Access and authentication

Here at Altmetric security and privacy are of the utmost importance to us which is why we provide you with various ways to control access to your Explorer for Institutions.

We support the following types of user access/authentication:

  1. IP access - We allow access to your Explorer for Institutions instance only within your office/campus IP ranges. Users can go to altmetric.com/explorer and access the platform as a guest. This means a user is given access to the full database and can create an account, via the plus sign at the bottom left hand corner for additional functionalities including saved searches and email alerts.

  2. Unique invite link - We generate a unique link you can share with your users to create their own account.

  3. Email address - We allow your users to sign up with their institutional email address, so as an example anyone with an @altmetric.com email would be able to create their own profile in the Explorer for Institutions.

  4. Single sign-on - Altmetric supports SAML2 based authentication (OpenAthens, AD-FS, Azure, Shibboleth etc), and we’re a member of the UK Federation and Surfconext. If your institution uses SAML2 based authentication we can work with your team to implement federated access to the Explorer. When SSO is enabled, users are redirected to your IdP (Identity Provider) for authentication. This means your members can use their institutional credentials to login to Explorer for Institutions and you control who has access to your instance.

Note

There is an additional fee for enabling SSO. If this isn’t already part of your contract or if you are interested adding SSO please contact your Account Manager to discuss.

Single Sign-On

In order to set up SSO you’ll need to provide Altmetric with a technical contact who will be able to answer questions about the university’s ldP (Identity Provider).

UK and Rest of World (excl. Netherlands)

Metadata

Our production metadata can be found within the UK Access Federation or alternatively available here: https://www.altmetric.com/explorer/shibboleth/metadata.xml.

If your organization is not a member or you would prefer to provide us with a direct link to your metadata instead, this is also supported.

Attributes

In order for users to be able to login successfully one of the following attributes will need to be released:

  • eduPersonPrincipalName => urn:mace:dir:attribute-def:eduPersonPrincipalName or urn:oid:1.3.6.1.4.1.5923.1.1.1.6

  • mail => urn:mace:dir:attribute-def:mail or urn:oid:0.9.2342.19200300.100.1.3

Note

Accounts require a valid email address so that they can receive opt-in digest/notification emails from the system. If the eduPersonPrincipalName is not a valid email address and can’t be used to receive email (i.e. is purely a scoped identifier) then you will need to either:

  • Additionally release the mail attribute, or

  • Switch to using just the mail attribute

Where mail is released alongside the eduPersonPrincipalName the eduPersonPrincipalName can be used as the account identifier but the user will receive their digest emails via the value associated with the mail attribute.

Surfconext

Adding SSO provided by Surfconext is really simple, all you’ll need to do is have your technical contact reach out to support@surfconext.nl and let them know that you’d like to add the Altmetric Explorer service and we’ll do the rest.