Archive for December 13, 2018

LibApps release with new LibAuth, LibGuides, LibCal, LibAnswers, LibInsight, and LibStaffer Features

Wow, do we have a ton of end of year updates to share with you – we have new LibAuth, LibGuides, LibCal, LibAnswers, LibInsight, and LibStaffer features to share! This time we’re doing something different with the announcement – rather than spreading out the announcements in multiple blog posts (one per product) we’ll outline them all here, in a single post.

These releases are on their way to you next week, and will be live in all regions by the end of the day on Wednesday December 19th.

LibAuth & LibApps

LibAuth now supports SSO logins via OAuth2 and Sirsi Symphony. If your SSO supports the OAuth2 protocol, or if you have the Sirsi-Dynix Symphony ILS, you can now set up LibAuth configurations that will use these methods. Use LibAuth to authenticate patrons for LibCal Space Bookings, events, LibGuides E-Reserves, or to place your LibGuides site, group of guides, or a single guide behind authentication. LibApps admins can head to LibApps > Admin > LibAuth Authentication to see these two new options.

In LibApps, if you switch to a custom domain or change an existing custom domain for your LibGuides, LibCal, or LibAnswers site, we will request & install a free Let’s Encrypt security certificate before we put the domain change into effect. This ensures that all traffic to your sites continues to go over HTTPS rather than over the insecure HTTP protocol. If you haven’t yet read our blog post on making all your Springy traffic HTTPS, check it out now.

We’re also adding two more customizable fields to the Primo Search Source, when you set it up to show Primo results inside your LibGuides & LibAnswers search. The two new customizable fields are for changing the scope and tab name. Head to LibApps > Admin > Search Sources to set this up for Primo.

LibGuides

Over in LibGuides, if you have LibGuides CMS and have implemented IP Access Restrictions for your site, group, or guide, you will no longer see results for these IP-protected assets in search results, unless you are inside the required IP range. Your IP-protected guides will only show up in search results for users within valid ranges.

We also added a feature many of our A-Z Databases admins have asked for: the option to remove a “Trial” label from a trial Database when the trial expires. To set this up, go to Content > A-Z Databases > edit your database, apply the label, add the trial expiration date, and check the box labelled “Hide from public view on trial expiration date.”

Speaking of A-Z list, we’ve made a small change to the way that A-Z Databases search works with filters on the public A-Z page. Previously, if you filtered the page view to a subject, vendor, or type, and then did a search, these filters conflicted, resulting in incorrect search results. Now, when you search filtered results, you’ll correctly see databases that match your search term AND your filters.

There are also a bunch of small features and fixes to share:

  • We fixed the A-Z Databases map count, which were incorrect in a few instances.
  • We fixed the rendering of A-Z Database Description popovers in two cases:
    • When you’re using a A-Z page template that contains a custom content box with A-Z databases in it.
    • If you’re using IE11 or on a mobile device.

LibCal

We’re happy to announce that LibCal now has an online payments component built right into the system, and it comes with no additional fee – it’s a standard part of your LibCal system.


Online payments are being added to event registrations and spaces first. Support for payments on equipment bookings will be coming soon (late January/early February). We’re doing a limited online payments release to early adopters, until we polish all the payments features over the next few weeks (the wide release will be later in January). If you’re interested in being an early adopter for online payments in LibCal, let us know! For a sneak peek at how this functionality is integrated within LibCal, check out the December Springy Newsletter feature on LibCal – Way to Pay.

In addition to online payments, we have several other new features rolling out in this release, including:

  • The new “Next Available” quick link in Spaces and Equipment is now available via the APIs
  • We’ve added a simple honeypot captcha to Event booking forms, to help reduce spammy event registrations. This captcha method doesn’t display to the patron at all, so you won’t see anything different in your registration forms, but spambots will run into hidden fields that are designed to catch them and prevent the form from being submitted.
  • We’ve updated our Spaces Exchange Integration to support displaying Space reservations in Exchange using either the patron’s name, or a nickname they enter as part of the registration form. This is designed to assist folks who are relying on the Exchange integration to tie in with an external room panel. To try out this new setting, head to Admin > Equipment and Spaces > Exchange/Outlook and look for the Title Setting toggle.

LibAnswers/LibChat

We’re thrilled to announce that our new screensharing & webinars functionality is here! We went way beyond just basic librarian-to-patron sharing of screen during chat. Patrons and Librarians can also request control of each others’ screens, do an audio chat, start an optional webcam share for a face to face chat, annotate the screen to help guide your users in the right direction, save and send screenshots… and that’s just the basics. Also, why stop with two people – have a screensharing/webinar session with 3, 4, 5 or more people – the more the merrier! It’s all there, in LibChat.

  • Supported Across All Browsers – Whether you or the patron are using Chrome, Firefox, Safari, or some other browser… our screensharing works across all browsers.
  • Supported Across Multiple Operating Systems – From Windows to Mac OS, from Ubuntu to Mint… we’ve got you covered.
  • Works on Tablets & Mobile Devices – From Surface Pro 2 (running Win 8.1 / Win 10) to iOS/Andriod devices and even on Slaven’s beloved Blackberry (yes, we went there!)… you can screenshare with users on multiple device types.
  • Audio & Video Options – You and the patron have the option to turn on your mics and webcams to enhance the screensharing experience.
  • Screen Annotation – Annotate screens, draw attention to certain elements, type up notes, and then save the screenshot and send to the patron.
  • Multi-Person Webinars or Virtual Staff Meetings – Screenshare as a group for internal meetings, staff webinars, etc. Why should only two people have all the fun?
  • Distance Education Support – With our screensharing and webinars, your library can better support distance ed programs at your institution.
  • Saved Recordings – Optionally, save your screenshare session and share it with relevant parties.

Screensharing is an optional module but it’s included free to all our Suite customers. Non Suite users can join in the fun too for $199 for this module – we worked hard to bring enterprise-class screensharing & webinars solution that costs thousands to every library that needs it, for less than a daily cup of joe at the local deli. That’s what we’re all about – delivering outstanding value to our libraries that we’re privileged to serve and work with.

Based on the amount of emails and inquiries we received since we told you about our screensharing plans, we know that you will want this installed, like, yesterday. But in order to ensure the stability of the infrastructure the rollout will be gradual, over the next couple of months. If you want to be an early adopter please let us know you’re interested and we’ll go from there.

In addition to screensharing, we have a couple of additional updates to share:

  • New Chat Status: Internal – With all of the screensharing excitement around the potential for internal staff meetings and support, we realized that our existing availability options in LibChat needed some tweaks. Thus as of this release there are now 3 presence/status settings for LibChat:
    • Online – You’re available to answer all public and internal chats
    • Internal – You’re offline as far as public chat departments are concerned, but online and available for internal chat departments and 1:1 operator chats
    • Offline – You’re entirely offline and unavailable to chat
  • Department Monitoring Update – We’ve updated the way we display information on who is publicly monitoring chats for each LibChat department. Previously we were displaying availability for each user in each department based on their overall online/offline status. Now, we’ll display this information based on whether the user is specifically publicly monitoring/not monitoring each individual chat department. To see this in action, head to the LibChat dashboard > Select a Department > Click Department Members.

LibInsight

We are working on integration of COUNTER Release 5 datasets into LibInsight, which we expect to be available before the end of March 2019. Meanwhile, we have a slew of small fixes for you:

  • We fixed field editing bug in circulation datasets
  • We fixed the error message displayed if you do not specify a “# of transactions” field in an Aggregate Circulation dataset
  • We fixed Dashboard charts for LibCal, LibAnswers, and LibGuides datasets
  • We’ve made it possible for you to choose whether to require “Required” fields when uploading a file to a custom dataset
  • We fixed a broken export button in the Circulation and Acquisitions Datasets Analysis “Popular” tab
  • We fixed the “Reset” button on widgets, which was not getting appropriate keyboard focus

LibStaffer

We’ve been working hard to bring you some special gifts this holiday season including awesome new features like copying shifts, SMS alert notifications, Geofencing and OAuth authentication for Outlook/Exchange calendar syncing.

  • Copy Shifts – By popular demand, you now have the ability to copy shifts and their assignments to the same or different calendar.  Open any schedule, select the settings icon drop down and select Copy Shifts access this feature.
  • SMS Alert Notifications – SMS alert notifications are here!  Select which LibStaffer alerts to receive through SMS text messages or email (or both).  Head to Admin > Accounts > Edit > Email & SMS Alerts to check out this new feature.
  • Geofencing – We’ve developed a way to put a distance restriction on where staff members can either clock in or clock out within a specified radius from a schedules physical geographic location.  Check out this new feature to set your geofence restrictions and schedule locations latitude/longitude by going to Admin > Schedule Settings > Edit Settings > Location & Time Clock.
  • OAuth Authentication for Outlook/Exchange Sync – A brand new way of syncing to Outlook/Exchange, using OAuth tokens instead of having to enter and update login passwords.  This new way is more secure than storing of Outlook/Exchange passwords.  Head to Admin > Accounts > Edit Account > Outlook/Exchange.
  • Workflow Submissions Explorer Recipient Filter – We’ve improved the workflow forms submission explorer to include a notification recipient filter.  You will now be able to use this filter to see only relevant form submissions that included a specific notification recipient.  To run the explorer with this new filter head to Forms > Submissions Explorer.
  • Max Hours per Day – The ability to set the maximum number of hours a day a staff member can work across all schedules in one day.  Manual shift assignments and the auto scheduler will take this new value into account when checking availability when scheduling staff members.  To set a staff members max hours per day that they can work, go to Admin > Accounts > Edit > Manage Account.
  • Custom Week Start Date – Beyond Sunday and Monday, we’ve now brought you the ability to set the ‘Week starts’ date to any day of the week.  The proper support has also been added for manually assigning staff and running the auto scheduler to determine availability.  Go to Admin > System Settings to set your ‘Week starts’ value to any day of the week.
  • Multi View Start Date – We’ve modified the multi schedule view display where if all the calendars selected for the multi view have the same week start date, the calendar view will start on that same day of the week.  To view this change, go to Schedules > Multi-Schedule View Only and select calendars that all have the same week start date.
  • Shift Swaps with Outlook/Exchange sync – We’ve improved the shift swap sync process for Outlook/Exchange where after a shift is successfully swapped between two staff members, the shift that each staff member was assigned to prior to the swap will be removed from the Outlook/Exchange calendars.
  • Consistent first and last name display – We’ve gone through all of LibStaffer and anywhere an account name appears it will display as First Name Last Name sorted by Last Name.

 

Many of the new features and functionality in Springshare tools came as a direct result of you, our customers, sending us your ideas, suggestions, pain points, constructive criticism, and kudos. We can’t thank you enough, and we promise so much more good stuff coming your way in 2019 – new features, enhanced functionality, new products… all with one singular purpose – to make your library workflows better and for you to continue impressing your customers and making them love and appreciate their library and their librarians even more. Thank you for your amazing suggestions and ideas in 2018, and here’s to a lot more goodies in 2019 and beyond. As always we’re here for you if any questions pop up.

New Data Center: Australia / Asia-Pacific – February 2019

Springshare is pleased to announce that we are bringing data centers online in Australia on February 11, 2019! All Asia-Pacific customers will be hosted on these servers. (See below for the list of countries moving to these servers.)

These new servers host v2 products only: LibGuides, E-Reserves, LibAnswers v2, LibCal w/Equipment Booking, LibStaffer, LibWizard, LibInsight, and LibCRM. Once you move to this new cluster, all of your Springshare tools (current and future) are located there.

Who is moving & will there be down time?

We’re moving all v2 sites and content for customers located in the Asia-Pacific region. If you are located in one of these countries, your data is moving to the Australian servers: Afghanistan, Australia, Bangladesh, Bhutan, British Indian Ocean Territory, Brunei, Cambodia, China, Cook Islands, Fiji, French Polynesia, Heard Island & McDonald Islands, India, Indonesia, Japan, Kiribati, Laos, Macao, Malaysia, Maldives, Marshall Islands, Federated States of Micronesia, Mongolia, Myanmar, Nauru, Nepal, New Zealand, New Caledonia, Niue, Norfolk Island, North Korea, Oman, Pakistan, Palau, Papua New Guinea, Philippines, Pitcairn, Samoa, Singapore, Solomon Islands, South Korea, Sri Lanka, Taiwan, Tajikistan, Thailand, Tokelau, Tonga, Tuvalu, Vanuatu, Vietnam, Wallis and Futuna.

