Five New IAM Tools for a Safer Back-to-School Season

September 6, 2023
Back to Blog

Back to school means back to cybersecurity threats.

As we launch into a new school year, security and access concerns—like DDoS attacks, PII protection, and safe account creation—are swirling around like tornados, ready to wreak havoc.

To help, we have five new Advanced Identity and Access Management (IAM) tools to ease your data security worries and ensure a safe environment for students, teachers, and staff.

Protect PII Data With DataGuard

Since the pandemic led to a dramatic increase in digital apps and tools used for learning, schools have quickly become the biggest target for malware and other cybersecurity attacks.

Microsoft reports that nearly 80% of the devices in education have had encounters with malware over the past 30 days.

And attackers aren't just focusing on schools. They've also set their sights on edtech vendors.

Barbara Nesbitt, Product Strategist for ClassLink, says, "Over half the reported data breaches are on the vendor side, so it's not only an attack on your school you have to worry about, but also attacks on the vendors you share your data with regularly."

While Roster Server already lets you choose which data you share with vendors, we've taken data security a step further with DataGuard.

Now you can upgrade to DataGuard and mask the Personally Identifiable Information (PII) data you share with vendors. So even when you can't control the environment, you can still protect your data.

With DataGuard, PII data, such as first name, last name, etc., is scrambled before it ever gets to a vendor in an irreversible process.

ClassLink's Chief Technology Officer Stanley Watts says that's good news for school leaders.

"With DataGuard, school leaders get 100 percent data protection in places you don't control. You and your users are protected. So even if there is an attack, that data is useless to an attacker."

Assign Delegated Permissions in ClassLink

Next, now you can give granular permissions and access to staff in your ClassLink environment with our new Delegated Permissions feature.

That means staff can access the necessary tools without unnecessary access to sensitive data and settings.

For example, tier-one tech support can impersonate a student having trouble logging in to a web app or reset a password without also being able to impersonate tenant admins or principals or accidentally change settings such as MFA.

Roll Out Self-Serve Onboarding

Onboarding is faster and more secure with ClassLink's new Account Claiming feature.

Instead of requiring new staff and students to set up accounts on-site or sending out dummy passwords (and risking having those messages intercepted), use our new Account Claiming feature.

Students and staff can securely claim and create their accounts by providing details only they would know (e.g., the last few digits of their social insurance number, address, etc.)

End Unauthorized App Logins

Comply with federal laws and prevent students from accessing unauthorized apps and materials without parental or administrative permissions with our new OAuth2 Restrictions.

Some websites allow users to log into their system with any OAuth2 providers (such as Google, Facebook, or Twitter), even without the approval of the login provider. Some student-focused sites allow this same behavior with a ClassLink login.

System administrators can use a new configuration called "OAuth2 Strict mode" to prevent students from using ClassLink logins to automatically log in to apps not approved or enabled by instructional leaders.

Create Acceptable Use Policies

Stay tuned for our new Acceptable Use Policies coming this fall.

ClassLink Admins can create and assign AUP documents with rich text formatting to profiles, groups, or individuals.

In addition, admins can require acceptance of an AUP before a login and view reports to track acknowledgments and ensure compliance.


DDoS attacks are a common occurrence, and schools are a prime target. ClassLink is continuing its fight against these attacks by adding even more layers of protection to your login pages to improve on our already industry-leading uptime so your staff and students can continue working and learning without interruption.

With our new higher-security login pages, even if a DDoS attack occurs, everyone in your school system can still access local programs and systems like your intranet or your SIS to track attendance.

Start Now, We're Here To Help

Over the past 25 years of building Identity and Access management solutions, we’ve developed a deep understanding of the security and access issues you face daily–especially as cybersecurity attacks on schools grow.

That's why we're working to make the back-to-school season (and beyond) safer and less stressful for ClassLink customers.

If you have questions or want to implement any of these new features and functionality, contact our Engagement Team today.



About the Author

About the Authors

Barbara Nesbitt

VP of Product



Dr. Barbara Nesbitt is a lifetime educator with more than 30 years in education. Barbara has been a teacher, instructional coach, administrator, and consultant with broad experiences in school districts in Virginia and South Carolina. Barbara is currently VP of Product for ClassLink.