Skip to Main Content

Access Management Overview

  • Updated

What's in this article:

If you have admin permissions for your school, library, or university JSTOR account, you can provide access to your subscription using one or more of the following access methods through the Access Methods page in JSTOR Admin.

IP access

What is IP access?

An IP address range (IP stands for “internet protocol”) is one way that your network manages access to JSTOR content. Having accurate IPs on record for your institution enables automatic access to your content from any on-campus computers and is a key component of setting up remote access via a proxy server.

Dedicated IP addresses can be used for content access in different ways. For example, they may be configured to enable network access that applies to a physical, geographic location (such as a centralized campus) and/or they may do so for a VPN (virtual private network) that may be more distributed in nature (such as a multi-location, or virtual campus).

You will want to review your institution's IP address(es) and ensure that the address(es) we have on file reflect them accurately.

  • Addresses of the type 10.*.*.*, 172.[16-31].*, and 192.168.*.* are reserved for internal networks and are not relevant for authentication purposes.
  • If you're having trouble with access, we'll likely need to know your IP address(es). You can ask your IT team for a list of active IPs but knowing your current IP address can also be helpful. Entering "What is my IP?" into Google search, for example, can show you your current IP address.

Where can I find my IP address(es) on file with JSTOR?

To review the IP address(es) we have on file for your institution:

  1. Log into JSTOR Admin with a personal account that has administrative permissions.
  2. Select "Access Methods" in the JSTOR Admin sidebar.
  3. Select the "IP Addresses" tab where you can review the range of IP address(es) we have on file for your institution.

Not seeing the address(es) you expect or need to make changes? See the "How do I update my IP address(es)" section of this article.

How do I update my IP address(es)?

If your IP addresses change or you would like to add additional IP ranges, contact JSTOR Support at your earliest convenience so we can ensure your institution has seamless access.

If you're having trouble with access, your IP address(es) can be valuable information to have ready when contacting JSTOR Support. Select the "Copy" button to copy your current IP address(es) on file to your clipboard.

Copy IP addresses button on the Access Methods page in JSTOR Admin

Proxies

What are proxies?

Proxy servers (or proxies) can be set up via IP address to allow users access to JSTOR both on and away from campus. Your proxy server URL will display in JSTOR's institution search and will be used to create a Remote Access URL on item pages.

Notes:

  • Before adding a proxy link, make sure the server's IP address appears under the "IP Addresses" tab. Proxies must require authentication to restrict them to authorized users only.
  • If you use EZproxy you must be using version 6.2.2 or later for access. Learn more about our recommended access management set-up.
  • If your institution uses OpenAthens Redirector to link to content on JSTOR, please DO NOT enter the OpenAthens prefix URL under the Proxies tab in JSTOR Admin as this will result in errors. See Access Management: Shibboleth & OpenAthens for more.

Where can I find my proxy server information?

To review and manage your institution's proxies:

  1. Log into JSTOR Admin with a personal account that has administrative permissions.
  2. Select "Access Methods" in the JSTOR Admin sidebar.
  3. Select the "Proxy" tab.
  4. Under "Proxy server URL" you can review and manage your institution's proxy server URL.

How do I update my proxy server information?

  • To add a new proxy, enter your institution's proxy login URL in the "Proxy Server URL" field and select "Save".
  • To edit an existing proxy, select "Edit" and enter your institution's proxy login URL and select "Save".
  • To delete an existing proxy, select "Delete" and confirm your selection. This action cannot be undone and may break links previously bookmarked by users at your institution.
Note: Please allow 30 minutes after submitting updates for changes to be reflected in the JSTOR institution search.

If you have questions about how to update your proxy server IP information, please contact JSTOR Support.

What proxies are supported?

Only proxies that use stanzas in their configuration are supported.

The following proxies are recommended:

  • OCLC EZproxy
  • LibProxy

Referring URL access

What is a referring URL?

A referring URL is a link on your library page which sends users to JSTOR. As long as they are navigating to JSTOR through this link, JSTOR recognizes them as a member of your institution and provides them access.

Because other available access methods provide greater security, this method is not our preferred access method. To ensure that users accessing JSTOR in this way are members of a particular institution, your referring URL link can only be displayed on a password-protected page. Learn more about our technical requirements for referring URLs.

Where can I find my referring URL?

To review your institution's referring URL:

  1. Log into JSTOR Admin with a personal account that has administrative permissions.
  2. Select "Access Methods" in the JSTOR Admin sidebar.
  3. Select the "Referring URL" tab where you can review your institution's referring URL.
    • If you don't see the referring URL you're expecting, or need to make changes, see the “How do I update or add a referring URL?" section of this article.
    • If we don't have a referring URL on file for your institution, you'll see the a message "Your institution does not have any saved referring URLs in JSTOR".

How do I update or add a referring URL?

If your referring URL(s) change or you would like to add additional referring URLs, please contact JSTOR Support at your earliest convenience so we can ensure your institution has seamless access.

What referring URLs are not supported?

While we support many common access methods using referring URLs, there are a few specific referring URL management tools we discourage due to known issues with our systems:

  • SharePoint (Microsoft)
  • Blackbaud
Note: Referring URLs may not work with LMS system such as Moodle, Canvas, Clever, and Classlink.

Google and Microsoft Entra Single Sign-On (SSO)

What is SSO?

You can configure one or more domains for your institution to use Google or Microsoft Entra ID (formerly Azure Active Directory) as your Single Sign-on (SSO) method. Your domain(s) is typically what appears at the end of your institution email address.

