Single sign-on (SSO) access to Nature
- Set up SSO for academic institutions
- Set up SSO for companies
- Nature Service Provider Details
- WAYFless URLs
- Attribute Mappings
- Set up SSO using Microsoft Azure AD
- Set up SSO using Okta
- Glossary
FAQs
Set up SSO for academic institutions
If you have an entityID and/or an Athens Code, please contact Online Services with those details. Once the information is added your institution will be visible on the Nature WAYF page
If your institution is a member of a country federation such as those listed on the EduGain site then your Identity Provider (IdP) metadata should automatically be imported into our system. Also, you should automatically have the Nature Service Provider metadata
Set up SSO for companies
If your company has an Identity Provider which uses the SAML protocol then you can enable off-site access to Nature. Nature supports all SAML based federated authentication systems including:
- Microsoft Active Directory Federation Service(ADFS)/Azure
- GSuite
- Shibboleth
- OpenAthens
- Ping Identity
- Okta
- OneLogin
- SailPoint
We do not support the following:
- OpenID
- OAuth
- Other non SAML 2.0 Services
In order to setup SSO access to Nature follow these steps
- Initially you will need to set up the details (metadata) of the Nature service in your Identity Provider. The information needed should all be present in Nature Service Provider Details
- Send your Identity Provider's metadata URL (recommended) or metadata XML file to Online Services specifying the entityID and ask them to link it to your account with Nature
Nature Service Provider Details
- Entity ID/Identifier: https://secure.nature.com/shibboleth
- ACS URL/Reply Url: https://secure.nature.com/oa/auth/rcv/saml2/post
- Start URL: https://www.nature.com
- Sign-on url: https://wayf.springernature.com?redirect_uri=https%3A%2F%2Fwww.nature.com
- Metadata for Nature: https://sp.nature.com/saml/metadata
WAYFless URLs
To avoid having to use the Nature WAYF page it is possible to link directly to articles on the Nature site. If the user is already logged in they will be taken directly to the article, otherwise they will be taken directly to your login page and then onto the article after logging in. These links are created using the following format
- entityID : The entity ID of your organisation e.g. https://mycompany.com/adfs/services/trust
- article link : The encoded link to the article, journal or search e.g.
- Article: https://www.nature.com/articles/nature25447
- Journal: https://www.nature.com/subjects/earth-and-environmental-sciences
- Search: https://www.nature.com/search?q=graphene
Note: The entityID and article link should be encoded otherwise the link may not work. An example WAYFless URL would look like this
idp=https%3A%2F%2Fmycompany.com%2Fadfs%2Fservices%2Ftrust
&targetUrl=https%3A%2F%2Fwww.nature.com%2Fsearch%3Fq%3Dgraphene
Attribute Mappings
Some organisations share an identity provider hosted by a third party such as CSTNet, Rediris, Fédération Education-Recherche and GakuNin. When accessing Nature using federated authentication the organisation using a third party are identified by an attribute sent in the SAML response e.g. the 'eduPersonScopedAffiliation' in the case of most academic institutions. If this is the case for your organisation, you should send the name of the attribute, its value and the entityId of the Identity Provider to Online Services.
Set up SSO using Microsoft Azure Active Directory
To configure the SAML SSO access the Azure portal (https://portal.azure.com/) then go to: Azure Active Directory -> Enterprise Applications -> New Application -> Non-gallery Application
Give it a name like Nature and click Add.
On the newly created application overview page click on Single sign-on then SAML
Edit the Basic SAML Configuration section and use the following values:
- Identifier (Entity ID) : https://secure.nature.com/shibboleth
- Reply URL (Assertion Consumer Service URL) : https://secure.nature.com/oa/auth/rcv/saml2/post
- Sign on URL : https://sp.nature.com/saml/login?idp=[your-entityID]&targetUrl=https://www.nature.com
- Relay State : https://www.nature.com
https://sp.nature.com/saml/login?idp=https://sts.windows.net/af2d669a-8754-49df-9b01-aa92d453b591/&targetUrl=https://www.nature.com
Set up SSO using Okta
As Nature Research has a registered Okta app, it is literally just a few clicks to set it up.
For the required steps please follow the Okta documentation
https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Nature-Research.htmlGlossary
- Identity Provider (IdP) : Your institutional authentication system
- Entity ID : a URL (or URN) that uniquely identifies your SAML identity provider. It can be found in your SAML metadata xml file
- Service Provider (SP) : The Nature service
- Where Are You From page (WAYF) : Also know as the 'discovery page' it presents the user a list of Identity Providers. The Nature WAYF Page is here
- WAYFless URL : A link to a url on the Nature site which allows the user to avoid the WAYF page
FAQS
How do I know if I am logged in?
If you are authenticated via SAML or any other institutional mechanism (e.g. IP address), you can see if your institution is being correctly recognised by visiting any Nature article page; for example this article. The institution you are authenticated with, in this case "Nature Test IDP", will be shown in the box on the right as in the picture below:
