Verifying Patrons Using SAML-Based Authentication

SAML-based authentication requires Sierra 5.4 or higher and must be installed separately. In Sierra 6.1 and later, you can configure SAML-based authentication for patrons in the Administration Application. If you are using an earlier version, contact Innovative for details.

INN-Reach catalogs do not support SAML-based authentication for patrons.

Sierra supports SAML-based authentication to allow patrons to sign in to the WebPAC or Encore using an external SAML identity provider (IdP). Sierra acts as a standard SAML Service Provider (SP) like other services found in organizations (for example, a campus's email system). As an SP, Sierra redirects users to the external IdP run by your organization to enter their credentials and accepts those users on their return as authenticated if the external IdP recognizes their credentials.

For more information about SAML-based authentication for patrons, see the following.

See also:
SAML-Based Authentication for Staff

Selecting a SAML Configuration

Innovative can configure SAML authentication on your Sierra system in one of the following ways, depending on your library's needs.

The following screenshot shows the login page for a system configured with an external IdP and native Sierra authentication.

SAML Login Page

When a patron selects the external IdP link ("University SSO" in the screenshot above), Sierra redirects them to the external IdP's login page. When a patron selects the native authentication link ("Library Login" in the screenshot above), Sierra expands the display to show the login prompts to authenticate against the patron record. For example:

Login page with native authentication prompts