Users with your institution's domain(s) will be granted institutional access when logging in through the institution finder. In addition, users at institutions using Google or Microsoft SSO can log in or register using the Log in/Register with Google/Microsoft buttons on the Login menu.

If the user doesn't have a personal JSTOR account, they'll be given the option to create one after logging in. Learn more about the Benefits of a Personal JSTOR account.

JSTOR login modal showing Log in with Google and Log in with Microsoft buttons

Where can I find my SSO domains?

To review and manage your institution's SSO domains:

  1. Log into JSTOR Admin with a personal account that has administrative permissions.
  2. Select Access Methods in the JSTOR Admin sidebar.
  3. Select the Single Sign-On tab.
  4. Under "Domains" you can review and manage your institution's SSO domains.
Note: Only one SSO provider (Google or Microsoft) may be used by an institution at any given time. Domains must be unique to your institution and cannot be shared across multiple institutions within a district.

How do I update or add domains for SSO?

  • To enable Google or Microsoft SSO for your institution, select the appropriate SSO provider and enter your institution's domain in the text field under "Domains" and select "Save".
  • To add an additional domain, select "Add domain", enter your institution's domain, and select "Save".
  • To edit an existing domain, select "Edit" and enter your institution's domain and select "Save".
  • To delete an existing domain, select "Delete" and confirm your selection.
    • If you choose to opt out of SSO for your institution by selecting "Not participating", you'll be required to delete any existing domains first.
    • Removing a domain cannot be undone and users at your institution with this domain will no longer be able to log in with SSO.
Note: Please allow 30 minutes after submitting updates for changes to be reflected in the JSTOR institution search.

SAML (Shibboleth, OpenAthens)

What is SAML (Shibboleth, OpenAthens)?

Security Assertion Markup Language, or SAML, serves as a way for external systems and services to verify that a user is who they claim to be (similar to a personal identification card) in a standardized way. SAML makes single sign-on (SSO) technology possible by providing a way to authenticate a user once and then communicate that authentication to multiple applications for a more seamless digital experience.

Shibboleth is a proprietary single sign-on method that allows users to authenticate via their institutional credentials to access JSTOR.

Note: After authentication, if the user doesn't have a personal JSTOR account, they'll be given the option to create one. If created, their account will be automatically paired with your institution, allowing the user to access your institution's content without the need to re-authenticate. Learn more about Account pairing.

In order for JSTOR to enable access via Shibboleth, we have to belong to the same federation that you do. Here is a list of federations we currently belong to:

Federation Country Metadata Notes
eduGAIN Federation Membership Organization Metadata  
InCommon United States Metadata  
OpenAthens Multiple Countries Metadata Learn more about How to set up OpenAthens.
DFN-AAI Germany Metadata  
Studentnet Australia Metadata  

Where can I find my SAML Entity ID information on JSTOR?

To review and manage your institution's SAML EntityID:

  1. Log into JSTOR Admin with a personal account that has administrative permissions.
  2. Select "Access Methods" in the JSTOR Admin sidebar.
  3. Select the "SAML" tab.
  4. Under "Entity ID" you can review and manage your institution's EntityID.

How can I update my SAML information?

If your institution uses eduPersonEntitlement or your institution uses SAML for an alumni subscription, you can add your EntityID. Learn more about how to set up SAML and which federations we support.

Note: If you receive an error message after entering a SAML EntityID, it may be because it's not found in JSTOR's federation metadata or the formatting is incorrect. If your institution was recently added to a federation, please wait and try again in 24-48 hours.

Alternatively, contact JSTOR Support with the following information to begin the setup process:

  • The name of the federation to which you belong
  • Your Shibboleth Identity Provider ID (EntityID)
  • Your associated SAML Assertion Attributes
  • The list of campuses (if more than one) served by that ID

Remote username and password

This method of access is only available for eligible institutions. If we determine that your institution is eligible, we will issue the remote username and password when we set up your access.

If you have questions about eligibility, or you would like to update the remote username and password for your institution, please contact JSTOR Support.

Virtual Private Network (VPN)

A VPN is a private network that allows your users to be authenticated to JSTOR by IP address(es). With some VPN configurations, you may need to whitelist additional information to ensure successful authentication.

If you need to add your VPN IP address into our system or if your current VPN is not authenticating users, please contact JSTOR Support at your earliest convenience so we can ensure your institution has seamless access.

Authentication enhancements

Account pairing

When a user with a personal JSTOR account logs into JSTOR while on campus or through one of your institution's registered remote access methods, their account will be automatically paired with your institution so they can access your institution's content whether they're on or away from campus.

Remote access to JSTOR through personal account pairing lasts 365 days.

Personal account pairing to your institution will be automatically renewed when logging into JSTOR while on campus, or using one of your institution's registered remote access methods.

Learn more about the Benefits of a personal JSTOR account.

Google CASA

We have partnered with Google to support streamlined access for people at institutions that use both JSTOR and Google Scholar, through a free service called Campus Activated Subscriber Access, or CASA. When a researcher visits Google Scholar while logged into a campus network, Google CASA remembers their affiliation and that they should have access to their institution’s licensed resources. This information is stored in a secure token that is valid for 30 days.

During this period, the researcher can access JSTOR without having to log in through their campus network, no matter where they are located. The token is renewed the next time a researcher logs into their network and visits Google Scholar.

Google CASA is GDPR-compliant because it does not capture any personal information about the user, only that they have been granted access to a particular institution’s resources.

If you have questions about any of this information, please contact JSTOR Support.

Articles in this section