Objective To identify current practice regarding the management of user identities and application access on the LAN
so as to
Assist with selecting and defining standards aimed at making effective IAM more readily achievable for more schools
Clarified aspects for discussion
1. The need for a single set of login credentials with associated user attributes
2. The need to streamline the process by which network directory user accounts are created and managed within the LAN
Information sources
Edtech’s own knowledge base as a school specialist network integrator
Open response survey via the MLE group
Community priorities
#1 priority for users to have a single set of credentials to remember
Secondary requirements
Ability to differentiate between multiple services/apps without credential re-entry (SSO)
The login to allow for different roles in different apps
School control – the ability to tailor the front end user experience
Directory systems
Novell E
-Dire
ctory
Windows A
ctive
Directo
ry
Macintosh
Open
Directo
ry
Smart
Net Open
LDAP dire
ctory
Other Open
LDAP dire
ctory
Windows A
D and M
acintosh
OD
0%10%20%30%40%50%60%70%80%90%
Directory System Used to Manage User Authentication by School Type
Secondary/Area SchoolsPrimary/Intermediate Schools
Methods of directory population
0%
20%
40%
60%
80%
Directory Population at the Start of Each Year
All School TypesPrimary and IntermediateSecondary & Area
Groups/Roles
Studen
t or s
tuden
ts
Teac
her or t
each
ers
Office or o
ffice st
aff Staff
Senior m
anag
emen
t / le
aders
hip
Administrat
or
Admin
Support
staff
Network/
Domain Administ
ration
Groups fo
r eac
h studen
t yea
r leve
l
Librar
y
Administrati
on
Princip
al
Studen
t tea
chers
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
Common Role Oriented Groups Utilised Within the Central Directory(used by more than 4% of respondents)
All school typesSecondary/Area SchoolsPrimary/Intermediate Schools
Participating applications
Applications for which single sign on would be advantageous:
SMS LMS Library systems AsTTle
Discussion 1. The need for a single set of login credentials with associated user attributes
2. The need to streamline the process by which network directory user accounts are created and managed within the LAN
The need for a single set of login credentials
Priorities Single username and password used
wherever needed on the LAN Single entry of credentials Single active session – single
simultaneous login User attributes associated with
credentials for customised role based access
The need for a single set of login credentials
Implementation Options Direct authentication Federated authentication Synchronisation of credentials
The need to streamline the management of user accounts
Recommendations Common location for school staff
data to be defined. A decision as to the authoritative
source of student user accounts Definition of a simple role based
attribute schema so as to distinguish users at login
Possible provision of directory specific tools for creating and managing user accounts to reduce the current administrative workload.