Using OpenAthens for SAML Single Sign On

This article includes information that may assist organisations who use OpenAthens for SAML Single Sign On (both via Federations and via bilateral trust)

Please not that Digital Theatre+ is not federated within the OpenAthens Federation.

Digital Theatre+ supports authentication using OpenAthens via Federations (such as UK Access Management Federation or InCommon) or bilateral (1:1) trust.

Allocate the Digital Theatre+ application


Required attributes

Customers wishing to authenticate via SAML Single Sign On will need to release either:

  1. eduPersonPrincipalName (and the value matches an email syntax), or,
  2. eduPersonTargetedID and eduPersonScopedAffiliation (which OpenAthens releases by default)


Supporting information

Information to provide Digital Theatre+

For access via UK Federation

Please provide the entity ID associated with your organisation, so that we may access your metadata via the Metadata Explorer Tool.  For example:

For access via bilateral (1:1) custom SAML trust

Please provide the URL to your Identity Provider's Metadata XML file.  For example:

Supporting information

Configuring OpenAthens for access via UK Federation or InCommon Federation

Restrictive mode

  • You will need to allocate the Digital Theatre+ resource.  You can do this by searching for the resource in the catalogue using our Service Provider entity ID:


Permissive mode

  • You do not need to allocate the resource.

Configuring OpenAthens for access via bilateral (1:1) trust

  • You will need to upload the Service Provider Metadata XML file that will be provided by in order to create a custom SAML resource in your catalogue.
  • Instructions for doing this are available in the OpenAthens Identity Documentation
  • If your OpenAthens instance is in restrictive mode, you will need to allocate it as described above