Alma environments support the use of the following social networks to perform user authentication: Google and Facebook. The following steps describe the interaction between the user, Primo, Alma, and the social network to provide authentication and authorization:
- The user invokes the sign-in option in Primo.
- Primo displays the Primo login page, which also contains a link to the social login page.
- The user clicks the link to the social login page, according to the integration profile configured in Alma (see Social Login).If you have configured both Google and Facebook in Alma, the user selects a preferred social network from the Social Network Login page. Otherwise, the user is redirected automatically to the only configured social network.
- Authentication is handled by Alma and the social network:
- If the user has not signed in to the social network, the social network displays a sign-in page for the user to sign in. Otherwise, no additional sign-in is necessary.
- After the user signs in, the social network sends a token to Alma.
- If the user is not recognized by Alma and self-registration is configured in Alma (see Social Login), Alma prompts the user to perform self-registration. If self-registration is not configured in Alma, the user is sent an error message.
- If the user has been authenticated, Primo logs the user in.
For information on configuring social logins in Alma and the social networks, see the following pages, respectively:
Configuring a Social Login Profile
Authentication using a social network via Alma does not require much configuration because the relevant information is defined for the Primo institution and displayed automatically for you in the login profile.
It is assumed that social authentication will be used in parallel with another authentication method to allow users to select a social network option from the parallel login page, which will display when the user attempts to sign in.
To configure Primo to use social authentication:
- Open the User Authentication Wizard page (Primo Home > Ongoing Configuration Wizards > User Authentication Wizard).Social authentication is available with the new Primo UI only.
- Select your institution from the Owner drop-down list.The source of your Primo institution must be Alma in order to configure Alma user authentication.
- From the list of profiles, click Edit next to the Alma profile that you want to configure.The Login Profile page opens.Social Login Profile Page
- Use the following table to configure the Alma authentication fields:
Alma Configuration Fields Parameter DescriptionSOCIAL_ALMA_LOGIN_URL(Required) The IDP login URL. This is the URL Primo uses when it sends the authentication request to Alma.ALMA_INSTITUTION(Required) The Alma institution code, which is defined in the Alma Institution Code mapping table.JWT_SIGNATURE_SECRET(Required) Used for the handshake between Primo and Alma. Any value can be used here as long as it matches the entry defined for Alma's customer parameter jwt_signature_secret (Administration > User Management Configuration > Configuration Menu > General > Other Settings in Alma; see Configuring Other Settings).
- Select ALMA (see Alma Information Request Fields) from the Select User Information Method drop-down list.
- Click Save.
- From the list of profiles, click Edit next to your Alma profile.The Login Profile page opens with the attribute mapping option.Alma Login Profile Page - Attribute MappingThe Attributes Mapping button displays only when the user information method has been selected and saved.
- Map the user attributes associated with Alma authentication. For more information, see Attribute Mapping.