Policy

Passwords, Permissions and Student Data—How One District Got Account Provisioning Right

By John Waters     Jun 11, 2018

Passwords, Permissions and Student Data—How One District Got Account Provisioning Right

The adoption of online educational resources has placed applications and digital files at the center of the teaching and learning experience in K-12 schools. As the number of students and teachers who must log on, sign in, or register to access those materials grows, so does the challenge faced by the IT departments charged with managing that access. Indeed, keeping digital resources front and center requires behind-the-scenes coordination when creating, managing, and provisioning access for all.

“Teachers and students typically need to interact with five to 15 different web-based resources in a given school year,” says Ralph Valenzisi, Chief of Technology, Innovation, and Partnerships at Norwalk Public Schools. “And that number is just going to grow. Account provisioning is one of those basic things a district just has to get right.”

At its most basic level, user account provisioning is about managing passwords and permissions. In K-12 environments, however, that process increasingly involves securing student information, vetting solution providers, and tracking the efficacy of some programs.

Valenzisi’s district, located in southwestern Connecticut, comprises 11,600 students attending 12 elementary schools, four middle schools, two high schools, and one alternative high school program. Among the goals of the district’s IT department is to “seamlessly infuse technology at all grade levels.” But the seams really start to show when access to online resources is stalled by cumbersome sign-on systems, Valenzisi says.

“Constantly getting those ‘lost-my-password’ calls was a real pain point for us,” he says. “In fact, they represented the majority of calls to the help desk. But this was a problem for the teachers, too. In many ways, there’s nothing worse for a teacher than having to deal with students who have forgotten their passwords. It increases learning time and reduces instructional capacity.”

Like many K-12 districts, Norwalk uses Microsoft’s Active Directory (AD), which allows administrators to assign policies and deploy software across the entire school district. Not surprisingly, the district’s leaders decided to address their evolving account provisioning needs with a single sign-on (SSO) solution that would connect to its AD structure, and could be expanded into an online portal students and teachers could use to access a library of approved resources from any connected device.

For the past year, the district has been working with ClassLink, a Clifton, NJ-based provider of web- and cloud-based educational products and services, and the company’s namesake SSO platform. One of the things that appealed to the district is that the platform is based on OneRoster, an open standard that governs the sharing of student data among different educational systems, such as an LMS or digital content platform. “Rostering” is just what it sounds like: the process of getting student information into a class roster.

“It wasn’t that long ago that I’d start to talk about ‘rostering’ and get these blank stares,” says Berj Akian, CEO and Founder of ClassLink. “Now it seems like everybody asks me about it right away. They’re telling us that they need help with this, and they want to move to open standards.”

The OneRoster standard was established in 2015 by a Florida-based group of vendors, districts, and others known as the IMS Global Learning Consortium, so, by tech spec standards, it’s fairly new. Still, lots of organizations have adopted it, including Pearson, Houghton Mifflin Harcourt, and McGraw Hill Education.

“The thing about this approach is that it frees the teachers from having to do the work of figuring out the classes and setting up the IDs and so forth,” Valenzisi says. “It’s automated in the backend, which is the way it really should be. It has been a wonderful solution for us.”

Norwalk is an early adopter of ClassLink’s new OneSync platform, which automates the account provisioning process. The district plans to use it as a hub that automatically connects disparate data sources—including student information systems (SISs) and human resources—to one or multiple directories, such as Microsoft’s AD, Azure/O365, and Google. Not only will the product help with student IDs, it’ll support the management of adult IDs and mapping them back to the district’s human resource systems.

“With the platform connected to our Active Directory structure, teachers can log in and get to their apps, students see their own apps, and this summer we are going to expand the use of this to create a portal for teachers and students on any device they use,” Valenzisi says. “There are so many different applications schools use today, if you don’t have a single sign-on portal, it’s difficult and unwieldy to manage. I think everybody is moving in this direction.”

As Norwalk demonstrates, empowering teachers and students with access requires more than a lockbox of usernames and passwords. The need for single sign-on has clearly expanded to include rostering and account provisioning as well.

