I know many of you are looking for ways to automate identity management so you can save time and—most importantly—ensure everyone has access to what they need when they need it.
With that in mind, I want to share a conversation I had with Vestavia Hills City Schools CTO Keith Price and System Specialist Brendan Lovelady about how ClassLink has greatly improved identity management in the district.
Keith is the kind of CTO districts hire when they need to make a change for the better. He has served for over 27 years in K-12 education in Alabama, including time spent as CTO of Alabama School of Fine Arts, Hoover City Schools, and Alabaster City Schools. He is a previous ISTE "Making IT Happen" award winner, worked for Microsoft and Dell as an Education Solutions Architect and was a Field Account Representative for CDW-G. (He knows his stuff!)
Below are some highlights from my conversation with Keith and Brendan where they share how using ClassLink OneSync for account provisioning (and Roster Server for rostering) creates efficiencies, reliable access, and secure identity management for Vestavia.
When you were looking at SSO platforms and identity management (IDM), why did you ultimately choose to go with ClassLink?
We implemented the ClassLink platform because it could help students and teachers easily access educational resources on-demand and in a timely and consistent manner. A significant part of that accessibility is because ClassLink offers automated identity management.
Walk us through exactly how ClassLink’s automated IDM saves you time?
It begins right from the moment students enroll in a school and that first data entry in the Student Information System (SIS), which is our single source of truth. Student information is transformed into a student login id, email account, unique password, Microsoft Active Directory and Azure AD account, Google Account, ClassLink Account. Then accounts and group access rights are given to multiple applications based on the student's course requirements.
Each of these account creations is automated, and within 1 hour (maximum!), a newly enrolled student can be working in class using the same technology resources as their peers.
The SQL script to export data from the SIS is created in Vestavia, everything else is part of OneSync. The query from SIS can even use the preferred name if you choose.
All of that saves students, teachers, and technology staff time and effort and allows everyone to focus on high-level needs instead of low-level tech issues.
Tell me more about your use of ClassLink to create AD accounts (Active Directory).
We use ClassLink OneSync to automatically provision accounts in Active Directory. OneSync is set up to directly query our PowerSchool API using SQL queries to search for actively enrolled students and active staff members.
Once the query has been made, ClassLink automatically creates the account, sets each user attribute in AD, sets the user’s password, and moves the account into both a security group and Organizational Unit based on their grade level and/or school.
Once the account is created and moved into the correct OU in Active Directory, OneSync sends out an account creation notification email to a set of local school staff and district administrators.
How does your process work for students that withdraw from your district?
We do a comparison with the SIS hourly. If a student is withdrawn, their account is disabled.
What other benefits have you seen from using ClassLink for automated identity management?
ClassLink has eliminated so many human errors in data entry. Once the data is entered into the SIS and the automatic transfer of data to OneSync occurs, there are none of the traditional human data entries in creating AD accounts, Google Accounts, or application accounts.
If there is an error in the SIS entry, once the data is corrected in the SIS, the change is replicated to all resources quickly and efficiently.
Plus, OneSync is also very customizable. For example, we set up the criteria we want to use to create accounts and “special” passwords for K-2 students. OneSync also has a random password generator so passwords can be randomized for older students or student-created.
When you look closely, ClassLink negates the need for small to midsize districts to have an identity management program.
How can other districts learn more about how you use ClassLink?
We utilize the ClassLink Southeast Collaborative user group to learn from and share with other ClassLink users.
Learn more about provisioning with ClassLink in this EdSurge article, Passwords, Permissions and Student Data—How One District Got Account Provisioning Right.