web
You’re offline. This is a read only version of the page.
close

Institutional Authentication Options

Therapeutic Guidelines Limited (TGL) offers three flexible authentication methods to help institutions provide secure and reliable access to TGL Guidelines. Choose the option that best fits your systems and workflows.

IP Address Authentication

What Is IP Address Authentication?
IP authentication allows automatic access to TGL Guidelines whenever a user is connected to your organisation’s approved public IP address.
In other words:
  • Your institution shares its Static Public IP(s) with TGL.
  • TGL approves those IPs in the system.
  • Anyone browsing from those IPs is instantly recognised and granted access.
  • There are no usernames or passwords involved.

How it works
To set this up, your institution must supply the following: Your institution provides its Static Public IP address(es).
These can be:
  • A single public IPv4 address
  • A public IPv6 address
  • A range of public IP addresses
TGL then registers these IPs within the authentication system.
To ensure TGL can activate your IP Address access quickly and accurately, provide the necessary details directly to your TGL Sales representative, who can assist you with the process.

How IP Authentication works for users
Once your IPs are registered:
  • A user connects to your institution’s network
    • via on-site Wi-Fi, or
    • through a LAN cable on campus.
  • The user visits any TGL website, such as:
    • https://app.tg.org.au
    • https://obesid.tg.org.au/
    • https://dontrushtocrush.tg.org.au/
  • Access is granted immediately
    • No login
    • No special screens
    • No registration
  • Off-site access
    • Access works only on campus, unless staff use an institution-approved VPN that routes traffic through your registered public IPs.
Public vs Private IP Addresses
To ensure a smooth setup, it’s important to understand the difference between Public and Private IP addresses.
  • Public IP (Required for TGL access)
    • Assigned by your Internet Service Provider
      • Visible externally on the Internet
      • Used to authenticate and approve access
      • Can be checked at: https://whatismyipaddress.com/
    • These are the IPs your institution must provide to TGL.
  • Private IP (Not valid for TGL access)
    • Private IP addresses are only used inside a local network and are not visible to TGL.
    • Typical examples include:
      • 192.168.x.x
      • 10.x.x.x
      • 172.16.x.x
    • These addresses cannot be used for authentication because they never leave your internal network.

Referring URL Authentication

Access through your intranet or staff portal
This option allows access when users click a TGL resource from a secure internal webpage or URL. This web page or URL sits behind an authenticated, secure sign‑in managed by the institution.

How it works
  • In simple terms, your institution hosts a secure page that only logged-in staff can access.
  • That page contains a link to a TGL application.
  • When a user clicks the link from that secure page, TGL recognises the source and grants access instantly.
What an Institution needs to do
  • Choose a page that:
    • Requires users to log in before they can view it
    • Is controlled and hosted by your institution
    • Cannot be accessed publicly
  • Examples include:
    • Intranet home page
    • SharePoint team site
    • Protected staff portal page
  • This page will act as the “trusted launcher” for TGL access.
  • Provide the Secure Referring URL to TGL
    • Once you identify the secure page, your institution must send TGL the full URL of that page.
    • To ensure TGL can activate your Referring URL access quickly and accurately, provide the necessary details directly to your TGL Sales representative, who can assist you with the process
    TGL will then:
    • Register the URL within the TGL system
    • Validate that only authenticated users can access it
    • Enable access for any user who arrives from that exact URL
    • This ensures that only legitimate institution staff can use the referral workflow.
  • Embed the TGL Access Link on your Institutions’ Secure Page
    • After TGL registers your URL, you simply add the TGL link to your secure page.
    • Use one or more of the following TGL access links, depending on the product(s) you have subscribed to:
      • For Therapeutic Guidelines product: https://app.tg.org.au
      • For ObesiD product: https://obesid.tg.org.au/
      • For Don’t Rush to Crush product: https://dontrushtocrush.tg.org.au/
    • You can embed these links as:
      • Buttons
      • Hyperlinked text
      • Quick-access tiles
    • Your institution controls how it appears to staff.
  • How Access Works for Your Users
    • The process for staff is simple:
      • A user logs into your intranet or staff portal as usual.
      • They navigate to the page containing the TGL link.
      • They click the TGL product link.
      • Access is granted instantly, because TGL recognises the user came from your registered secure URL.
    • There is:
      • No additional login
      • No TGL username or password required
      • No user management required by your institution
    • Everything is handled automatically.
    • Important Note: TGL cannot restrict access between subscribed products if they share the same referring URL domain. If the institution has an active subscription to multiple products, users will have access to all of those products.
    • OpenAthens Authentication (via Proxy IP)
A smart link that supports both onsite and offsite use
Note: OpenAthens is a paid, third-party authentication service. Federated OpenAthens authentication is not supported by TGL at this time; only Proxy IP access is available. Institutions must enable the OA redirector service.
TGL supports OpenAthens access using Proxy IP authentication with an OpenAthens Redirector Link.

How it works
  • Your institution provides its Proxy IP address (used by OpenAthens or EZproxy).
  • TGL registers this Proxy IP in the system.
  • TGL provides a custom OpenAthens Redirector Link
  • You place the link on your intranet or library portal.
  • When users click the link, they are prompted to sign in with their institutional credentials and, upon successful authentication, are granted access to the TGL resource.
What is Redirector Link
An OpenAthens Redirector link is a smart access URL that routes users to online resources using their institution’s authentication method. It automatically handles both on campus and off campus access without requiring different links or complex configurations.

Typical Redirector link format:
https://go.openathens.net/redirector/yourdomain.edu?url=

In essence, the OpenAthens Redirector link provides a seamless, consistent entry point to resources, dynamically handling authentication based on the user’s location.
More information:About the redirector, Home-OpenAthens

Additional Information:

Proxy IP
A Proxy IP is an institution controlled public IP address used by authentication tools such as EZproxy , OpenAthens redirectors or other proxy services. When user traffic is routed through this proxy server, TGL identifies the request as coming from an approved institutional network and grants access accordingly.
If your organisation uses a proxy service with defined access policies—such as EZproxy—your administrator will need to update the relevant EZproxy stanza to include all TGL products your institution subscribes to. To ensure uninterrupted access, we recommend whitelisting the URLs listed below based on the specific products available to your organisation.

TGAPP
https://ccmsfiles.tg.org.au/s*
https://app.tg.org.au
https://tgldcdp.tg.org.au

Don't Rush to Crush:
https://dontrushtocrush.tg.org.au/
https://drtcccmsfiles.tg.org.au/*

ObesiD:
https://obesid.tg.org.au
https://obesityccmsfiles.tg.org.au/*