Policy

Passwords, Permissions and Student Data—How One District Got Account Provisioning Right

By John Waters     Jun 11, 2018

Passwords, Permissions and Student Data—How One District Got Account Provisioning Right

The adoption of online educational resources has placed applications and digital files at the center of the teaching and learning experience in K-12 schools. As the number of students and teachers who must log on, sign in, or register to access those materials grows, so does the challenge faced by the IT departments charged with managing that access. Indeed, keeping digital resources front and center requires behind-the-scenes coordination when creating, managing, and provisioning access for all.

“Teachers and students typically need to interact with five to 15 different web-based resources in a given school year,” says Ralph Valenzisi, Chief of Technology, Innovation, and Partnerships at Norwalk Public Schools. “And that number is just going to grow. Account provisioning is one of those basic things a district just has to get right.”

At its most basic level, user account provisioning is about managing passwords and permissions. In K-12 environments, however, that process increasingly involves securing student information, vetting solution providers, and tracking the efficacy of some programs.

Valenzisi’s district, located in southwestern Connecticut, comprises 11,600 students attending 12 elementary schools, four middle schools, two high schools, and one alternative high school program. Among the goals of the district’s IT department is to “seamlessly infuse technology at all grade levels.” But the seams really start to show when access to online resources is stalled by cumbersome sign-on systems, Valenzisi says.

“Constantly getting those ‘lost-my-password’ calls was a real pain point for us,” he says. “In fact, they represented the majority of calls to the help desk. But this was a problem for the teachers, too. In many ways, there’s nothing worse for a teacher than having to deal with students who have forgotten their passwords. It increases learning time and reduces instructional capacity.”

Like many K-12 districts, Norwalk uses Microsoft’s Active Directory (AD), which allows administrators to assign policies and deploy software across the entire school district. Not surprisingly, the district’s leaders decided to address their evolving account provisioning needs with a single sign-on (SSO) solution that would connect to its AD structure, and could be expanded into an online portal students and teachers could use to access a library of approved resources from any connected device.

For the past year, the district has been working with ClassLink, a Clifton, NJ-based provider of web- and cloud-based educational products and services, and the company’s namesake SSO platform. One of the things that appealed to the district is that the platform is based on OneRoster, an open standard that governs the sharing of student data among different educational systems, such as an LMS or digital content platform. “Rostering” is just what it sounds like: the process of getting student information into a class roster.

“It wasn’t that long ago that I’d start to talk about ‘rostering’ and get these blank stares,” says Berj Akian, CEO and Founder of ClassLink. “Now it seems like everybody asks me about it right away. They’re telling us that they need help with this, and they want to move to open standards.”

The OneRoster standard was established in 2015 by a Florida-based group of vendors, districts, and others known as the IMS Global Learning Consortium, so, by tech spec standards, it’s fairly new. Still, lots of organizations have adopted it, including Pearson, Houghton Mifflin Harcourt, and McGraw Hill Education.

“The thing about this approach is that it frees the teachers from having to do the work of figuring out the classes and setting up the IDs and so forth,” Valenzisi says. “It’s automated in the backend, which is the way it really should be. It has been a wonderful solution for us.”

Norwalk is an early adopter of ClassLink’s new OneSync platform, which automates the account provisioning process. The district plans to use it as a hub that automatically connects disparate data sources—including student information systems (SISs) and human resources—to one or multiple directories, such as Microsoft’s AD, Azure/O365, and Google. Not only will the product help with student IDs, it’ll support the management of adult IDs and mapping them back to the district’s human resource systems.

“With the platform connected to our Active Directory structure, teachers can log in and get to their apps, students see their own apps, and this summer we are going to expand the use of this to create a portal for teachers and students on any device they use,” Valenzisi says. “There are so many different applications schools use today, if you don’t have a single sign-on portal, it’s difficult and unwieldy to manage. I think everybody is moving in this direction.”

As Norwalk demonstrates, empowering teachers and students with access requires more than a lockbox of usernames and passwords. The need for single sign-on has clearly expanded to include rostering and account provisioning as well.

Next In Policy

STAY UP TO DATE ON EDTECH
News, research, and opportunities - sent weekly.
STAY UP TO DATE ON EDTECH
News, research, and opportunities - sent weekly.