Hi, how can we help you?

How does Kanopy authenticate users?

Introduction

Kanopy employs an approach to authenticating users called "Simple Access". Simple Access is an authentication method that provides users with easier, error-free access to your Kanopy website and avoid common issues created by authentication systems (e.g. proxy, Shibboleth, etc).

Many library databases sit behind an authentication "wall", where users cannot even access a database without first going through an authentication process (proxy, Shibboleth, library barcode, etc) and these authentication systems can cause many problems and errors for users.

How does "Simple Access" work?

1) Accessing your Website for First Timers

When a user visits your website for the first time, they will be greeted by a holding page that alerts them of the library through which they are seeking to access the content (baed on the link they are accessing) and prompts them to connect via your authentication system (refer image below).

NOTE - if your website is set up to permit direct on-campus IP access, this page will be skipped for a user when they are seeking access and are on your campus IP. This is only for off campus users.

Greeting_page.png

2) Connecting to the Website

For most academic libraries - if your library employs a proxy, Shibboleth, VPN or other authentication system, once the user selects the connect button, a page will pop up prompting them to sign in via your authentication system (refer image below).

authentication_page.png

For most public libraries - using API authentication systems (e.g. SIP, Patron API), the user will be permitted access to the website upon selecting the "connect" button and browse films. The authentication of the user will actually take place once the user seeks to watch a film.

3) Returning to the Website

Once authenticated by your library for access per the above process, a user will be regularly checked on an ongoing basis as well. Users are forced to authenticate at the following stages:

  • The first time they access the website (per the process above)
  • Whenever they log out of access or remove cookies from their browser
  • Whenever they seek to access via a different device or browser
  • A forced re-authentication every 3 months - regardless of usage, every user will be forced to re-authenticate their credentials on the 3rd month anniversary of their last previous log in

At any of these stages, the user will be forced to "re-connect" and input their log in credentials for your library again.

Why "Simple Access"?

There are a number of major benefits to the "use" method over the "access" method in that it:

  • Solves all HTTPS issues: Simple Access solves the HTTPS issues which libraries most commonly experience. Problems related to embedding films in learning management systems or sharing film links, as well as security issues, are now fully resolved as we are removing the friction of having to establish a direct HTTPS connection and avoid issues that proxy / Shibboleth can cause
  • Permits users to use apps: Simple Access enables your users to use apps for Kanopy (e.g. roku, iphone, android, etc) by operating in HTTPS and solving authentication barriers. App-use is not possible in the absence of this streamlined method of access
  • Allows sharing between institutions: The "holding page" under Simple Access is particularly helpful when users are sharing links to resources with others who are not members of the same institution. Users at different institutions can easily share links to resources with other and ensure a simple approach to connecting with their correct institution (rather than a user sharing a link that takes others to an authentication page for an institution they are not a member of)
  • Improves the powers for share and embed: even solving for HTTPS issues, Simple Access significantly improves the ability to share and embed films in public websites (such as your library website, blogs, social media, etc) as the metadata for sharing (e.g. images, copy, etc) is publicly available. It supports visually appealing sharing
  • Provides a streamlined user access: After connecting once, a user will not be prompted to connect again until three months later from the same browser. This streamlines user access and experience and means if users are using apps (such as Roku, iPhone, etc) - they will be prompted to authenticate via proxy/Shibboleth and "reconnect" their app for access four times per year. This maintains the security of access whilst ensuring user convenience, especially with apps
  • Reduces bandwidth pressure on your authentication system: Simple Access lowers the demands on your proxy/Shibboleth, not only by reducing the number of calls on your system, but by allowing videos to stream directly to user, thus reducing the bandwidth pressure on authentication systems

What if a user is accessing a proxied link for our Kanopy website?

When accessing Kanopy from a “proxied link” for the first time, the user will experience an extra step to “connect” to their library. Here is the sequence of events:

  • User clicks on proxied link
  • User is taken to the proxy login page and logs in successfully
  • User accesses Kanopy is directed to the Kanopy website and will see a similar "connect" button as per above 
  • Upon clicking “Connect”, the proxy will automatically authorize the access (without asking the user to re-login) and the user will have access

The only difference here with the typical process for a user accessing a proxied link is the insertion of a "connect" button giving immediate access after the successful proxy log in. All benefits listed above will then be granted to the user.

Having trouble connecting to your platform?

Please contact support@kanopy.com with any questions or connection issues. Be sure to include a clear description of the issue, the steps you took to produce the issue, and if possible, a full page screenshot.

 

 

Was this article helpful?
6 out of 7 found this helpful
Have more questions? Submit a request

Comments

Follow