The National Technical Library, the largest and oldest library of technical literature in the Czech Republic, has a capacity of 1.5 million volumes. It offers hundreds of thousands of book titles and tens of thousands of journals in print and electronic form for loan in a modern, ecological building on the University of Dejvice campus. In addition, it provides ideal study conditions for students, and not only for them: individual and team classrooms, library services, printing services and much more.

The systems automatically register students and staff of selected Czech universities, who are guaranteed access to non-public areas, and readers or clients who register themselves. Among the users of the library’s systems we also include, of course, its internal employees, who, like anyone else, may or may not fall into one or more of the previously mentioned categories. Altogether, this amounts to about 120,000 active user accounts, so the need for a system to manage them is quite understandable. When it became apparent that the original solution was inadequate for the requirements (especially in terms of speed and reliability), the library proceeded to replace it.

The new identity management system (IdM) selected was midPoint, a product from Evolveum, provided under an open source license, which already includes a number of features in the basic solution to solve the most pressing problems (for example, the ability to configure user permissions and approval processes in detail) and is flexible enough to adapt to the specific needs of a complex library environment. (These strengths were also demonstrated when connecting legacy systems, whose handling of identities, accounts and data in general often proved to be non-standard and contrary to today’s common practice.) Thanks to this, the project was also completed on time and without any increase in budget, allowing the customer to immediately reap the benefits, which include flexibility, auditability and high system reliability and availability, eliminating manual intervention by administrators and speeding up business processes.

Connected End Systems – Identity Sources

• CDB/Registration: database of users/registered readers
• HEIs: management of university student ID cards

Connected end systems – identity targets

• EKV: control of building access permissions
• Aleph: library system, book collection reservation
• Reservation system: reservation of classrooms and services
• Payment system: for non-cash customer payments
• OpenLDAPCard – LDAP cards of registered readers
• LDAP Non-anonymous identities – OpenLDAP
• Active Directory: information about NTK staff
• Samba: management of all non-anonymous identities

IdM system for NTK in numbers:

Number of connected systems: 10
Number of managed identities: 120 000
Number of managed roles: 10