Shibboleth Implementation for PSDS User Registration

Grant reference number: EP/S020357/1

Short summary

Improving access methods and authentication through introduction of institutional registration and log in has dramatically facilitated registration and therefore the number of PSDS users.

Key Outputs

  • Reduced sign-up time for users
  • Lowering of the barrier for off-site access for remote learning and home working
  • Increased authentication to ensure legitimate user access
  • Ability to gather more accurate usage data

Case study Overview

Implementation of an institutional registration system through Shibboleth and the move away from a username / password system has significantly lowered the barrier to access our service. Users can more quickly and simply register for the service and the workload for staff activating new accounts has been vastly reduced. This has been particularly pertinent given the COVID-19 restrictions and shift to remote learning and homeworking that has occurred over the last year.

Implementation

The PSDS has adopted the institutional sign-in model to make access to the facility simple, seamless and without unnecessary administration. Implementation of this system could be of interest to other facilities and groups to improve their authentication and reduce any burden on their support team. This has been achieved by implementing the commonly used Shibboleth authentication system (https://www.shibboleth.net/) on our user management system. This allows users to register for an account directly with their institutional email address or convert an existing account to use institutional login rather than a username and password. Following initial registration, users simply use their institutional credentials to log in to PSDS via their institution. This is a familiar system to most university staff & students as it is often implemented within other services.

The new sign in system was implemented through registration and installation of Shibboleth, the system implemented by the UK Access Management Federation for Education and Research from Jisc. This was implemented through a 6-month development project within the PSDS team, spearheaded by an STFC graduate. Roll out of the system was carried out through our development & testing pipeline with the system going live on our website in early March 2020. The installation and rollout went very smoothly due to the planning and systems implemented for service changes.

Flowchart explaining how users log into the PSDS Service with Shibboleth (institutional login)
Flowchart explaining how users log into the PSDS Service with Shibboleth (institutional login)

Since March 2020 this system has been a resounding success. We have had 993 users register via Shibboleth, up to 31/08/2020. This compares to just 93 users registered through the manual verification method in the same time period, meaning 91.4% of our new registrations went through Shibboleth and required no additional input from our support team. In addition, 171 users converted their accounts to access via their institution.

Benefits

The introduction of Shibboleth registration has a host of benefits both for the PSDS users and for the PSDS support team.

Reduces burden on PSDS support team:

Prior to the implementation of this system the registration process required manual activation by the PSDS support team and resulted in a delay from the point of registration before the user could access the system. As the number of user registrations increased, so did the workload on the support team. The introduction of the Shibboleth system has removed several hundred support tickets and account activations from the system every month allowing them to focus on other development work.

Easier off-site access:

In the current turbulent times caused by COVID-19 restrictions, the ability to access resources from home at short notice has become increasingly important. The move from manual verification to automated verification means our users can instantly access resources without any delay and they can more easily adapt to remote teaching and working requirements.

Better user experience:

Our users do not experience any delay in accessing the resources as their accounts are immediately activated. They are also not required to maintain a separate password for the PSDS service.

Increased authentication:

Manual user verification is reliant on email address validation and increasingly alumni from universities have email addresses either forwarded from their university address or that look similar enough to a valid email address. Shibboleth authentication returns a status of the account, allowing us to reject applications from alumni who are not eligible to access our service. If a user leaves their institution, their shibboleth login will automatically stop working unlike the username / password system.

The introduction of institutional registration is the first step towards the personalisation of our service. Our future development will allow us to capture more useful statistics on the use of our service and provide a more personalised experience for our registered users.

Collaborators

UK Access Federation - Jisc, 15 Fetter Lane, London, EC4A 1BW

Contact details

For more information you can contact support@psds.ac.uk

 

A pdf version of this case study in the EPSRC template can be downloaded below.

Download PSDS Shibboleth case study