What is the username and password problem?
Schools in New Zealand are increasingly relying on cloud or web based services. These services all require separate usernames and passwords (called credentials) which creates issues for users and managers. Students, staff and parents end up with a growing number of credentials, making it difficult to remember them and/or keep them strong and secure.
These cloud or web based services have many advantages (e.g. cost, access from anywhere, etc) but being hosted outside of the schools makes it difficult to manage the access to them in the traditional way (i.e. that used for localally installed software). However, single sign on (SSO for short) can help.
Added since Ashburton visit:
Even schools that do not yet use many of these cloud or web based services aspire to use more of them in the future. Implementing SSO before the growth of credentials becomes a problem could be seen as pro-active problem management.
What is SSO?
SSO is short for single sign on and is best taken as an aspirational statement (i.e. we seek fewer log ons) rather than a realistic target.
Therefore, SSO reduces the number of different credentials (i.e. usernames and passwords) that you require to log in to (or authenticate) to the online services you use. Alternatively, SSO enables one credential set to gain access to many different services/sites.
SSO leverages your current local network credentials (i.e. the username and password you enter each time you log on to the computer network in your school) to allow access to other/new sites.
SSO works for services/sites that work in a web browser and these can be hosted outside the school (e.g. Study Ladder, Google Apps for Education) or installed locally (Access-It).
Advantages of SSO
The advantages of using SSO fall to two different user groups:
You can read more about the UDI at http://www.iam.school.nz/community-area/open-resources/udi.
What is required to participate in SSO?
There are a few prerequisites for a schools to start using SSO and gaining the benefit:
- Individual usernames and passwords for all users of SSO. Note that this might be require changes for primary school who often have shared/class credentials.
- Clean, structured data in the network directory (see http://www.iam.school.nz/community-area/open-resources/schema-specs-import-file for specific details).
- An IdP (or log on server) provider (see third tab in this collection).
Technical aspects of SSO
Creative Commons License
This collection was prepared by Paul Seiler and is shared freely. Paul is also available for consultancy engagements for schools who would like to learn more about single sign on, including selecting an IdP provider. You may contact Paul on:
- Email: firstname.lastname@example.org
- Mobile (+64) 027 474 6239
- Twitter: heugumperNZ