Users are authenticated using the institution’s identity management system. During setup, we need to configure both sides to delegate authentication in the hosted Haplo service to the institution.

There are several options we can support (see below), but we recommend the use of SAML2 based methods such as Shibboleth and AD FS.

In all cases, provision of a test account will speed up testing and deployment. This test account only needs to be able to successfully authenticate, and does not need access to any resources or services.

Multiple providers

Multiple authentication providers can be used in a single Haplo application. As well as the institution’s identify provider, Haplo’s internal authentication system may be used to authenticate external researchers, supervisors and examiners.

During the requirements gathering process, we will have agreed the mechanism for authenticating users.

Authentication options

AD FS (Windows or Azure)
Generic SAML2
LDAP (legacy)