Embed Size (px)
Citation preview
Melissa Conover, NCDPI, PresenterTroy Moreland, IdAuto, PresenterMark Scheible, MCNC, PresenterLee Cummings, MCNC, PresenterDawn Castonguay, WCPSS, PresenterJordan Kincaid, Facilitator
Getting the most from the NCEdCloud IAM Service
Session Date/Time Room
Weds, Feb 22nd 1:00 PM - 2:45 PM Imperial D
Thurs, Feb 23rd, 8:30 AM - 10:15 AM Imperial D
● Opening remarks and Introductions – Melissa Conover● Service Statistics - Troy Moreland● Prior year successes – Melissa Conover● Source Data Best Practices – Melissa Conover● Target Application Request and Fulfillment Process –
Mark Scheible, Lee Cummings● Target Applications – Available now and future
applications – Mark Scheible, Lee Cummings● Local deployment of RapidIdentity – Troy Moreland, Dawn
Castonguay● Q&A - All
Session Content
Opening Remarks
Meet the Team
Meet the Team
Melissa Conover NCDPIIAM Service Manager
Meet the Team
Melissa Conover NCDPIIAM Service Manager
Jordan Kincaid NCDPI IAM Service Manager Back-up
Meet the Team
Melissa Conover NCDPIIAM Service Manager
Jordan Kincaid NCDPI IAM Service Manager Back-up
Mark Scheible MCNCSr. Lead IAM Solutions Architect
Meet the Team
Melissa Conover NCDPIIAM Service Manager
Jordan Kincaid NCDPI IAM Service Manager Back-up
Mark Scheible MCNCSr. Lead IAM Solutions Architect
Lee Cummings MCNCIdentity & Access Management Consultant
Meet the Team
Melissa Conover NCDPIIAM Service Manager
Jordan Kincaid NCDPI IAM Service Manager Back-up
Mark Scheible MCNCSr. Lead IAM Solutions Architect
Lee Cummings MCNCIdentity & Access Management Consultant
Troy Moreland Identity AutomationFounder & CTO
Meet the Team
Melissa Conover NCDPIIAM Service Manager
Jordan Kincaid NCDPI IAM Service Manager Back-up
Mark Scheible MCNCSr. Lead IAM Solutions Architect
Lee Cummings MCNCIdentity & Access Management Consultant
Troy Moreland Identity AutomationFounder & CTO
Dawn Castonguay Wake County Public School SystemSenior Director, Information Systems
Service Statistics
Service Statistics
2015-2016 2016-2017
> 400K logins daily > 760K logins daily
< .4 second login times < .4 second login times
45 million logins 98 million logins (142 million total)
? application launches 87 million application launches
300K accounts created 223K accounts created
2 million accounts updates 3.2 million accounts updated
Prior Year Successes
Prior Year Successes
Source Data
● Implemented enhanced staff email functionality○ Source data process changed to support multiple
email sources○ RapidIdentity portal modified to support multiple user
eMails with Preferred Email option
● Enhanced source data validation○ Source data account changes, adds and deletes for
both staff and students that exceed a predefined LEA and Statewide threshold is identified as a potential issue.
Prior Year Successes
Security
● Implemented Required Password Change○ This change requires NCEdCloud IAM Service staff
users to change their passwords every 90 days.○ This change also provides the ability to implement the
password change requirement for student users.
● Identified and Rectified Blackboard Security Issue○ Introduced process to allow LEAs to create staff UIDs
in the format of ConnectXXX (XXX is the LEA number) in order to alleviate the use of live staff UIDs.
Prior Year SuccessesFunctionality● Change in Homebase Application icons
○ This change provides unique application icons for the following Home Base applications:■ PowerSchool Admin■ PowerSchool Teacher■ PowerSchool Student■ TrueNorthLogic ■ Canvas Red■ Canvas Blue
● Implemented ‘My Students for Non-Teachers’ Role○ This role is requestable through the NCEdCloud IAM
Service Workflow process. It is useful to those users who are teaching a class are not defined as a teacher via their object and purpose codes and, if granted, provides access to the non-teachers students.
