Many library databases are secured by authentication, requiring users to provide their affiliation with a university before they will be granted access.
Kanopy employs an authentication workflow that we call "Simple Access." Simple Access provides users with easier, error-free access to your Kanopy website by avoiding common issues created by authentication systems.
1) Accessing your Kanopy platform for the first time
When a user first visits your Kanopy platform from outside your designated onsite IP range, they are greeted by a holding page that prompts them to log in.
If your website is set up to permit direct, onsite IP access, this page is skipped for a user when they visit your Kanopy website from onsite.
2) Connecting to your Kanopy platform
Upon clicking the large, orange "Log In to [University]" button on the university landing page, off-site academic users will be taken to a confirmation page to begin the authentication process:
There, if users click on "Log In to [University]" again, for most academic libraries a page will pop up prompting the user to sign in via their university's authentication system. Here, users supply their university login credentials:
Due to the nature of Simple Access, this authentication process does not create a session within your authentication method. As such, if a user goes on to access another library resource, they will be prompted to sign in again.
3) Returning to your Kanopy platform
Users are asked to authenticate (or reauthenticate) for your Kanopy platform at the following points of contact:
- The first time they access the website.
- Whenever they log out of access or remove cookies from their browser.
- Whenever they seek to access Kanopy via a different device or browser.
- Regardless of usage, every user will be forced to re-authenticate 90 days after their last previous login.
So, even if a user has an existing session with your authentication system, they will still be prompted to authenticate into your Kanopy system if their browser does not have a current session within Kanopy itself. For that reason, Kanopy users sometimes believe they are being asked to "sign in again."
Why does Kanopy use Simple Access?
There are a number of major benefits to Simple Access. For example, it:
- Solves all HTTPS issues: Simple Access solves the HTTPS issues that libraries most commonly experience, including issues with embedding films in learning management systems or sharing film links, as well as security issues.
- Permits users to use apps: Because Simple Access leverages HTTPS, it removes authentication barriers and allows your users to access Kanopy via apps on Roku, iPhone, Android, and a number of other devices.
- Allows sharing between institutions: The "holding page" under Simple Access is particularly helpful when users are sharing links to resources with users who are not members of the same institution. Users at different institutions that use Kanopy can easily share links to resources with one another. Due to Simple Access, users who receive Kanopy links from another institution will not be taken to an authentication page for an institution they are not a member of.
- Improves the ability to share and embed: Simple Access improves the ability to share and embed films in public websites (such as your library website, blogs, social media, etc.) because film metadata is publicly available for sharing. In this way, Simple Access supports visually appealing, engaging access to content that matters.
- Provides streamlined user access: After connecting once, a user will not be prompted to connect again until three months later from the same browser. Particularly for users who access Kanopy via apps, only being prompted to authenticate and "reconnect" their app for access (at most) four times a year makes for a streamlined experience. This maintains the security of access whilst ensuring user convenience.
- Reduces bandwidth pressure on your authentication system: Simple Access lowers the demands on your proxy/Shibboleth, not only by reducing the number of calls made to your system, but also by allowing videos to stream directly to user, thus reducing the bandwidth pressure on library networks.
What if a user is accessing a proxied link for our Kanopy website?
Kanopy films do not required proxied links to be accessible, and we do not recommend proxying access points to Kanopy content. In part, this is because proxied links introduce unnecessary steps when it comes to Simple Access.
So, when accessing Kanopy from a “proxied link” for the first time, the user experiences an extra step to “connect” to their library. Here is the sequence of events:
- A user clicks on proxied link.
- The user is taken to the proxy login page and logs in successfully.
- The user is directed to the Kanopy website and will see a similar "Connect" button as per above.
- Upon clicking "Watch," "Connect," or "Log In to [School]", the proxy will automatically authorize the user's access (without asking the user to re-login) and the user will have access.
The only difference here with the typical process for a user accessing a proxied link is the insertion of a "Connect" button giving immediate access after the successful proxy log in. All of the benefits of Simple Access are then granted to the user.
Please contact us with any questions or connection issues. Be sure to include a clear description of the issue, the steps you took to produce the issue, and if possible, a full page screenshot.