LibKey Nomad for IT Professionals

Modified on Thu, 09 Feb 2023 at 01:16 PM

How do you install Nomad?

LibKey Nomad is a browser extension which you download and install from your browser's store or extension library.  Simply navigate there and search for "LibKey Nomad" or go directly to the LibKey Nomad page.  Installation and setup is quick and easy.  Simply download and install the extension, choose your supported institution and start browsing!

Is deployment possible via Microsoft Group Policy?

Yes! This is the recommended deployment method and we have instructions (beta) to this effect available right here:

Do users need to create an account to use Nomad?

No! Nomad, like all of Third Iron technologies, is very privacy minded.  There are no user accounts to create, the extension does not ask for or store your institutional user credentials and we do not run our scripts on any webpages other than those that are supported publisher pages, along with a few select domains such as PubMed and Wikipedia which have unique enhancements for each site.

What browsers does Third Iron support for LibKey Nomad?

LibKey Nomad supports Chrome (the world's most popular browser) as well as Firefox, SafariMicrosoft EdgeBrave and Vivaldi.

What browsers might LibKey Nomad work on and which are not officially supported by Third Iron?

What browsers might LibKey Nomad work on and which are not officially supported by Third Iron?
In theory, any browser built on Chromium should be compatible with LibKey Nomad, however, because these browsers are rapidly developing, they are not officially supported. 

Are there any security risks for my users in using Nomad?  How and when is data transferred to your servers?

LibKey Nomad is designed to meet contemporary privacy and security standards.  The key elements to the security of LibKey Nomad are:
  • There are no user accounts involved so we never ask for any personal information from the user.
  • The LibKey Nomad scripts within the extension only execute on supported publisher pages and on a few select domains such as PubMed and Wikipedia in order to deliver unique enhancements to each site.
  • We do not cache user credentials for the SSO, proxy servers, etc.  Remote access is governed solely by the existing remote authentication system at your institution.  LibKey Nomad only forwards to those services and they then otherwise function as normal.
  • LibKey Nomad runs scripts in the browser that looks for unique article identifiers (DOI or PMID) for the article, sends the identifier information to our LibKey API service.  The API returns linking information to forward the user to the article of interest via your existing authentication routes. The Nomad browser extension handles all token requesting/issuing to provide authentication to this endpoint.
  • LibKey Nomad is CORB compliant (More information on CORB).
LibKey Nomad may also interface with the non-profit OADOI project to check for the existence of OA alternatives to articles.

Selecting an institution is as simple as downloading the application from the Chrome Extension Store and then selecting your subscribed institution when prompted.  Visibility of any particular library is determined by the institution's subscription status with Third Iron.  Additionally, institutions may elect to not make Nomad available to their users.

How are updates pushed out to Nomad end users?

At Third Iron we go through an approval process that requires multiple people, including developers and quality assurance personnel, to sign off on approval for new versions of our software. For LibKey Nomad browser extension updates, once we have that sign-off, we have secured all accounts that can authorize that update with multi-factor authentication to help ensure only people who should be able to push a new version of Nomad can do so.

We monitor automatically-generated release alerts from the Chrome, Firefox, and Edge stores to ensure we have very clear visibility into when a new version is released. The actual mechanics of how a new version of the extension gets to a machine is controlled by the browser manufacturer, whether Chrome, Firefox, or Edge.

When I install the extension I'm warned by Google Chrome that the extension can "Read and change all your data on the websites you visit".  This sounds concerning.  What does this mean?

LibKey Nomad can see and change pages on any site, but it only takes action when it is within an allowed list of domains known to the LibKey Nomad browser extension that is made up of hundreds of publishers and discovery platforms. If the domain is in the approved list, Nomad may alter the appearance of the website by inserting download links, links to BrowZine, and cover images as appropriate. The only data sent to the Third Iron server in this process includes the affiliated Library's LibKey ID, an API Key, a DOI and/or PMID, and the requesting IP. This IP is used only for standard web server log data and when determining authentication requirements.

Where can I read more about the benefits of LibKey Nomad for researchers?

You can read our more general overview and FAQ on LibKey Nomad here.

What is your privacy policy?
Our privacy policy, governing all Third Iron products, is here.   
(Spoiler alert: we are GDPR compliant.)

Additional Questions or Concerns?

Contact us!  Please drop us a line at and will be happy to assist!