Access Management Overview

If you have admin permissions for your school, library, or university JSTOR account, you can provide access to your subscription using one or more of the following access methods through the Access Methods page in JSTOR Admin.

IP access

What is IP access?

An IP address range (IP stands for “internet protocol”) is one way that your network manages access to JSTOR content. Having accurate IPs on record for your institution enables automatic access to your content from any on-campus computers and is a key component of setting up remote access via a proxy server.

Dedicated IP addresses can be used for content access in different ways. For example, they may be configured to enable network access that applies to a physical, geographic location (such as a centralized campus) and/or they may do so for a VPN (virtual private network) that may be more distributed in nature (such as a multi-location, or virtual campus).

You will want to review your institution's IP address(es) and ensure that the address(es) we have on file reflect them accurately.

• Addresses of the type 10.*.*.*, 172.[16-31].*, and 192.168.*.* are reserved for internal networks and are not relevant for authentication purposes.
• If you're having trouble with access, we'll likely need to know your IP address(es). You can ask your IT team for a list of active IPs but knowing your current IP address can also be helpful. Entering "What is my IP?" into Google search, for example, can show you your current IP address.

Where can I find my IP address(es) on file with JSTOR?

To review the IP address(es) we have on file for your institution:

1. Log into JSTOR Admin with a personal account that has administrative permissions.
   
   • Not an admin yet? See Accessing JSTOR Admin to get started.
2. Select "Access Methods" in the JSTOR Admin sidebar.
3. Select the "IP Addresses" tab where you can review the range of IP address(es) we have on file for your institution.

Not seeing the address(es) you expect or need to make changes? See the "How do I update my IP address(es)" section of this article.

How do I update my IP address(es)?

If your IP addresses change or you would like to add additional IP ranges, contact JSTOR Support at your earliest convenience so we can ensure your institution has seamless access.

If you're having trouble with access, your IP address(es) can be valuable information to have ready when contacting JSTOR Support. Select the "Copy" button to copy your current IP address(es) on file to your clipboard.

Proxies

What are proxies?

Proxy servers (or proxies) can be set up via IP address to allow users access to JSTOR both on and away from campus. Your proxy server URL will display in JSTOR's institution search and will be used to create a Remote Access URL on item pages.

Where can I find my proxy server information?

To review and manage your institution's proxies:

1. Log into JSTOR Admin with a personal account that has administrative permissions.
   
   • Not an admin yet? See Accessing JSTOR Admin to get started.
2. Select "Access Methods" in the JSTOR Admin sidebar.
3. Select the "Proxy" tab.
4. Under "Proxy server URL" you can review and manage your institution's proxy server URL.

How do I update my proxy server information?

• To add a new proxy, enter your institution's proxy login URL in the "Proxy Server URL" field and select "Save".
• To edit an existing proxy, select "Edit" and enter your institution's proxy login URL and select "Save".
• To delete an existing proxy, select "Delete" and confirm your selection. This action cannot be undone and may break links previously bookmarked by users at your institution.

If you have questions about how to update your proxy server IP information, please contact JSTOR Support.

What proxies are supported?

Only proxies that use stanzas in their configuration are supported.

The following proxies are recommended:

• OCLC EZproxy
• LibProxy

Referring URL access

What is a referring URL?

A referring URL is a link on your library page which sends users to JSTOR. As long as they are navigating to JSTOR through this link, JSTOR recognizes them as a member of your institution and provides them access.

Because other available access methods provide greater security, this method is not our preferred access method. To ensure that users accessing JSTOR in this way are members of a particular institution, your referring URL link can only be displayed on a password-protected page. Learn more about our technical requirements for referring URLs.

Where can I find my referring URL?

To review your institution's referring URL:

1. Log into JSTOR Admin with a personal account that has administrative permissions.
   
   • Not an admin yet? See Accessing JSTOR Admin to get started.
2. Select "Access Methods" in the JSTOR Admin sidebar.
3. Select the "Referring URL" tab where you can review your institution's referring URL.
   • If you don't see the referring URL you're expecting, or need to make changes, see the “How do I update or add a referring URL?" section of this article.
   • If we don't have a referring URL on file for your institution, you'll see the a message "Your institution does not have any saved referring URLs in JSTOR".

How do I update or add a referring URL?

If your referring URL(s) change or you would like to add additional referring URLs, please contact JSTOR Support at your earliest convenience so we can ensure your institution has seamless access.

What referring URLs are not supported?

While we support many common access methods using referring URLs, there are a few specific referring URL management tools we discourage due to known issues with our systems:

• SharePoint (Microsoft)
• Blackbaud

Google Single Sign-On (SSO)

What is Google SSO?

You can configure one or more domains for your institution to use Google as your Single Sing-on (SSO) method. Your domain(s) is typically what appears at the end of your institution email address. We'll grant JSTOR institutional access to users with your institution's domain(s).

