Verifying Patrons Using SAML-Based Authentication
Sierra supports SAML-based authentication to allow patrons to sign in to the WebPAC or Encore using an external SAML identity provider (IdP). Sierra acts as a standard SAML Service Provider (SP) like other services found in organizations (for example, a campus's email system). As an SP, Sierra redirects users to the external IdP run by your organization to enter their credentials and accepts those users on their return as authenticated if the external IdP recognizes their credentials.
For more information about SAML-based authentication for patrons, see the following.
- See also:
- SAML-Based Authentication for Staff
Selecting a SAML Configuration
Innovative can configure SAML authentication on your Sierra system in one of the following ways, depending on your library's needs.
- External IdP and Native Authentication - This configuration provides a login page with links to authenticate using an external IdP service or Sierra's native authentication. Native authentication can be used for community borrowers or alumni who have a patron record in Sierra, but are not included in the external IdP database. Native authentication requires the use of a PIN and an indexed field chosen by your library (typically the barcode field is used).
- External IdP Only - This configuration automatically redirects patrons to the external IdP without showing Sierra's login page. This configuration can streamline the login process if your library only supports authentication using an external IdP.
The following screenshot shows the login page for a system configured with an external IdP and native Sierra authentication.
When a patron selects the external IdP link ("University SSO" in the screenshot above), Sierra redirects them to the external IdP's login page. When a patron selects the native authentication link ("Library Login" in the screenshot above), Sierra expands the display to show the login prompts to authenticate against the patron record. For example:
