Related product I-Share

Best Practice Recommendations for Back-Up Admin Accounts in Alma for I-Share Institutions using Single Sign-On

Revised: June 26, 2024

Overview and Recommended Use

According to the Best Practice Recommendations for Named Users in I-Share, I-Share institutions that typically log in to Alma with single sign-on can create a back-up administrative account that may be used when their single sign-on service is offline. 

A typical use case for this account is when the campus single sign-on service is unavailable for an extended period of time and library staff can not log into Alma. In this scenario, this Back-Up Admin account could be used to temporarily toggle certain Alma staff users accounts from External to Internal so that library staff can log into Alma.  Note that a different URL will need to be used to log into Alma for an Internal user than when logging in via single sign-on.  When the single sign-on service is available again, library staff accounts should be re-toggled back to External and staff should go back to logging in with with single sign-on.

Because a Back-Up Admin account is an important decision for your library to agree upon, CARLI recommends that this account be created, maintained, and documented by your library's I-Share Liaison, your library's Security Contact, your library's Technical Liaison, or similar.  Then the Username and Password for this account would be shared with select library staff who would be responsible for determining when it might need to be employed. It is not recommended that the Back-Up Admin account be used to toggle user accounts for short, temporary outages of your single sign-on service, but rather this account and practice should be reserved for use during extended outages.  (During business hours Monday-Friday, CARLI staff are also available to assist, if needed.)  Remember that the Alma Offline Circulation Utility is also available for local circulation functions during short outages.

Note that if some of your library staff users are already Internal Alma users not managed Externally by SIS processes, and they have the User Administrator or User Manager role, your library could designate that those individuals will toggle other staff that are managed Externally, if needed, should your campus single sign-on system go down for a prolonged period. In this case, your library does not need to create a backup administrative account if you'd prefer not to and to reduce the number of Named Users.

WARNING: A shared user account like this should not be in use (logged in to Alma) by two or more people simultaneously as that may cause data errors in Alma.

expand / collapse all

This section describes the one-time steps to create a single Back-Up Admin user for your institution.

Note: A user with the User Administrator or User Manager role is needed to create new users in Alma.

1. Navigate to Admin > User Management > Manage Users and click the link +Add User.  Select "Staff" from the dropdown list.

2. The Quick User Management screen will open.

3. Fill out all required fields marked with a red asterisk.  Recommended data are described below:

Field Recommended data
First name Name the account in a way that describes its use, Backup
Last name Use ADMIN or something similar
Primary Identifier This must be unique to this user account; this will be the Username for logging in to Alma. CARLI suggests backup_admin.
User group Choose a valid user group that is NOT managed by any SIS loads that your institution does into Alma. If you choose a user group that IS managed by a SIS load, there is a chance that this user account could be toggled to External and this would prevent logging in with it as a back-up account.
Email types Choose Work
Email address Enter a departmental email list address or an administrator’s email address

You may also include other data such as Job category and Job description if you would like to record additional information about the use of this account.

4. In the User Management Information Section, set the password for the account to log into Alma.

5. Click the Save and Continue button at the top.

6. The new back-up administrator account will be created with the Account Type = Internal and Record type = Staff and present you with the User Details screen for the new account.

7. Scroll down to the User Roles section and click the link for +Add Role or +Add from Profiles to assign the roles needed for this account.

Assign administrator roles as needed for this Back-Up Account.

  • User Administrator - this role will be needed in order to toggle existing staff user accounts from External to Internal temporarily if the single sign-on service is down.
  • CARLI also recommends removing the Patron role from this account.  To remove the patron role, follow the steps on Deactivate Named User Accounts in Alma, beginning with step #3 under the section: How to Remove the staff roles from the user record. 

8. Click the Add Role button at the top of the Add New Roles screen to save the roles.

9. Click Save at the top of the User Details screen to save the record.

10. Record the Primary ID and assigned password for this Back-Up Admin account.  Provide it to selected library staff who have been empowered to decide when it should be used.

As described above in the Overview and Recommended Use section, if your library's single sign-on authentication system will be down for an extended period of time, your library may wish to toggle some staff user accounts from External to Internal temporarily so that they can log into Alma to do work during the single sign-on outage.  Toggling staff user accounts is not recommended for short outages. Remember that the Alma Offline Circulation Utility is also available for local circulation during short outages.

1. Decide which staff user accounts to toggle and make a list of them.

2. Log in to Alma with the Back-Up Admin account that was created for this purpose (see details on creating this account above). Because this is an Internal account logging directly into Alma, use the URL https://i-share-xxx.alma.exlibrisgroup.com/mng/login?auth=local (where xxx is your institution's three-letter I-Share code).

3. With the Users search in Alma, search for the staff user account that you wish to toggle.  Using the Primary ID to search when possible is recommended.  Open the user account record.

4. Check that the user account is Account Type = External. Click the Toggle Account Type button at the top of the record to toggle it to Internal.

5. On the confirmation screen, click Confirm.

6. Notice that the user account is now Account Type = Internal.

7. Scroll down to the User Management Information section and manually input a password for this user; record this password so you can give it to this user.  Click the Force password change on next login box.

8. Scroll up to the top and click Save to save these changes.  The user is now an Internal user. 

9. Provide the user with their Primary ID and the temporary password you created for them, and tell them to log into Alma at this URL: https://i-share-xxx.alma.exlibrisgroup.com/mng/login?auth=local (where xxx is your institution's three-letter I-Share code) and that they will be prompted to create a new temporary password the first time they log in. This password will only be used while they are temporarily logging into Alma as an Internal user.

10. Repeat for each user on your list.

When your single sign-on service is back online:

1. For each user on your list that you have toggled to Internal temporarily, log in to Alma with the Back-Up Admin account that was created for this purpose. Because this in an Internal account logging directly into Alma, use the URL https://i-share-xxx.alma.exlibrisgroup.com/mng/login?auth=local (where xxx is your institution's three-letter I-Share code).

2. With the Users search in Alma, search for the staff user account that you wish to toggle.  Using the Primary ID to search when possible is recommended.  Open the user account record.

3. Check that the user account is Account Type = Internal. Click the Toggle Account Type button at the top of the record to toggle it to External.

4. On the confirmation screen, click Confirm.

5. Notice that the user account is now Account Type = External.

6. Scroll up to the top and click Save to save these changes.  The user is now an External user account again. 

7. Let the user know that they can resume logging into Alma via single sign-on at the URL your library staff were using before with single sign-on (see also Logging In To Alma - Which URL to Use?), and that they will log in with the username and password of the single sign-on service, not the temporary password created when they were briefly an Internal user.

"Named Users" are active users records in Alma that have been assigned any role that can log into Alma, except for Patron, Instructor, Trial Participant, and roles that are only for Leganto (Instructor, Leganto Course Operator, and Leganto Interface Administrator) or Rialto (Selector, Selector Limited, Super Selector, Rialto Manager, and Rialto Administrator).

CARLI I-Share Named User Documentation

CARLI’s Named User documentation is linked on the User Management page:

Named User Frequently Asked Questions (FAQ)
Best Practice Recommendations for Named Users in I-Share
How to Identify Named Users
How to Deactivate Named Users
CARLI Named User Management, part of Office Hours recorded July 13, 2023 (28:13)