In 10.1.5.1 we implemented Single Sign-On via SAML 2.0-compliant third-party identity providers such as Microsoft Azure.
If a borrower uses an external identity provider to login to Spydus then we don't show the following fields on the Personal Details tab in My Account: New password, Confirm new password, and Current password.
From 10.1.5 there are 3 options for customers to sign into the Spydus OPAC (Online Public Access Catalogue):
If SAML login is turned on, the borrower must login before being able to access all borrower related functions (i.e. reservations, bookings, requests, reviews and tags).
If the borrower is not logged in and they choose an option which requires borrower authentication (e.g. reservation) and both Spydus and SAML logins are used, then the login page will be presented with both options.
If SAML only is used, they will be redirected immediately to the SAML login page. If SAML only is used, the options to Join online and Forgot your password are also removed. If a borrower uses an external identity provider to login to Spydus then we don't show the following fields on the Personal Details tab in My Account: New password, Confirm new password, and Current password.
When using SAML authentication, Spydus should be aware of the borrower who's trying to sign in using the 3rd-party identity provider (IDP). There's a chance that a valid user account on the 3rd-party IDP may not have a corresponding account on the Spydus database. In this instance, Spydus can be configured to execute one of two possible actions:
This functionality requires additional commissioning and a fee applies. Please contact your Civica Account Manager for more details. |
This feature requires server version 10.6.2 or higher.
As of Spydus 10.6, Single Sign-On using Office 365/Azure AD credentials is supported.
This feature requires a minimum server version and patch:
|
If Spydus requires that the user or borrower account password be reset (e.g. reset on first login, password expiry period), when the user or borrower logs in using single-sign on credentials, the reset validation will not be applied.