Products & Services / I-Share / Primo VE Discovery Interface / Primo VE Authentication for I-Share Libraries Using Single Sign-On

Primo VE Authentication for I-Share Libraries Using Single Sign-On

Revised: June 11, 2021

CARLI Recommendation on Primo VE Authentication for I-Share Libraries Using Single Sign-On

Background

Most I-Share libraries are configuring Alma and Primo VE to use a single sign-on service, such as Open Athens, SAML, CAS, or LDAP. These services will provide authentication for users at your institution that have current credentials in your institutional system (e.g. students, faculty, staff).  These "External" Users are typically maintained in Alma with regular SIS data loads from your institutional system. For more information on how to set up community users in Alma, please see the Community Users in Alma and Primo VE page.

However, most I-Share libraries also have users—community borrowers, alumni, or others—who you want to have local borrowing privileges. These users will NOT have an account or current credentials in your institutional single sign-on system, and they will need a way to sign into Primo VE to view their account and request materials.  CARLI staff also fall into this same category, so it will be very difficult for us to help you troubleshoot questions and problems in Primo VE if we cannot log in. 

Since these types of "other" users have no institutional affiliation, they are not authenticated through your single sign-on service. They are managed in Alma as "Internal" Users with login identifiers and passwords maintained only within their Alma User Record, and they will need to be provided with a way to log into Primo VE that does not go through the institutional single sign-on system that External Users must use.

CARLI STRONGLY RECOMMENDS that you should activate and configure a second login method if your library is using single sign-on for Primo VE.

The directions below provide instructions on how to set up a second sign-in method for your Internal Users.

how to activate and configure a second sign-in method

Role needed: Discovery Admin

Go to Alma Configuration > Discovery > Authentication > User Authentication

Under the Authentication Profiles, the "Authentication via Alma" (Code = Alma, Integration Type = ALMA) is the profile that will allow local users and CARLI staff to log into Primo VE.

PVE_auth-profile.png

This option is already set up in Alma by default, but you must make sure that it is active and that you customize the login links and labels for both login methods to display to users in Primo VE so that they can choose the correct option. 

Ex Libris documentation on configuring these logins and their labels can be found at: https://knowledge.exlibrisgroup.com/Primo/Product_Documentation/020Primo_VE/030Authentication_Configuration/010Configuring_User_Authentication_for_Primo_VE

When a user clicks the "Sign in" link in the upper right corner of Primo VE, they will be presented with a pop-up box to choose how to sign in.  You can customize the labels and descriptions that explain each link.

How to Change the order of the login links

You can change the order of the login links, so either the External User/single sign-on option or the Internal User/Alma Authentication option is the first option users will see when their click the Sign in button in Primo VE.

Use the small arrows to the right of each profile to move that profile up or down the list.

PVE_auth_changeorder.png

Example 1 from DePaul University

Below is an example of how two separate login links were configured for DePaul University:

  • SAML External Users (those users whose library records are maintained within the university's system) are login 1
  • Alma Internal Users (those users whose library records are maintained only with their Alma User Record) are login 2

PVE_auth-2profiles.png

On the Login Labels page, the first two parallel.login.link options were customized.

  • parallel.login.link1 is for External Users from DePaul's single sign-on system
  • parallel.login.link2 is for Internal Users

PVE_auth_login-labels.png

When a user goes to DePaul's Primo VE instance and clicks the Sign in button, they are presented with a pop-up containing both options:

PVE_auth-DPUsignin.png

example 2 from university of illinois at urbana-champaign

Below is an example of how two separate login links were configured for University of Illinois at Urbana-Champaign:

  • SAML (SAML-UIU) External Users (those users whose library records are maintained within the university's system) are login 1
  • Alma Internal Users (those users whose library records are maintained only with their Alma User Record) are login 2

PVE_auth-UIUC2profiles.png

On the Login Labels page, the first two parallel.login.link options were customized as were the descriptions for each login link.

  • parallel.login.link1 is for External Users from UIUC's single sign-on system
  • parallel.login.link2 is for Internal Users

Descriptions of each of these links were also customized with additional information. This will appear under the sign-in pop-up when a user signs into Primo VE.

  • parallel.login.description1 is for External Users from UIUC's single sign-on system
  • parallel.login.description2 is for Internal Users

PVE_auth-UIUClables.png

When a user goes to UIUC's Primo VE instance and clicks the Sign in button, they are presented with a pop-up containing both options, plus the added descriptions of each:

PVE_auth-UIUClogin.png