Authentication: How To Enable Remote User Access

Coherent Digital supports five frictionless options for remote user access:
  1. Username & Password Authentication
  2. IP Authentication
  3. EZproxy 
  4. Shibboleth / SAML Authentication
  5. HAN Server Authentication

Username & Password Authentication

Individual users or users associated with an insitutional membership can sign up for an account in any of our Commons. 

When they use an institutional email to register (in other words, an email address that matches their institution’s domain), their login will automatically be connected to the membership and give them full access from off-site or off-campus locations.

To sign up, visit any one of these sites.: 

Canada Commons:

Mindscape Commons:

By registering on any one of these sites, your registration will work on the other sites (Mindscape Commons is excepted, this uses a separate registration system)

TCP/IP Authentication

To support TCP/IP address range authentication, we use the IP address ranges that are assigned to your institution at The IP Registry. If you should ever need to adjust these, simply edit your information at the registry and our system will automatically receive the update. If your institution wishes to use TCP/IP Address Range Authentication, and you are not currently listed in the IP Registry, you may add your address ranges to this registry for free.

The IP Registry

To use the IP Registry, follow these simple steps:

  1. Register for free with

  2. Confirm the IPs currently listed for your institution and affiliated sites.

  3. Communicate IP changes by adding or deleting IP addresses as necessary.

  4. If you are newly adding your institution to the registry, let Coherent Digital know at

If you have any questions about using please see their FAQs or contact them at


If you use EZproxy for remote user access, then there is a database stanza you can install on your EZproxy for each Commons from the OCLC EZproxy support site.

Africa Commons Database Stanza

Mindscape Commons Database Stanza (* Mindscape Commons customers, see note below)

(*) Note: To complete the installation of an EZproxy stanza for Mindscape Commons, there is one additional step.  Coherent Digital needs to configure your proxy URL as an enabled site.  So please send the proxy URL to  This will be the URL in the browser location bar after logging into Mindscape Commons via the proxy.  The URL will usually look something like "".  This extra step applies to Mindscape Commons only.

Shibboleth/SAML Authentication 

At Coherent Digital, we support both Federated Shibboleth Authentication as well as ‘Bilateral’ metadata exchange.

Bilateral metadata exchange is used when the customer is not a member of a federation or Coherent Digital is not a member of the same federation.  For example this is how we support Microsoft Azure as an authentication technique for non-academic institutions. 

Currently Coherent Digital is a registered Service Provider at the following SAML federations:

See our entry at REFEDs metadata explorer for up-to-date details.

Shibboleth / SAML Configuration

For Shibboleth Authentication, please provide the following to

Federated Shibboleth Configuration:

  • Your EntityID

  • Your Federation

For Bilateral Metadata Exchange:

  • The URL of your Identity Provider metadata (or the metadata in XML format)

Coherent Digital’s Shibboleth Information:


Once the shibboleth configuration is complete, the following Service-Provider-initiated URLs can be used to log your users into a product without having to encounter a ‘Where-are-you-from’ page.  These URLs are what you would use in your A-to-Z database menu for remote users:

Africa Commons

Canada Commons

History Commons

Mindscape Commons

Policy Commons

South Asia Commons

Notes: Replace ‘your-entityID’ in the above URL with a URL-encoded version of your institution’s SAML Identity Provider entity ID.
These examples put the user in the product home page. The optional &target= parameter can contain any valid URL (encoded) at the destination product to place the user at a page other than the home page.  

HAN Server Authentication 

Coherent Digital support authentication via HAN Server reverse proxies.  Let tech know the domain name of your HAN server and we can configure that type of access for your institution.
    • Related Articles

    • Troubleshooting TCP/IP address range authentication

      This article outlines some information gathering that will help support identify solutions when a session fails TCP/IP range authentication. Are the TCP/IP Ranges on File Correct? Coherent Digital uses the IP ranges assigned to your institution in ...
    • Access to Monthly COUNTER Statistics

      Access to Monthly COUNTER Stats We provide COUNTER5 reports through SUSHI using the service provider LibLynx. SUSHI (Standardized Usage Statistics Harvesting Initiative) is an API that allows libraries to automate the retrieval of statistics from ...
    • Why we use to maintain IP addresses

      Maintaining accurate IP addresses is a problem for the entire scholarly community. According to the, 58% of the IP ranges held by publishers to authenticate libraries who license their content are inaccurate. Apart from unlicensed ...
    • Accessibility

      We've upped our accessibility standards. Our VPAT certificate ensures Level AA conformance in both Web Content Accessibility Guidelines (WCAG) 2.0 and 2.1. Below you can find Voluntary Product Accessibility Template® (VPAT®) reports for both of our ...
    • Terms of Use

      Terms of Use By using this website, the websites of Coherent Digital LLC, and their associated tools and services, you agree to the Terms of Use: 1. ADVISORY PLEASE READ CAREFULLY. These Terms of Use represent an Agreement between you ("User") and ...