Skip to main content
ExLibris

Knowledge Assistant

BETA
 
  • Subscribe by RSS
  • Back
    Alma

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      1. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. Alma
    3. Product Documentation
    4. Alma Online Help (English)
    5. Integrations with External Systems
    6. Authentication
    7. Ex Libris Identity Service

    Ex Libris Identity Service

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1. Multi Factor Authentication (MFA)
      1. Recommending MFA
      2. Forcing MFA
    Translatable
    The Ex Libris Identity Service is based on a dedicated identity management solution. This service replaces the internal authentication method previously used Alma customers. All passwords for internal Alma users are stored in the Ex Libris Identity Service, which is hosted by Ex Libris in its data centers. For more information on this service, see https://developers.exlibrisgroup.com/alma/integrations/user-management/authentication/exl_identity_service.

    The following password considerations are applicable with the Ex Libris Identity Service:

    • The password strength cannot be configured.
    • The password does not have an expiry date.
    • The password locks for 30 minutes after 15 unsuccessful login attempts.
    • When a staff user enters a wrong user and password combination on the Alma login page, the error message includes a Forgot password? link, which links to the reset password page. In order to display a Forgot Password option in Primo/PrimoVE, a configuration update is required. For more information, see the knowledge article, How to add a 'Forgot My Password' link to the login page in the new UI when using Alma for authentication. 

    Identity service labels can be configured in the Internal Login Messages code table. See Configuring Identity Service Labels.

    For Alma users, a Reset Password Letter is sent to an individual user by selecting the Reset your password for the identity service option in the Send message drop-down list on the User Details page. The letter is sent to a group of users by running the Update/Notify Users job and selecting the Identity Service mail option in the Send notification to user drop-down list on the job parameters page.

    • The new password must be at least eight characters long and cannot include the user name or any commonly used password.
    • When the Reset Password letter is sent by the Update/Notify Users job or from the Send Message drop-down list, the link is active for twenty-four hours. When the letter is sent from the Forgot Password? link, it is active for one hour. 
    • In the Reset Password screen, users are asked to enter their user names or email addresses. If users enter their user names, emails are sent to the users' preferred addresses. If users type in email addresses, the system searches for the specified email addresses and if they are located, uses these email addresses even if they aren't the preferred addresses. If an email address is not located or belongs to more than one user, no email is sent.

    For more information on logging into Alma, see Logging Into and Out of the User Interface. 

    Multi Factor Authentication (MFA)

    This feature requires the mfa_for_alma_hep parameter to be enabled (see User Settings).

    It is possible to configure Alma to recommend (or enforce) the use of multi-factor authentication (MFA).

    Recommending MFA

    This requires the mfa_for_alma_hep parameter to be set to "suggest" (see User Settings).

    To Recommend MFA:
    1. When logging in for the first time after setting the mfa_for_alma_hep parameter to "suggest", the user is prompted with the regular username and password. 
    2. After logging in, a message appears recommending that the user enable multi-factor authentication. 

      The Highly Recommend MFA message.
    3. The user can ignore the message or cancel it using the X button, or they can select Enable.
    4. If the user selects Enable, a message prompts the user to Ignore or Confirm. This message includes the user email address/es to which the login link will be sent.

      The Ignore or Confirm message for MFA.
       
    5. If the user selects Confirm, the next time they login, a login link is sent to their email/s and a message appears letting them know that the link was sent. 

      The Link sent to email message.

      If the user selects Ignore, the MFA recommendation message will be displayed each time the user logs in.
       
    6. The message will appear each time the user logs in (after validating their username and password).
      (New for May) The link is active for 10 minutes. Activating the link directs the user to the product home page. (New for May) Note that the link is usable only in the same browser from which the login flow started.
    7. Users can also enable/disable MFA from the User Management Information page at Admin > Manage Users > Staff > User Management Information.

    The Enable Multi-factor authentication checkbox.

    Forcing MFA

    This requires the mfa_for_alma_hep parameter to be set to "force" (see User Settings).

    To Force MFA:
    1. After setting the mfa_for_alma_hep parameter to "force", all users will be required to authenticate with MFA.
    2. When logging in, users will be prompted with the regular username and password authentication.
    3. A link will be sent to the user's email before entering the product (from the login page), and a message will appear.

      The Link sent to email message.
    4. (New for May) The link is active for 10 minutes. Activating the link directs the users to their product home page. (New for May) Note that the link is usable only in the same browser from which the login flow started.

    With the mfa_for_alma_hep parameter set to "force", there is no way to turn off the MFA flow for a specific user.

     

    View article in the Exlibris Knowledge Center
    1. Back to top
      • Primo Login Using Email
      • OpenID Connect
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Content Type
      Documentation
      Language
      English
      Product
      Alma
    2. Tags
      This page has no tags.
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved