Skip to Main Content

OPAL Alma/Primo LMS

Resources and information specific to OPAL Alma/Primo instances

Authentication

Ex Libris (Clarivate) Trust Center - https://clarivate.com/trust-center/

  • The Trust Center gives more information about the standards that Ex Libris & Clarivate are maintaining. 
  • An updated HECVAT (Clarivate & Ex Libris Certifications) is available on the Ostaff Systems page. This HECVAT is for the “Library Open Platform;" it covers Alma, Esploro, Leganto, Primo, Rapido, Rialto, and Specto. 

Ex Libris Developer Network - https://developers.exlibrisgroup.com/alma/integrations/

  • This page includes more information on all of the integrations that are possible with Alma/Primo. The two integrations that we are focusing on (patron load/SIS and authentication) first can be found under the "Users in Alma" menu item at the bottom left of the page. 

When Alma SSO Certificates Expire

  • SSO certificates generally occur every two years. Your IT will receive a message from the identity provider, such as Microsoft Entra ID, that the certificate will expire. When that happens contact us and we will work with your IT to update the information in Alma/Primo.

Authenticating Users/Patrons to the System

  • Authentication is how users sign into Alma, Primo, Library Mobile, etc. to access their library account, place requests for library material, or access electronic resources. Alma integrates with several federated authentication options, including LDAP and single sign on protocols (SSO) such as SAML, CAS, and OpenID Connect. IT departments will be able to configure authentication of patrons in Alma and Primo according to your campus authentication process.
     
  • Patron records maintained manually are authenticated against identifiers in the Ex Libris Identity Service and a password.
     
  • The proxy server and its authentication are separate even though it will be impacted by the Alma migration and the IT integrations. Off-campus access to resources will continue to be authenticated using the proxy. If your campus user/patron authentication process changes let us know so that we can review your proxy configuration and make any necessary adjustments. For example, if you’re configuring Alma to do SSO authentication, then we’d want to do this for the proxy server as well.
     
  • We generally recommend switching your proxy to SSO when possible. It is a relatively simple change for us and your IT team.