Customers not located in one of the above countries are unaffected. There will be no down time for customers on servers in the U.S., Europe, or Canada while we move these sites.

Asia-Pacific customers will experience some down time during the migration process:

  • LibGuides Public side: No down time.
  • LibGuides Admin side and all other apps (both public and admin sides): Estimated 15 minutes of down time; may be up to 30 minutes.

I’m in the Asia-Pacific region – what do I need to do / know?

  • Migration Date: Monday, February 11, 2019 starting at 7pm U.S. EST (Melbourne time: Tuesday, February 12, 2019 at 11am AEDT)
    Time Converter – click “Add another city or time zone” to convert to your location.
  • LibGuides / LibAnswers / LibCal Custom Domains: If you have a custom domain (e.g., research.mylibrary.org, ask.myschool.edu, calendar.library.myschool.edu.au) for your LibGuides, LibAnswers, and/or LibCal site(s), you’ll need to work with your IT department to update your DNS records in time for the migration. We’ll send you instructions / more details in early January.
    If you are not on a custom domain (e.g., mylib.libguides.com, university.libanswers.com, springylib.libcal.com), you do not need to do anything. We’ll take care of everything on our side.
  • We’ll email you in early January with more information about what to expect and what you need to do to prepare for the move.

If you’re using LibAnswers v1 or LibAnalytics and want to move to the Australian server cluster, you will need to move to v2 in order to do so. LibAnswers v1 customers will be live with v2 prior to this server move. If you are using LibAnalytics, please update to LibInsight Lite.

If any questions / concerns pop up, please let us know, and as always, thanks for being on board!

HTTPS for All and All for HTTPS!

(Past HTTPS posts: Aug 24, 2017  |  Sept 28, 2017  |  Jan 25, 2018  |  June 7, 2018)

All major browsers are now flagging HTTP pages as “not secure” as a matter of course. This move toward web-security-by-default is something we at Springshare agree with, so we’ve implemented several things to help all of you ensure that your users are always enjoying a secure experience with Springy Apps – security certificates, forcing HTTPS, and removing TLS1.0 support, to name a few – and we’ll continue to roll out security options in future. In addition, we’re always vigilant in making sure that our code and our servers are safe and secure.

You may be wondering…why should I care if my pages are loading over HTTPS? Well, it’s all about your users’ security & privacy! With data leaks and cyber attacks on the rise, it just makes sense to take advantage of every opportunity to give your users the most secure web experience possible, and HTTPS is the baseline. Also, if you’d like to use the forthcoming LibCal billing functionality (online payments FTW!), an HTTPS connection is required.

Many of our customers have already made the move to HTTPS-only, and found it easy to do! There is no downtime or cost when moving to HTTPS (unless you choose to purchase your own security certificate) and it ensures a better, more secure experience for all of your users. In fact, we have issued over 2,000 certificates (for free!) so that all you need to do is push one button to switch to all secure access, all the time. It’s a win for everyone!

What We Do / What We’re Going to Do:

  • We provide free, automatically renewed Let’s Encrypt security certificates, in addition to the ability to upload your own security certificates.*
    • Load your page using https to double check whether or not your site has a valid, active security certificate.
    • Simply click in your address bar and type https://yoursiteURL.
  • We offer the ability for sites to force all of their pages to load over HTTPS. It is not enabled by default (yet), because there may be some content on your site that you need to update prior to making that move. (See below for more info on mixed content.)
  • We offer HTTPS access for all APIs, so you can ensure security of any information transferred via API.
  • We will remove the LibApps > Admin > Domains and Certificates option to toggle “Force HTTPS” for good by the end of Q1 2019.
  • If your site is not already set to enforce HTTPS, we set that for you beginning Jan 2nd, 2019. We will do this a few sites at a time each day to ensure that everyone is covered before the end of Q1 2019.

