Single sign-on (SSO) access to Nature

FAQs

Set up SSO for academic institutions


If you have an entityID and/or an Athens Code, please contact Online Services with those details. Once the information is added your institution will be visible on the Nature WAYF page

If your institution is a member of a country federation such as those listed on the EduGain site then your Identity Provider (IdP) metadata should automatically be imported into our system. Also, you should automatically have the Nature Service Provider metadata

Set up SSO for companies


If your company has an Identity Provider which uses the SAML protocol then you can enable off-site access to Nature. Nature supports all SAML based federated authentication systems including:

  • Microsoft Active Directory Federation Service(ADFS)/Azure
  • GSuite
  • Shibboleth
  • OpenAthens
  • Ping Identity
  • Okta
  • OneLogin
  • SailPoint

We do not support the following:

  • OpenID
  • OAuth
  • Other non SAML 2.0 Services

In order to setup SSO access to Nature follow these steps

  1. Initially you will need to set up the details (metadata) of the Nature service in your Identity Provider. The information needed should all be present in Nature Service Provider Details
  2. Send your Identity Provider's metadata URL (recommended) or metadata XML file to Online Services specifying the entityID and ask them to link it to your account with Nature

Nature Service Provider Details


  • Entity ID/Identifier: https://secure.nature.com/shibboleth
  • ACS URL/Reply Url: https://secure.nature.com/oa/auth/rcv/saml2/post
  • Start URL: https://www.nature.com
  • Sign-on url: https://wayf.springernature.com?redirect_uri=https%3A%2F%2Fwww.nature.com
  • Metadata for Nature: https://sp.nature.com/saml/metadata

WAYFless URLs


To avoid having to use the Nature WAYF page it is possible to link directly to articles on the Nature site. If the user is already logged in they will be taken directly to the article, otherwise they will be taken directly to your login page and then onto the article after logging in. These links are created using the following format

https://sp.nature.com/saml/login?idp=[entityID]&targetUrl=[article link]

  • entityID : The entity ID of your organisation e.g. https://mycompany.com/adfs/services/trust
  • article link : The encoded link to the article, journal or search e.g.
    • Article: https://www.nature.com/articles/nature25447
    • Journal: https://www.nature.com/subjects/earth-and-environmental-sciences
    • Search: https://www.nature.com/search?q=graphene

Note: The entityID and article link should be encoded otherwise the link may not work. An example WAYFless URL would look like this

https://sp.nature.com/saml/login?
idp=https%3A%2F%2Fmycompany.com%2Fadfs%2Fservices%2Ftrust
&targetUrl=https%3A%2F%2Fwww.nature.com%2Fsearch%3Fq%3Dgraphene

Attribute Mappings

Some organisations share an identity provider hosted by a third party such as CSTNet, Rediris, Fédération Education-Recherche and GakuNin. When accessing Nature using federated authentication the organisation using a third party are identified by an attribute sent in the SAML response e.g. the 'eduPersonScopedAffiliation' in the case of most academic institutions. If this is the case for your organisation, you should send the name of the attribute, its value and the entityId of the Identity Provider to Online Services.

Set up SSO using Microsoft Azure Active Directory

To configure the SAML SSO access the Azure portal (https://portal.azure.com/) then go to: Azure Active Directory -> Enterprise Applications -> New Application -> Non-gallery Application

Give it a name like Nature and click Add.

On the newly created application overview page click on Single sign-on then SAML

Edit the Basic SAML Configuration section and use the following values:

  • Identifier (Entity ID) : https://secure.nature.com/shibboleth
  • Reply URL (Assertion Consumer Service URL) : https://secure.nature.com/oa/auth/rcv/saml2/post
  • Sign on URL : https://sp.nature.com/saml/login?idp=[your-entityID]&targetUrl=https://www.nature.com
  • Relay State : https://www.nature.com
your-entityID is the Azure AD Identifier which you will find further down on the setup page (Section 4). The resulting value should look something like:

https://sp.nature.com/saml/login?idp=https://sts.windows.net/af2d669a-8754-49df-9b01-aa92d453b591/&targetUrl=https://www.nature.com

Set up SSO using Okta

As Nature Research has a registered Okta app, it is literally just a few clicks to set it up.

For the required steps please follow the Okta documentation

https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Nature-Research.html

Glossary

  • Identity Provider (IdP) : Your institutional authentication system
  • Entity ID : a URL (or URN) that uniquely identifies your SAML identity provider. It can be found in your SAML metadata xml file
  • Service Provider (SP) : The Nature service
  • Where Are You From page (WAYF) : Also know as the 'discovery page' it presents the user a list of Identity Providers. The Nature WAYF Page is here
  • WAYFless URL : A link to a url on the Nature site which allows the user to avoid the WAYF page

FAQS

How do I know if I am logged in?

If you are authenticated via SAML or any other institutional mechanism (e.g. IP address), you can see if your institution is being correctly recognised by visiting any Nature article page; for example this article. The institution you are authenticated with, in this case "Nature Test IDP", will be shown in the box on the right as in the picture below: