OVERVIEW
What is this section about?
Alma and Primo support authentication with an external trusted identity provider. This includes the modern Single Sign-on (SSO) standards of Central Authentication Server (CAS) and Security Assertion Markup Language (SAML) 2.0, as well as the secure version of the classic Lightweight Directory Access Protocol (LDAPS). With this feature enabled there is no need for your institution's patrons and staff to manage a separate password or username just for Primo - we can simply connect to your institution's trusted server and log them in with their campus credentials.
Does this mean anyone from my institution can log in to Alma and Primo automatically?
The general answer to this question is: yes! As long as we have a patron record in Alma for the person that has the right primary identifier set for them, they can login immediately. GIL Support periodically receives a patron load file from each institution and uses it to update the existing patron records and to add new patrons.
How do we use it?
The means by which you log in via external authentication will vary slightly by institution. Specific instructions explaining how to log in to Alma & Primo at your institution are available here:
If we need to add a patron to Alma by hand for some reason, can they still use External Authentication?
They can! It is important to note that for this to work you will need to create them with the correct Primary Identifier or the external system will not be able to identify them. The Primary Identifier is typically a 9 digit number that is sometimes called a "Banner ID" or "Student ID" at most institutions. There are instructions on how to do this elsewhere in the wiki.
Is there any reason someone wouldn't be allowed to login?
Alma in particular is very strict on who can login and will not allow patrons with only the "Patron" role to login. Your systems librarian can help you with getting the proper role(s) if you need to log in to Alma.
Primo will normally allow anyone with a patron record to log in via external authentication, but if their account is expired or locked they may be denied or see odd behavior from the system.
What if my institution is not listed at the link in "How do we use it"?
If there are no instructions available for your institution, it means that your Alma and Primo instances are still configured for internal authentication. If you have any questions about this please contact GIL Support.