What is the username and password problem?

Schools in New Zealand are increasingly relying on cloud or web based services. These services all require separate usernames and passwords (called credentials) which creates issues for users and managers.  Students, staff and parents end up with a growing number of credentials, making it difficult to remember them and/or keep them strong and secure. 

These  cloud or web based services have many advantages (e.g. cost, access from anywhere, etc) but being hosted outside of the schools makes it difficult to manage the access to them in the traditional way (i.e. that used for localally installed software). However, single sign on (SSO for short) can help.

 

Added since Ashburton visit:

Even schools that do not yet use many of these  cloud or web based services aspire to use more of them in the future. Implementing SSO before the growth of credentials becomes a problem could be seen as pro-active problem management.

What is SSO?

SSO is short for single sign on and is best taken as an aspirational statement (i.e. we seek fewer log ons) rather than a realistic target.

Therefore, SSO reduces the number of different credentials (i.e. usernames and passwords) that you require to log in to (or authenticate) to the online services you use. Alternatively, SSO enables one credential set to gain access to many different services/sites.

SSO leverages your current local network credentials (i.e. the username and password you enter each time you log on to the computer network in your school) to allow access to other/new sites.

SSO works for services/sites that work in a web browser and these can be hosted outside the school (e.g. Study Ladder, Google Apps for Education) or installed locally (Access-It).

Advantages of SSO

The advantages of using SSO fall to two different user groups:

Student / Staff / Parents

  • one username and password for multiple services
  • no more forgetting passwords
  • increased use of services
  • easy access to all your school's services via a portal page

Administration / Management 

  • technicians don't waste (as much) time on password issues
  • you only have to manage user directory rather than multiple password sources
  • used with the User Directory Interface (or UDI) your Student Management System (SMS) can feed information automatically to your schools user directory. The UDI works with all main SMS and keeps your directory up-to-date with changes in students, staff and parents
  • if you use the UDI tool users that leave the school will automatically removed from the directory (to have lower permissions assigned to their account) which disables them from accessing web / cloud based services

SSO illustrated

What is required to participate in SSO?

There are a few prerequisites for a schools to start using SSO and gaining the benefit:

Technical aspects of SSO

People with a technical interest might be interested in the documentation. Most schools users will probably just want the solutioin to work.

You might also want to request a demo disk (VM).

Creative Commons License

Contact Details

This collection was prepared by Paul Seiler and is shared freely. Paul is also available for consultancy engagements for  schools who would like to learn more about single sign on, including selecting an IdP provider. You may contact Paul on:

  • Email: heugumper@gmail.com
  • Mobile (+64) 027 474 6239
  • Twitter: heugumperNZ