University of Cumbria, Improved Systematic Management with Shibboleth Granular Access
Gaining full control to user access has been a challenge for the university. Implementing a granular access in the shibboleth dashboard has changed University of Cumbria’s e-resource management
Solutions at a glance
Objective
Gaining full control on granting and denying access to particular areas of users to access e-resources has been a challenge for the university.
To be able to extract reports and have an overview of statistics based on categories. I.e library e-resource licence of both internal and partnered institute, journals, ebooks, users identity, and etc.
Decreasing in needing multiple credentials for specified user privilege but at the same time, improving security.
Results
Implementing the granular access controls on a system allow the University of Cumbria to determine who has access to each part of the system, as well as what they can do with that access.
The Shibboleth dashboard feature of the statistical tools will benefit the university for resource overview and to get control access to e-resources and extract raw log data for reports.
Shibboleth is based on Security Assertion Markup Language (SAML), so it's compatible with other SAML-based software. Thus implementing granular access and the SSO, Removes the need to provide multiple user information credentials but at the same time, improve security.
The Challange
To manage access to library resources and online services, there needs to be a way to digitally identify and distinguish library users so that they can be granted or denied access based on their identity.
Many online services require users to create separate accounts for each one.
This can be hard: Managing multiple accounts using various online services can be a hassle.
Service providers must manage many details/accounts, and users must juggle multiple usernames and passwords. Thus, weakening security.
Based on Micheal, a digital library manager at the University of Cumbria, having many electronic resources, it is important to stay on top and be updated to facilitate "seamless access" to resources and information. Thus Micheal's most challenging day-to-day task includes;
Electronic resources troubleshooting
Licence negotiations from partnered institutes
Compiling statistics and log data.
In the University of Cumbria's case, several areas are very concerning, which are;
On-campus and off-campus authentication
Confidentiality clause (i.e., terms and conditions, licence e-resources data, journal, archives, etc.)
E-reserves and course-packs access
The University of Cumbria currently has 7 universities around the UK, all of which are administered centrally in the main campus. In particular, gaining full control on granting and denying access to particular areas of users to access e-resources has been a challenge for the university.
The Solution
While achieving access to digital e-resources sounds like a very simple concept (i.e. provide an IP address, contact information, licence and terms agreement, and access privilege), in reality, it is much more complex.
Overt Software Solution IT developer collaborated with Micheal to settle its main problem “what can University of Cumbria do to better protect its systems and have full control management to the e-resources?” This is where granular access controls, a key feature in shibboleth access management solutions, come in.
The granular access controls on a system allow you to determine who has access to each part of the system, as well as what they can do with that access. However, it would be impractical to set up permissions for each individual user, so privileges are granted based on roles defined in the facility's directory service.
The Benefits
When the University of Cumbria implement a granular access control system using the Shibboleth server, it helps the e-resource and digital library department to improve how users access resources throughout the educational and research sectors.
Specifically, the goal is to gain full control of user privilege to seamlessly access internal and external resources (institutionally controlled identity).
Plus, they get to access the Shibboleth dashboard tool feature, where an authorised user can use the statistic tools for resource overview, get access to e-resources and extract raw log data for reports. Here are the major benefits of Granular access in shibboleth;
Benefits to the institution:
- The scale of the users is manageable.
- Cost reduction by not having to pay for password support.
- Different categories of users can access different levels of resources, depending on their privileges.
Benefits for administrators:
- Improved access to resources and reduced management time. Making it easier to share resources among several institutions and manage a huge amount of account information.
- Possibility to interoperate with other standard-based solutions. Shibboleth is based on Security Assertion Markup Language (SAML), so it's compatible with other SAML-based software.
- Improved security (Single Sign On/SSO - Removes the need to provide multiple user information credentials.)
Benefits for users:
- Improved privacy protection because only certain personal information is released from the identity provider to the service provider.
- Removes the need to provide multiple user information credentials.
- Access to resources can be gained from inside or outside subscribing institutions, which is particularly useful for multi-site institutions without a homogenous network.
“Yeah, it’s straight forward to use. I particularly like the feature that when you are creating a report you can just click into a field, such as attribute, and it’ll show you the various options. You can just select one then it places it in the field for you, so you don’t need to know the particular names of the various shibboleth attributes, they are just there presented for you. ”
Micheal
University of Cumbria | Digital library manager
Need help?
If you would like to learn more about how Overt Software can help you manage multiple user identities and access control, Please contact the Overt Software Customer Success Team.