There are three primary forms of authentication provided by OpenAthens.
- “Proxied access,” which refers to a user accessing an electronic resource through IP authentication. Subsequently, “IP authentication” is a form of authentication that uses a unique string of characters to indicate where the user is coming from to check if the user is attempting to access an electronic resource from an approved identity provider.
- "Federated access,” which refers to a group of entities that have all agreed to share their metadata within a trusted host, making it easier within that federation to connect and provide access to their electronic holdings. Organizations that want to set up federated access with service providers must have an entity ID and unique scope that provides identities for the organization’s users. An entity ID is a unique ID that federations use to distinguish between organizations. Every organization that uses federated access has a unique entity ID. An organization’s entity ID usually contains the organization’s domain within the entity ID, but the entity ID can be anything, and there is no standardization or requirement in this area. An organization can have multiple scopes depending on how many sub-organizations fall under the larger organization.
- "Bilaterally connected access.” This form of authentication is essentially a federated connection between two organizations. Bilateral connections require organizations to send each other their metadata and consume that metadata to create a connection between the service provider and the organization to create a secure connection.