School districts these days are facing serious challenges that require balancing increased technology demands and a suprisingly tech savvy user base, with reduced budgets and staff cuts. Recently though, I was approached by a school district that has decided a new user provisioning process could help them address these issues. 

Their current situation:

• 12,000+ students/staff with network accounts
• PowerSchool Student Information Sytsem
• Google Apps for students, Exchange 2007 for staff
• 9 IT Staff (3 admins)
• Scripts create Active Directory from provided data file, run usually at beginning an end of semesters
• Sysadmin who wrote the scripts left district two years ago
• User accounts also created in about 6 other systems including library, e-learning, etc.

This scenario is not at all uncommon, but what amazed was the amount time this district spent each year managing user accounts.  The scripts really were only run about once a year but still involved manual updating due to a new naming convention that was implemented.   Because, no one could figure out the process the previous admin had scripted, so hours upon hours were spent making these updates.  Updating and removing users from the system, again, was a manual process and often neglected.  Active accounts remained on the network for past users and most updates were never made until someone was calling IT, unable to work. Needless to say, this process created a lot wasted time and resources and also opened up the door to some serious access issues.

This district thought, and I agreed that a more automated approach to user management would really help them free up this time and close some current security holes.  With a school district, implementing an automated system, via a connector to PowerSchool for example, doesn't have to be difficult if proper planning and data is available.  Tools4ever's User Management Resource Administrator really makes this planning and data synchronization a much more manageable process.

The solution proposed was the UMRA suite, and outlines a two-step phased approach as follows:

Phase 1: creating a link with the PowerSchool system and Google Apps

• Information on new student/employee, transfers and graduations/departures can be retrieved from their current status in PowerSchool, then compared with Active Directory and Google Apps
• Accounts created or updated as required multiple times a day, with any changes to information or status updates performed consistently and timely. Notifications and information can be sent to IT, end users, or any other appropriate party
• Phased departures; user accounts are disabled on the last day of service. The account with resources will be deleted after x number of days.

Phase 2: linking third-party applications

• Phased creation of automatic links with each application and provisioning process as appropriate depending on user role and system
• The application manager is notified via e-mail of any changes

To learn more about how a phased UMRA solution can benefit your organization, visit our website: www.tools4ever.com

Though, I have not yet posted many entries, I do have a goal with this blog to highlight unique cases of identity management issues and the solutions chosen to solve these often complex problems.  The project write-up below was prepared by Dean Wiech from Tools4ever New York as he managed this “outside the box” identity management implementation.

One of the top 10 school districts in the State of Florida, and top 25 in the country, had an Identity Management issue that did not involve students or faculty/ staff but rather the parents. Legislation had been passed that required any parent wanting access to their child's on line learning environment present themselves in person with identification and request an account. With over 125 physical locations and 500 + users that would be handling the process, a paper system was out of the question.

The solution that was settled on was a combination of standard Tools4ever products and just a little bit of custom web work.

Tools4ever worked very closely with the technical staff of the district to insure the requirements were very detailed to avoid any missed components. In the end, a solution was delivered utilizing User Management Resource Administrator (UMRA ), in about 30 hours of consulting that fully met their needs.

Here is a brief overview of the solution:

•  A parent shows up at a school and requests an account to access their child(s) information.

• A secretary or administrator verifies their ID and enters relevant information into a web page including:

-Name

-ID type, number and expiration date

-Phone Number(s)

-Address

-E-mail

• The secretary then searches for the student(s) using name or student ID criteria and verifies with the parent the correct name is displayed.

• The individual then hits a “Create Parent Record” and, if no duplicate entries are found, the record is created in Active Directory and the student information system and a link between the parent and child is created.
  
  
• A temporary password is returned and the secretary records the information, along with the user name, and delivers it to the parent. 

As part of the project, Self Service Reset Password Manager (SSRPM ) was also deployed for the parents to allow them to enroll and reset their passwords via challenge questions and avoid an unnecessary burden on the help desk staff.

Additional web forms were delivered to allow administrative staff to reset passwords for parent’s accounts, check their SSRPM enrollment status, to run last logon reports, disable accounts, update accounts and SSRPM enrollment reporting.

Since deploying the system, over 100,000 parents have been successfully enrolled and can access their child’s records with ease. Paperwork that had previously utilized for the process has been eliminated and, through SSRPM, the additional burden on the help desk has been non-existent.

To learn more about Tools4ever solutions, please visit our website,
Tools4ever, Inc.