Eliminate the two-tiered (context) logins that identify branch locations and personalized user
Several years ago we adopted context logins. We have established that a 1 tier login will not work for us.
CURRENT STATE : Our Regional Library consists of 39 branches in almost as many cities. To distinguish the branch of our Sierra users we currently use a two-tiered login. This login process allows us to continue to use generic branch accounts while meeting our obligations to protect customer information. The two-tiered login allows us to collect branch-specific data and apply unique user settings, options, and settings.
The drawback is that our staff must login twice and it may pose an obstacle to our plans to move towards single sign-on (SSO) with SAML. Innovative’s implementation requires that our Library provides the IP addresses of each of our branches to be used in Innovative’s firewall.
This means that Innovative has a table linking each branch to an IP address. When a user logs in, their request originates from one of the branch IP addressed in the table.
FUTURE STATE : To improve the usability of Sierra, we propose that we move away from the two-tiered logons. Instead, Innovative could do a lookup in its table and identify the branch corresponding to the IP address of the incoming authentication request. Thus, the user’s location will be established without requiring two logins.
Elizabeth Wright
shared this idea
This idea will be reviewed by the Innovative product team for consideration in planning the upcoming product roadmap.
-
Jeremy Goldstein
commented
I have an alternate suggestion for an approach to take to address this problem. As someone who travels between locations with a laptop to work the IP based approach may not be the best option.
It's been some time since then, but when I was a user of a different ILS this was addressed by having the workstation/client "register" to be associated with a location, entirely outside of the user logon process. On a daily basis the user only has to use their single personal logon and the location for the workstation would remain persistent (though it could be altered if need be).