Open Athens
Search OpenAthens Open Athens

Iowa State University Library

Security Audit Inspires Library to Discontinue Proxy Service

Overview

Iowa State University, classified as a Carnegie Foundation Doctoral and Research University, enrolls approximately 32,000 students in a variety of academic programs including agriculture and life sciences, veterinary medicine, engineering, business, liberal arts, and design.

To support the research needs of Iowa State University students and faculty, the University Library maintains approximately 2.5 million physical volumes and 770 electronic resource collections. Recently, a security audit by the University’s IT department prompted the library to move from a proxy-based authentication method to OpenAthens, a SAML-based single sign-on identity management system that offers seamless access, a personalized research experience, and greater security.

“OpenAthens appeared on our radar as a solution that would provide access in a more secure fashion”

– Greg Davis, Assessment and Planning Assistant

Challenges

Assessment and Planning Assistant Director Greg Davis and his team collaborated with the University’s IT department to conduct a security audit of all library applications. At the same time, the IT department had begun the process of phasing out local servers and applications and migrating to cloud-based services.

When IT learned that the library had experienced security issues that resulted in a temporary loss of guest users’ access to some publisher resources, both teams began looking for a more secure, single sign-on solution.

“OpenAthens appeared on our radar as a solution that would provide access in a more secure fashion,” Davis said of the federated authentication method.”

Although the library’s proxy-based solution offered a cloud-based option, Davis said, it would not provide the level of security that OpenAthens delivers.

Solutions

In March 2020, the Iowa State campus shut down due to the COVID-19 coronavirus pandemic. In May, at the height of the quarantine period, 12,000 accounts were automatically set up when users logged in to the University’s Okta system.

Davis said the implementation took a while, but it went smoothly.

“We had a really good support experience with the OpenAthens project team at EBSCO,” he said. “They were always responsive to our requests.”

By switching to OpenAthens, the library has reduced the risk of security breaches and satisfied the IT department’s request that all library users be required to log in, even when they are on campus. The library now utilizes OpenAthens managed proxy service for publishers who do not offer federated access and avoid the need for the locally hosted proxy server.

The library is now able to utilize OpenAthens as an IdP for guest authentication. ISU’s prior system required the participation of multiple departments to update a local directory (LDAP) server in order to create guest accounts. Now the library can create accounts directly in OpenAthens, allowing guests to log in and access e-resources in minutes. Besides saving time for the patron, library, and IT, this workflow allows to conform to data protection and policy requirements.

Benefits & Results

Using OpenAthens’ managed proxy and IdP functionality has enabled Iowa State to reduce efforts and costs associated with managing local servers.

In addition, OpenAthens is providing library leaders with easier access to usage data. The library still relies on COUNTER data as the gold standard for measuring e-resource use, but Davis believes the OpenAthens data will help to fill in the gaps.

“We think, between the two of them, we’ll have a better idea of the big picture in terms of what’s happening with our e-resources access,” he said.

The library ran reports comparing May 2020 e-resource usage to May 2019, and the numbers were consistent.

“The switch to OpenAthens for e-resource access, even though it occurred during the COVID-19 shutdown, didn’t cause an increase or decrease in people using our library system,” Davis said, attributing the steady usage numbers to the seamless transition. “Users didn’t recognize that they were logging in through a different system.”