Talis Aspire Reading Lists supports the automatic creation of user profiles when a user logs in for the first time, and the continued update of that profile if changes to names and email addresses are made in university identity management systems.
This article describes what information to send and how to send it in order to make use of this functionality.
From the users perspective
If the student or academic has never logged in before, a profile will be created and filled out for them using the attributes in the SAML login conversation. This happens behind the scenes and won't prompt the user to take any specific action. They will be able to get on with adding reading intentions, creating bookmarks, or whatever else it was they were going to do. We remove a potential friction point in the new user's experience. The user's Job Role is only updated at profile creation and can be changed later if needed.
For existing users, the profile first name, surname and email address will be replaced with the info in the attributes sent through the SAML login conversation if they have changed or are different to the ones in their current profile.
For all users the names and email address fields will no longer be editable as we will be deferring to the university identity management systems to be providing this.
On The University Side
You will need to send us the following four pieces of information to fill out the required fields in Talis Aspire. These should be sent as SAML attributes.
Talis can not help you with configuring your specific SAML IDP, as each University will have its own specific mix of authentication systems and data flows. The administrator of your University SAML2 Identity Provider (IDP) will need to do this for you.
SAML Attribute Name in the eduPerson Object Class Specification | Talis Aspire Profile Field | Description |
One of the following:givenName |
First Name | The first or given name of the user |
One of the following:
sn |
Surname | The Family or Surname of the user |
One of the following:
|
Email Address | The email of the user. Note that a profile will not be created if the email address is already in use by another profile. |
urn:oid:1.3.6.1.4.1.5923.1.1.1.9 |
I'd describe myself as | staff@... / faculty@ / employee@ are mapped to 'academic' and any other value is mapped to 'undergraduate'. See Notes for more info. |
If the SAML attribute names do not appear exactly as described above, then the value will not be included in the user's profile. Additional attributes may be mapped if required, but we'd need to discuss this with you.
If you need our Talis login server Service Provider entity ID it is as follows:
EU APAC - https://login.talisaspire.com/entity
Canada North America - https://login.ca.talis.com/entity
On the Talis Side
You will need to raise a support ticket asking us to enable this on your tenancy.
Talis will ask you some questions, and help you test that the required parameters are being passed correctly, and then once ready, they will configure this for you.
Automatic Profile and Roles in Talis Aspire
No roles, permissions or privileges are granted to the user by the scoped affiliation or job role given in Automatic Profiles. Please see setting up devolved constraints for more on conferring permissions to users at the point of log in.
The I'd describe myself as field in Talis Aspire is only used for reporting purposes and Users can change this as they wish. It is known as 'Job role' in the all list users report. It is only mapped at the first time a user logs in and their profile is created.
The specification only defines a limited set of possible values for the scoped affiliation. faculty, student, staff, alum, member, affiliate, employee, library-walk-in. In Talis Aspire, staff@... / faculty@ / employee@ / are mapped to 'an academic' and anything else is mapped to 'an undergraduate'. There is no direct mapping for any other values.
Important Notes
- Profile name, surname and email are automatically updated on every login if those values change in the SAML attributes.
- If no value is sent through the SAML attributes for a name or email address, the field in Talis Aspire will keep its existing value.
- Users can not edit their names or emails in their Talis Aspire profile after Auto Profile is enabled. All changes for names and emails would be fed through from the university provided SAML attributes.
- To assign a list owner or publisher role, an academic would still need a profile and therefore log into the system at least once before a list can be assigned to them.
- The user profile defaults to private. The user can change their profile privacy level as needed.