The library authentication solution should include the following functions/services: • Hosted SAML single sign-on authentication solution for libraries. • Software-as-service maintained and supported by the vendor. • Web-based user interface for client (EWU) administrators to make customizations, monitor functionality, etc. • Ability to connect to Microsoft Entra ID (EWU’s IdP) as the authentication method. • Service should support and facilitate the exchange of identity information between EWU’s IdP and service providers, primarily subscription library databases, to allow EWU library patrons to use EWU’s SSO to log into the research databases to which EWU Libraries subscribe. • Service should facilitate trust relationship connections to a wide variety of library research database service providers. • Ability for the client (EWU) to create and manage temporary login credentials specific to the hosted authentication system (not tied to Entra ID/SSO) for situations in which library access should be granted to people who do not have EWU SSO credentials. • Service should be able to provide IP proxy connections to subscription databases that do not support SAML authentication. • Service should have the ability to pass identity attributes to library databases to allow for a personalized database experience for EWU’s library patrons. • Service should have the ability to restrict access to designated service providers (library databases) by identity attributes (i.e. user group types). • Service should provide detailed usage reports to the client (EWU), either ondemand by the client or periodically generated usage reports provided by the service. • Service should have the ability to grant access or set access restrictions within EWU’s network by IP range.
