New Primo Authentication Policy - FAQ
-
What is changing?
As part of the company’s continuing efforts to follow security and data privacy best practices, Ex Libris is updating the authentication underlying technology support and policies.
Primo institutions using PDS and authenticating to standard methods such as SAML, LDAP, CAS, or the Ex Libris Identity Service will transit to use the Primo Authentication Manager instead of PDS.
-
Why is Ex Libris making a change?
The updated technologies & standards, allow focusing on best practices, mitigate risks and vulnerabilities, enforce security and mitigate the need for a separate mediating component of PDS and eliminate a redundant point of failure and the need to apply version upgrades.
-
What do I need to do?
Institutions still using PDS may want to involve your IT department to assist with changing to the Primo Authentication Manager.
The high-level tasks include:
-
Set up new authentication profiles on the Primo sandbox
Note: SAML/CAS profiles will require institution IT involvement for certificate
-
Once confirmed on sandbox, set up new authentication profiles on Primo production
-
At any stage Ex Libris support can be contacted for assistance
-
Is there any current functionality I will lose?
Your current authentication methods will remain the same. When using federated authentication such as SAML or CAS, patrons will link out to your institutional login pages as they do today. In cases of LDAP or Ex Libris Identity Service, patrons will sign in directly from with Primo interface and not be directed to a separate page like they are today with PDS.
-
Can I still show my users multiple login options (ie SAML, LDAP)?
Yes, you can configure and offer patrons to choose from multiple login options, which will be seen in the Primo authentication form.
-
I have customized the PDS login page, will this still be used?
Patrons will sign in directly from with Primo interface which can be customized and will no longer be directed to a separate page like they do today with PDS.
-
Will this also change on my Primo Sandbox environment?
Yes, this change will be applied to both the production and sandbox environments.
-
Does it require downtime?
The move to the Primo authentication does not require downtime.
- Article last edited: 28-Feb-2024