Planning

So how do you do it?

1. First of all, you need to decide how your users will be directed to external resources, this is your entry point. It could be
   • the library web site
   • a VLE or portal
   • a special portal for distance learners
   • a protected web page
2. Choose your local authentication system, eg OPAC, LDAP Directory Service, Kerberos, which can be tailored to establish an AthensSSO session behind the scenes.
3. Choose your preferred protocol: AthensDA, SAML or Shibboleth
4. Decide on the numbering scheme you will use to identify members of your organisation eg Borrower No, Student No. These numbers must be available from your chosen authentication system.
5. Decide what sort of statistics you want from Athens, at organisational level, or faculty level, or whatever.
6. Decide on the number and structure of permission sets that you will need. Bear in mind that statistics can be generated on the basis of permission sets, and on user ids. A permission set is a set of resources to which your organisation subscribes. You may simply have one permission set for your organisation, or different ones for different types of users. If you have more than one, then information in your chosen authentication system eg user attributes such as member of staff, or department, must allow you to choose the right one. You will need to create the permission sets using the Athens administrator's interface.
7. You will need to set up a special login form hosted by your organisation, so that users who go direct to an external online service can be authenticated by your chosen local authentication system.
8. Sign the Athens Account Management licence.

Your IT department will need to do the following:

• Tailor your local authentication system to plug into your chosen user entry point. This will:
  • Collect the unique user id from the authentication system
  • Check the user attributes, if necessary, and generate the appropriate permission set
  • Call the Athens API with this information, and the organisation's Athens security key
• Build the external login form (known as an XAP) for access from external Athens-protected services

Athens will:

• Provide support to your IT department in building the appropriate pieces
• Test your services