Prior Year SuccessesSystem Updates
● Upgraded the NCEdCloud IAM Service underlying Software and Hardware
○ Upgraded to RapidIdentity versions 3.5, 4.0, 4.1, 4.2 ○ Upgraded hardware as necessary
Support
● Moved the NCEdCloud IAM service support to NCDPI
Prior Year SuccessesTarget Applications● New Integration for Google Apps for Education (V2)
○ Doesn’t use UID for Google Username○ Provisioning of accounts is controlled by LEA/CS
■ If email address is present in the IAM Service, then a GAFE account is created with the user’s email as the Google/Gmail username
■ If no email address is present in the IAM Service, then an account will not be created in Google
● Follett Destiny Integration (V2), re-written to use Single Sign-On (SSO) functionality○ Previous integration required user to login a second time
when accessing Destiny○ Destiny user data now comes from PowerSchool
■ Enables use of Homeroom field within Destiny● NC Live! (Streaming Video)
Source Data Best Practices
Source Data Workflows
● Source Data file creation and processing occurs nightly, Sunday through Friday and begins at 4:30 PM. Please be sure to have all of your PowerSchool (for students) and/or UID (for staff) updates completed by 4:30 PM each day.
● Assign at least one NCEdCloud IAM Service LEA Administrator to your LEA or Charter. This provides an avenue of communication for announcements and IAM workflow requests.
● Assure that the staff UID system is current with your employees via your payroll, HRMS or Linq systems.
● Visit NCEdCloud.MCNC.org often to review system announcements, training videos and general information.
Source Data Best Practices
NCEdCloud IAM ServiceTarget Applications
NCEdCloudIAMServiceTargetApplications
TargetApplications:Twotypesofrequests
Request to integrate an existing,approved application (scheduling)with the IAM Service
Suggestion of a new application tobe considered for approval andoffered for integration with the IAMService
Both request forms can be reached at..
https://ncedcloud.mcnc.org > Resources > Target Applications
TargetApplications:RequestandFulfillmentProcess
Tech Directors/LEA Administrators request target applications to be integrated with the NCEdCloud IAM Service (for their LEA/CS) from the Target Applications Request form.
Submission of this form initiates the integration process and updates the status for the particular LEA/Charter School in multiple reporting tools.
Target App Request Form
MCNCAcknowledges request, notifies vendor & NCDPI, monitors progress
App vendor works with LEA/CS and
IdAuto to accomplish integration
(App specific processes)
LEA/CS performs User Acceptance Testing
LEA/CS authorizes App
Icon enablement
LEA/CS App Icon is enabled in IAM Service
TargetApplications:Availability(Current)
https://ncedcloud.mcnc.org/target-applications
Amplify (mClass) - Underway
NC Test
NCWiseOwl
PowerTeacher Gradebook
EC System (CECAS Replacement)
Reporting Data (CEDARS Front-end)
Meals Plus
EverFi
Microsoft Office 365 / EES ProPlus Benefit
Candidates proposed from Survey responses
TargetApplications:Availability(Future)
TargetApplications:Survey
https://goo.gl/forms/COXc0KisT5AlZFlG3
Feedback is a gift, we need you!
The NCEdCloud IAM Service team is reaching out to LEA and Charter School leaders to help identify future target applications and enhancements to the service. The results of the survey will play a critical role in our short and long-term planning for the IAM Service.
Please forward this link to others in your organization that are familiar with the applications used in your LEA or Charter School for classroom learning, tools, online digital content, professional development and/or other local needs.
Local Deployment of RapidIdentity
Local Deployment of RapidIdentity
No cost for software used in NCEdCloud IAM
Included: Portal, Federation, Connect
Not included: Folders, MFA, eSSO
Implementation services fees apply
Offers solution for local IAM needs
Additional local source data (e.g. Visitors, Contractors)
Additional application integration
Group management
Privileged user management
More MFA options
More SSO options
Local Deployment of RapidIdentity
Current list of local deployments
Lincoln
New Hanover
Carteret
Buncombe
Johnston
Wake
Winston-Salem/Forsyth
Cumberland
Orange
Moore
Wake County Public Schools—Single Sign-On
Dawn Castonguay, Senior Director
Identity Access Management
Rapid Identity Decision
• Ability to use local data sources• Participate in DPI contract with Identity
Automation• Local installation provides flexibility to
meet Wake’s needs• Ability to use WakeID which is also part of
user’s email address• K12 Focus
Customization of Login Screen
Local Data Sources
• Staff Data:– Contractors– Student Teachers (approximately 600 per
year)– Interns– Long Term Subs– Substitutes (WakeID only)
Local Data Sources
• Student Data– Control application access through group creation– Implement “preferred name” displayed in Apps– Block students that do not have access to
technology– Allow teachers to access students at their location
to help change passwords and see important data without going through the workflow process
– Provide teachers with Technology Access, Photo Release, etc. information
– Utilize local copy of PowerSchool data
Future?
• Federation with MCNC to access InCommon Steward Program
• Federation with NCDPI HomeBase– Provide access to programs within HomeBase
portal (i.e. PowerSchool, PowerTeacher, Student Portal, NCEES (TNL) using our WakeID portal
Q & A
