Exciting news from the new release: KLAS Version 7.8.32 includes the initial functionality to support Single Sign-On (SSO) integration!
KLAS has introduced integration with Keycloak, which in turn can be connected to your organization’s SSO “Identity Provider,” such as Okta, IBM Verify, JumpCloud, Microsoft Entra ID, or Google Workspace.
We currently have the configuration completed for our first two sites taking this live, and are hopeful that we will be ready to bring on additional sites in the near future. There are a few more functions and improvements slated for the next release or two, and due to the configuration needed, this will need to be a gradual, controlled roll-out.
How it works:
If this is put in place for your database, instead of getting the standard KLAS log-in screen, a web browser will be launched open to your organization's login page. Once you log in there, a confirmation page will be loaded and the KLAS desktop will open.
If your SSO provider requires multi-factor authentication, that will apply to logging into KLAS this way as well.
Using this authentication method, new users will still need to be added to KLAS, with all the existing Security Control screens still available to add the user, put them into a Security Group, set a display name, etc. That KLAS user record is linked to the SSO user by email address, so if a user’s email changes, it should be updated in KLAS as well as the SSO to keep them linked.
Note, this current round of integration applies to the staff-side KLAS users, not patrons logging into the WebOPAC or WebOrder. We are looking ahead and plan to add SSO for patrons to use their NLS BARD log-in with the WebOPAC, but that is further down the development roadmap.
If you want to get SSO set up for your library: feel free to let us know that you’re interested, and which Identity Provider you are using (Okta, Entra, etc). We will need to work with your IT to configure the connection between Keycloak and your Identity Provider, so your first step will be to determine who the point of contact on your side should be, and who else may need to be involved. If your IT has questions about the integration or is ready to work with us on it, they are very welcome to contact us directly at the usual .
Finally, if your organization does not use SSO, or you just don’t want KLAS tied into it, don’t worry: this is fully optional. The standard KLAS log-in will continue to be available for the time being.