Google SSO access can be used via the “Log in with Google” button or on the institution search page.

When logging in with Google, if the user doesn't have a personal JSTOR account, they'll be given the option to create one. Learn more about the Benefits of a Personal JSTOR account.

Where can I find my Google SSO domains?

To review and manage your institution's Google SSO domains:

1. Log into JSTOR Admin with a personal account that has administrative permissions.
   
   • Not an admin yet? See Accessing JSTOR Admin to get started.
2. Select "Access Methods" in the JSTOR Admin sidebar.
3. Select the "Google SSO" tab.
4. Under "Domains" you can review and manage your institution's Google SSO domains.

How do I update or add domains for Google SSO?

• To enable Google SSO for your institution, enter your institution's domain in the text field under "Domains" and select "Save".
• To add an additional domain, select "Add domain", enter your institution's domain, and select "Save".
• To edit an existing domain, select "Edit" and enter your institution's domain and select "Save".
• To delete an existing domain, select "Delete" and confirm your selection. This action cannot be undone and users at your institution with this domain will no longer be able to log in with Google SSO.

SAML (Shibboleth, Open Athens)

What is SAML (Shibboleth, Open Athens)?

Security Assertion Markup Language, or SAML, serves as a way for external systems and services to verify that a user is who they claim to be (similar to a personal identification card) in a standardized way. SAML makes single sign-on (SSO) technology possible by providing a way to authenticate a user once and then communicate that authentication to multiple applications for a more seamless digital experience.

Shibboleth is a proprietary single sign-on method that allows users to authenticate via their institutional credentials to access JSTOR. In order for JSTOR to enable access via Shibboleth, we have to belong to the same federation that you do. Here is a list of federations we currently belong to:

• eduGAIN (Federation Membership Organization) [metadata]
• InCommon (United States) [metadata]
• OpenAthens (Multiple Countries) [metadata]
  • If you are using Open Athens as your chosen Shibboleth Federation, you can learn more about how to configure it in Access Management: Technical Instructions.
• DFN-AAI (Germany) [metadata]
• Studentnet (Australia) [metadata]

Where can I find my SAML Entity ID information on JSTOR?

To review and manage your institution's SAML EntityID:

1. Log into JSTOR Admin with a personal account that has administrative permissions.
   
   • Not an admin yet? See Accessing JSTOR Admin to get started.
2. Select "Access Methods" in the JSTOR Admin sidebar.
3. Select the "SAML" tab.
4. Under "Entity ID" you can review and manage your institution's EntityID.

How can I update my SAML information?

If your institution uses eduPersonEntitlement or your institution uses SAML for an alumni subscription, you can add your EntityID. Learn more about how to set up SAML and which federations we support.

Alternatively, contact JSTOR Support with the following information to begin the setup process:

• The name of the federation to which you belong
• Your Shibboleth Identity Provider ID (EntityID)
• Your associated SAML Assertion Attributes
• The list of campuses (if more than one) served by that ID

Remote username and password

This method of access is only available for eligible institutions. If we determine that your institution is eligible, we will issue the remote username and password when we set up your access.

If you have questions about eligibility, or you would like to update the remote username and password for your institution, please contact JSTOR Support.

Virtual Private Network (VPN)

A VPN is a private network that allows your users to be authenticated to JSTOR by IP address(es). With some VPN configurations, you may need to whitelist additional information to ensure successful authentication.

If you need to add your VPN IP address into our system or if your current VPN is not authenticating users, please contact JSTOR Support at your earliest convenience so we can ensure your institution has seamless access.

Authentication enhancements

Account pairing

When a user with a personal JSTOR account logs into JSTOR while on campus or through one of your institution's registered remote access methods, their account will be automatically paired with your institution so they can access your institution's content whether they're on or away from campus.

Remote access to JSTOR through personal account pairing lasts 365 days.

Personal account pairing to your institution will be automatically renewed when logging into JSTOR while on campus, or using one of your institution's registered remote access methods.

Learn more about the Benefits of a personal JSTOR account.

Google CASA

We have partnered with Google to support streamlined access for people at institutions that use both JSTOR and Google Scholar, through a free service called Campus Activated Subscriber Access, or CASA. When a researcher visits Google Scholar while logged into a campus network, Google CASA remembers their affiliation and that they should have access to their institution’s licensed resources. This information is stored in a secure token that is valid for 30 days.

During this period, the researcher can access JSTOR without having to log in through their campus network, no matter where they are located. The token is renewed the next time a researcher logs into their network and visits Google Scholar.

Google CASA is GDPR-compliant because it does not capture any personal information about the user, only that they have been granted access to a particular institution’s resources.

If you have questions about any of this information, please contact JSTOR Support.