAuth group permissions to further restrict access to certain spaces, equipment, etc.
- Registering for events: Require authentication for individual events, as well as set it as a calendar default for all events with registration active.
- Booking spaces and equipment: Require authentication in each location's settings, with the option of applying group permissions to specific categories, spaces, or items.
- Scheduling appointments: Allow each user to choose to require authentication in their personal Appointments settings.
- Booking tickets and passes: Require authentication for all institutions that have been set up, with the option of applying group permissions or deactivating LibAuth to specific institutions.
- Events: Edit the Event Registration settings (including reminder and follow-up emails) for an event
- Events: Customize a calendar's general settings
- Spaces & Equipment: Activate LibAuth authentication for space & equipment bookings
- Appointments: Customize your personal appointment settings
- Tickets & Passes: Activate LibAuth authentication for bookings
With LibGuides CMS, you can add LibAuth access rules to your system. These can be used to restrict access to individual guides, groups, or your entire site. When a LibAuth-based access rule is active, the user will be required to authenticate via LibAuth before accessing the restricted content. If you are using a SAML, Shibboleth, ADFS, CAS, SIP2, OAuth 2, Microsoft OAuth2, or Google OAuth 2, you can also apply any of your LibAuth group permissions to an access rule to further restrict access to a staff-only guide or group as an example.
Additionally, if you subscribe to the E-Reserves module, you can require patrons to authenticate with LibAuth before viewing E-Reserves course content. This can be applied as a system-wide default, or activated within an individual course. If supported by your type of LibAuth configuration, you can, again, use group permissions to restrict access to certain courses to only certain groups of users.
- System Settings: Restrict access to LibGuides using LibAuth authentication
- E-Reserves: Authentication settings
With the Full version of LibWizard (Forms & Surveys + Quizzes & Tutorials), your Admin can activate LibAuth authentication for your LibWizard system. When active, within each form, survey, quiz, or tutorial you can activate restrict access so that a user is required to authenticate via LibAuth before they can view and submit. If a user is unable to authenticate, then they will be denied access. If your LibAuth configuration supports it, you can also further restrict access by applying a group permission rule.
Additionally, you can also use the LibAuth integration to automatically fill out a Name field and Email field in your form, survey, quiz, or tutorial. When a user authenticates, their email address and first & last names will be passed to LibAuth from your institution's authentication system and LibWizardh will insert those values in a designated Name and Email field. This can save the user time when filling out a form that requests contact information, while also helping to ensure that the info you're receiving is accurate.
- System Settings: Activate the LibAuth integration for your LibWizard system
- Forms & LibAuth: Restrict public access to a form using LibAuth authentication
- Surveys & LibAuth: Restrict public access to a survey using LibAuth authentication
- Quizzes & LibAuth: Restrict public access to a quiz using LibAuth authentication
- Tutorials & LibAuth: Restrict public access to a tutorial using LibAuth authentication
If your library doesn't subscribe to the Full version of LibWizard, contact our Springy Sales Team to learn how you can upgrade.