Most library e-resources grant access to any device connected to an address on the institution’s IP range, so an on-campus user doesn’t need to enter their username and password. Traditionally, libraries have relied on proxy servers such as EZproxy to manage off-campus access to electronic resources.
When a resource is accessed through EZproxy, off-campus users appear to the resource to be on the campus IP range. All EZproxy activity for all users is usually funneled through a single IP address at the university. Access via IP/proxy is ageing technology and has limitations such as security and user experience.
Lately, many libraries have been moving to replace EZproxy with OpenAthens, which is based on Security Assertion Markup Language (SAML). SAML is a standard that allows identity providers to pass credentials to service providers via a “handshake.” If you’ve ever used your Facebook login credentials to register for an account on some other application, it was done via SAML.
Boston College went live with OpenAthens in July of 2020 for off-campus authentication. Though we are still hosting our EZproxy server for now, we will not continue to update it. If you have any links formatted to work with EZproxy, you can use this guide to format them to work with OpenAthens.
An advantage of OpenAthens is the ability for users to log in to access electronic resources without going through the library website (or needing to reformat the links) by using “Find your institution” buttons. Currently, these login boxes appear on the homepages of most major journal publishers. There is an initiative to have these login boxes standardized and added to all article-level pages. Elsevier has already implemented this feature:
You can click “Access through your institution” and type “Boston College” to get access through the BC login page.
OpenAthens is linked to Boston College’s single sign-on (SSO)*, which is convenient for users but created a challenge for library staff. We frequently need to grant access to colleagues outside of BC, such as reference staff at consortium libraries who answer BC students’ questions after hours, or database vendors with whom we test access issues. To maintain security, BC ITS wouldn’t allow shared credentials, so we needed a different access point. That’s why there are two options in the OpenAthens login box:
Boston College students and employees should click the top box labeled “Boston College Sign In: Sign in at Boston College,” which leads to BC’s SSO login page. The other link labeled “OpenAthens Sign In: Sign in with a support account” leads to a login page for non-BC users. Unfortunately, at this time there is very little we can do to customize the visual layout of this page, but we have been told that a future update should allow us to change it to emphasize the main BC login button.
*You’re likely familiar with use of the SSO for the Agora Portal.