When setting up your institution's Kanopy website for access, we must ensure security so that only your approved users are able to access your website, and so our filmmakers know their films are secure.
It is important to note that whatever authentication protocol you use will always work on all links, including links that are unproxied (we automatically proxy links that are unproxied for users outside of your IP range), shared on social media, embedded or otherwise.
Kanopy works with almost all methods of authentication that a library may employ. Most typically, this will include IP access for on-campus access and then one form of system for off-campus access (e.g. EZproxy, Shibboleth, WAM, VPN, password, barcode pattern, etc).
You can see base information on setting up for these key authentication methods below. If you have any questions on this at all, please contact Kanopy support at helpdesk@kanopy.com.
To set up your Kanopy website:
- Provide your full onsite/campus and proxy IP ranges
- Confirm your proxy URL format with us (this may be rewritten as http://ezproxy.library.institution.edu/login?url=)
- Add the following to your proxy
T Kanopy
U http://PREFIX.kanopy.com
H https://PREFIX.kanopy.com
D kanopy.com
AND
T Kanopy
U http://PREFIX.kanopystreaming.com
H https://PREFIX.kanopystreaming.com
D kanopystreaming.com
You will need to change the word "PREFIX" to your institution ID or acronym provided by Kanopy.
Important notes on EZProxy set up:
- Please let us know once you have completed the proxy configuration at helpdesk@kanopy.com
- You do NOT need to proxy the links to films and the database in your catalog, library website, embedded links or otherwise (we set up an automatic proxy redirect so any users seeking to access the unproxied links off campus will be auto directed to the correct proxied links)
- We strongly encourage implementing a security certificate for your proxy so that HTTPS protocol is being used to benefit from full security and to support film embedding into your course system
To set up your Kanopy website:
- Provide your full onsite/campus and proxy IP ranges
- Confirm your WAM prefix (e.g. how would your WAM rewrite this URL https://institution.kanopy.com)
- Add these lines to your WAM configuration to ensure the links can be used by remote users:
PREFIX.kanopy.com
PREFIX.kanopystreaming.com
(you will need to change the word "PREFIX" to your institution ID or acronym provided by Kanopy.)
Important notes on WAM set up:
- You do NOT need to use the WAM links to films and the database for your Kanopy website in your catalog, library website or otherwise. You can use the unproxied base links for your Kanopy website (we set up an automatic WAM redirect so any users seeking to access the unproxied links off-campus will be auto directed to the correct proxied links)
3) SAML/Shibboleth/OpenAthens set up
- Authorize Kanopy to connect to your SAML/Shibboleth/OpenAthens system
- The person/team managing your SSO account needs to look up Kanopy in the InCommon or UK Federation and add our Service Provider metadata to be able to connect to your Identity Provider (even if we are not listed on the InCommon website, our metadata is listed in their system). Our metadata is also available at the URLs below:
- https://auth.kanopy.com/sp
https://auth.kanopystreaming.com/sp - In some cases, this step is not needed as you may have a rule in place allowing anyone in the InCommon federation to connect to your Identity Provider automatically
- https://auth.kanopy.com/sp
- Kanopy will set up your off-campus access to use this method
- Test the off-campus access to make sure access is working
- If you have any issues with access at this point, please send us a test account along with the contact details of the person in managing your SSO connection so that we can reach out to troubleshoot.
4) VPN set up
To set up your Kanopy website:
- Provide your full onsite/campus and VPN IP ranges
- Confirm a URL link for VPN instructions (we will direct users here if they are trying to access your website without the VPN installed)