Single Sign-On (SSO) access to Springer Link
- Set up SSO for academic institutions
- Set up SSO for companies
- Springer Service Provider Details
- WAYFless URLs
- Attribute Mappings
- Set up SSO using GSuite
- Set up SSO using Microsoft Azure AD
- Set up SSO using Okta
Set up SSO for academic institutions
If you have an entityID and/or an Athens Code, please contact Online Services with those details. When this information has been added you will find your institution name listed in the appropriate drop down menu on our Federated Access login page. The name displayed on this list is the one found in the institution's metadata directly provided to us or specified in a country federation.
If your institution is a member of a country federation such as those listed on the EduGain site then your Identity Provider (IdP) metadata should automatically be imported into our system. Also, you should automatically have the SpringerLink Service Provider metadata.
Set up SSO for companies
If your company has a authentication system which uses the SAML protocol then you can enable off-site access to SpringerLink. SpringerLink supports all SAML based federated authentication systems including:
- Microsoft Active Directory Federation Service(ADFS)/Azure
- Ping Identity
In order to setup SSO access to SpringerLink follow these steps
- Import the 'SpringerLink' metadata into your Identity Provider
- Send your Identity Provider's metadata URL (recommended) or metadata XML file to Online Services specifying the entityID and ask them to link it to your account with SpringerLink
Springer Service Provider Details
- ACS URL/Reply Url: https://fsso.springer.com/federation/Consumer/metaAlias/SpringerServiceProvider
- Entity ID/Identifier: https://fsso.springer.com
- Start URL: https://link.springer.com
- Sign-on url: https://wayf.springernature.com/?redirect_uri=https://link.springer.com
- Metadata for SpringerLink https://fsso.springer.com/saml/metadata
To avoid having to use the 'Where Are You From' (WAYF) page it is possible to link directly to articles on the SpringerLink site. If the user is already logged in they will be taken directly to the article, otherwise they will be taken directly to your login page and then onto the article after logging in. These links are created using the following format
- entityID : The entity ID of your organisation e.g. https://mycompany.com/adfs/services/trust
- article link : The encoded link to the article, journal or search e.g.
- Article: https://link.springer.com/article/10.1007/s12288-015-0534-1
- Journal: https://link.springer.com/journal/10765
- Search: https://link.springer.com/search?query=graphene
- Faceted Search: https://link.springer.com/search?query=graphene&facet-content-type="Journal"
Note: The entityID and article link should be encoded otherwise the link may not work. An example WAYFless URL would look like this
Some organisations share an identity provider hosted by a third party such as CSTNet, Rediris, Fédération Education-Recherche and GakuNin. When accessing SpringerLink using federated authentication the organisation using a third party are identified by an attribute sent in the SAML response e.g. the 'eduPersonScopedAffiliation' in the case of most academic institutions. If this is the case for your organisation, you should send the name of the attribute, its value and the entityId of the Identity Provider to Online Services.
Set up SSO using GSuite
Setup of SpringerLink federated access on GSuite can be seen in the video here
Set up SSO using Microsoft Azure Active Directory
The Microsoft document detailing how to setup access to SpringerLink on Azure using a gallery application can be found here:
If you wish to set it up manually, access the Azure portal (https://portal.azure.com/) then go to: Azure Active Directory -> Enterprise Applications -> New Application -> Non-gallery Application
Give it a name like SpringerLink and click Add.
On the newly created application overview page click on Single sign-on then SAML
Edit the Basic SAML Configuration section and use the following values:
- Identifier (Entity ID) : https://fsso.springer.com
- Reply URL (Assertion Consumer Service URL) : https://fsso.springer.com/federation/Consumer/metaAlias/SpringerServiceProvider
- Sign on URL : https://fsso.springer.com/saml/login?idp=[your-entityID]&targetUrl=https://link.springer.com
- Relay State : https://link.springer.com
Set up SSO using Okta
As SpringerLink has a registered Okta app, it is literally just a few clicks to set it up.
For the required steps please follow the Okta documentationhttps://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Springer-Link.html
- Identity Provider (IdP) : Your institutional authentication system
- Entity ID : a URL (or URN) that uniquely identifies your SAML identity provider. It can be found in your SAML metadata xml file
- Service Provider (SP) : The SpringerLink service
- Where Are You From page (WAYF) : Also know as the 'discovery page' it presents the user a list of Identity Providers. It is a page where the user identifies which organisational Identity Provider they belong to. This is the SpringerLink WAYF Page
- WAYFless URL : A link to a url on the SpringerLink site which allows the user to avoid navigating via the WAYF page
How do I know if I am logged in?
If you have successfully authenticated you should see your organisation name and the corresponding Springer 'Business Partner ID' (BPID)) at the bottom of the page