What You Can Do Now:

  • Check your site for “mixed content“: content embedded in your page that is loaded over HTTP instead of HTTPS.
    Why does this matter? If your overall page is loading over HTTPS, but an embedded item on the page is trying to load over HTTP, the embedded item will not display on the page. Although Springshare has supported HTTPS for a long time, this is the primary reason we have not enforced it yet: giving you time to update your widgets and ensure all content continues to load on your pages.

    • This content could be a search widget, a video, or anything else you’ve embedded. If it’s embedded in your site, it must be embedded via HTTPS.
    • Notes on how to find mixed content in your site is below in the “Searching for Mixed Content” section.
    • If your widget is loading over HTTP, check the site where you got the widget to see if they offer an HTTPS version.
    • If your widget is from a Springy app, it’s easy! Just add https: to the beginning of the “src” to require that it load via HTTPS.
    • If you use Springy APIs anywhere, make sure you’re using them over HTTPS. If not, update your calls by adding that s.
  • Force your LibGuides, LibAnswers, LibCal, and LibWizard sites to load over HTTPS.
    • This ensures a secure experience for your users when using those apps.
    • LibInsight, LibStaffer, and LibCRM are designed to always load over HTTPS, so there’s nothing to change for those systems.
    • This will be enabled for all sites by the end of Q1 2019.

Searching for Mixed Content:

  • In LibGuides:
    • Rich Text items: use the “Search” portion of our Search & Replace tool, and search on http: (with the colon at the end). Then review the list for embedded content. If the item is simply a link out to another website, you do not have to update that (unless the other site supports HTTPS and you want to update it). (This might be the majority of the list.) You’re looking for content embedded in the page, JavaScript, calls to stylesheets, etc. You can use CTRL+A to highlight the results, copy them, and paste them into a program like Excel for easier scanning, if you wish.
    • Widget items: use the filtering options in the Content > Assets area. Once on that page, limit Type to Widgets, enter http: in the Description / Metadata field, and click Filter. Click the edit icon for each item and review as noted above.
  • In LibAnswers you can use the “Search” part of the Admin > Assets > Search & Replace Links tool to find all instances of http: in your FAQ answers (yes, even though it says Search & Replace Links 😉 ). Be sure to check off the “Perform a search only” checkbox when using this tool. The first section will list any Public FAQ Links that contain http: – which may be just fine (though if there is an https equivalent, then it’s a good thing to update). The second section lists Public FAQ content that contains http:. Be sure to check this second area, as it’s likely where you may have embedded something. Also remember to check your Embedded Media / Widgets in your Public FAQs!
  • Load your page over HTTPS and use your Browser’s developer tools (usually something along the lines of: right click on the page > select Inspect > select the Console tab) to see what it marks as “mixed content” on each page. This may take a while, considering the number of pages you may have on your site, but it’s an option.
  • Another option is to use one of the myriad of tools that have popped up to help with this very thing! Do a web search on “mixed content check” (or similar keywords) and you’ll find options like “Why No Padlock?”, etc. (We’re not endorsing any particular thing; that site is simply noted as an example.) Continuing with using that site as an example, it works like this: you enter your https link into the tool and it scans that page (and any page that it links out to), notes any mixed content, and reports back to you with a list. It’s a great way to find all mixed content at once and/or as a check before forcing HTTPs for your site.

* Using a custom domain and seeing that your site does not have a security certificate?

Your DNS records could be pointing to the wrong place or there could be a Certificate Authority Authorization (CAA) in place that is preventing us from getting a Let’s Encrypt certificate on your behalf. We’ve contacted the handful of sites where we know this is a problem. If you’re seeing that you do not have a security certificate, contact your IT department with this information:

  1. Check that your DNS records are pointing to the right place.
  2. Check to see if CAA is enabled. If so, either:

If you do not either allow us to successfully obtain a security certificate on your behalf or purchase one on your own, your site will be unreachable when we require all pages be loaded via HTTPS (by the end of Q1 2019). Let us know if you have any questions!