In just 4 simple steps you can learn the key recommendations from the NISO ESPRESSO report and find out how to implement federated login in a way which protects your brand, improves user satisfaction, and increases successful logins.
Federated login is intended to make it easier for users to log into a web site, however in reality the process is often complex and confused. Online services are increasingly making use of external mechanisms such as Google, Facebook or Twitter, or a link to an academic institutional login to allow users to login to their sites. This approach is known as 'federated access' and as more options become available it can become increasingly confusing for users.
The NISO ESPRESSO standard recommends a best practice approach to creating a federated login process which your users will find easier and more initiative to use.
This guide describes how to use the NISO ESPRESSO standard in 4 simple steps to ensure you protect your brand, retain your users and increase traffic to your site.
Simpler and easier to use for users to login.
Ability to access resources from mobile devices or on the move.
No need for users to remember multiple user IDs and passwords.
Cleaner integration with your website.
Ability to choose multiple software solutions.
No reliance on third party services.
Improved integration of your brand within the login process.
The user stays on-site until they are dispatched to the login page.
Increased successful logins and hence increased usage.
Affordable and easy to maintain.
A consistent best practice approach to positioning and describing login is the simplest change you can make and it's also one of the most effective ways of helping users.
When offering multiple forms of login it is tempting to place multiple option links on your homepage. It is extremely difficult to describe each type of login link you wish to use, and different sites will use different descriptions. This lack of consistency is very confusing for users and leads to failed login attempts.
NISO ESPRESSO recommends that the first step you need to take to improve the login experience is to have a single link, labeled 'login' positioned consistently in the top right hand corner of your site. Your web design department will need to be involved in this decision and further information is available in the full report.
To see this in action, view our Good Practice Demo
Presenting your own local login alongside other federated options in a clear, simple listing allows users to understand the options available to them. Adding logos or branded buttons makes it even easier for them to quickly recognise the option that suits them best.
Most services want to use their own local login process as well as federated options. The second step is to manage this effectively by presenting your local login option alongside the other federated routes, providing a side by side or single list of choices for the user to select from (the NISO ESPRESSO report cites JSTOR as an example). Use of logos or branded buttons can help to make this more user friendly as the options are instantly recognisable.
The choice of how best to represent this list of options is a design decision. It is recommended that you take time to look at other services to see how they present login options to their users, as a common and familiar approach is usually the most user friendly.
The alternative approach of offering local login as a separate option on the home page has been proved to confuse users who do not understand the differences between local and federated options. At worst, users may enter their Google or Facebook details into your login box which means you could be accused of phishing as well as leading to failed logins.
There are a variety of products that allow users to select their preferred login option: the NISO ESPRESSO report provides advice on the key features you need to provide a good service.
The third step is for your technical team to install identity discovery software. This allows users to effectively select their external login mechanism. There are a variety of products available that allow you to integrate both OAuth and SAML approaches to external login.
NISO ESPRESSO recommends that the software you use should have the following features:
If you are offering services to academic institutions, it is likely that they will be using SAML. NISO ESPRESSO recommends that you use either the DiscoJuice or Shibboleth EDS software to support external login for these customers. Both of these products offer the benefits described above.
If you wish to use a commercical identity service such as Google, Facebook or Twitter, it is likely they will be using OAuth. All of these providers offer advice on how to include their login button on your site.
For more information we recommend that you visit:
It is essential that the options you present are tailored to your users' requirement: to offer login via academic institutions you will need to be a member of a federation to get the correct metadata.
The fourth step is to populate your identity discovery tool with the options/organisations used by your visitors. It is important that the options you present to your users are as clear, simple and correct as possible.
For sites offering services to academic institutions, you will need to be a member of a federation or federations who will give you the metadata you need. For more information please contact REFEDS.
The long list of organisations provided by federations can be overwhelming for users so NISO ESPRESSO recommends that you condense it down to just the organisations your users need.
NISO ESPRESSO also strongly recommends that you do not try to break up the list into further lists by region or country as studies have shown that users are often unaware of this distinction and find the additional click through frustrating. Implementing 'type ahead' style suggestions is a far better way to help users to find the right option for them more quickly.
To see this in action, view our Good Practice Demo