Download presentation
Presentation is loading. Please wait.
Published byNyla Winzer Modified over 9 years ago
1
RM Unify Roadshow Events Welcome
2
Stuart Sefton – Glow Delivery Presenters: Simon Thompson – Product Manager Rob Potter – Architect Rob Chandler-Toal – Architect Tom Gregory – Programme Manager Introductions & Agenda
3
Outline Agenda (1) Top Level View Provisioning & Authentication Provisioning SSO & Technologies Authentication Establishment Transfers ( includes Identity Matching) Account Management (Demos) Establishment Admin Tasks LA Admin Tasks Staff Admin Tasks Staff-Service Admin Tasks
4
Outline Agenda (2) Password Policy & Password Management Apps Process Transition Plan Q&A
5
Top Level View Focussed on usage of RM Unify – materials to help you Continue to invest in development and content The platform will remain open and flexible
6
Get to know RM Unify From 10,000 feet
7
Launch PadApp Library Management Console Access to SSO apps and web links RM Unify Admin: Define layout for each role Discover online services Staff & Admins: Install apps to Launch Pads Manage your users RM Unify Admins: Full access Staff: Limited access
8
Roles in RM Unify Student Teaching Staff Non-Teaching Staff Other Parent “RM Unify Admin” – a permission not a role
9
Demo time Whirlwind tour
10
Service Provisioning Data feeds in, data feeds out
11
Service provisioning 1.Provisioning RM Unify 2.Provisioning online services or “Apps” Data sources RM Unify Apps
12
Sources of user data User data can come from: SEEMiS – changes in SEEMiS are synchronised Web form – in Management Console CSV imports RM Unify provisions a user account acts as a ‘router’ - passing on user updates
13
RM UnifySEEMiS Office 365 Glow Meet Data flow from SEEMiS Which apps need to know about this user? SEEMiS Admin Users Automatically keep services in sync
14
RM Unify Office 365 Glow Meet Data flow using web form RM Unify Admin Users Create a single user, quickly name role Which apps?
15
RM Unify Office 365 Teacher App #1 Data flow from CSV RM Unify Admin.CSV Users Create multiple users in batch T T T Which apps for each role?
16
Users (all roles*) Student Stage Registrati on Class Teaching Groups SEEMiSYYYY CSVYYNN ManualYNNN What can we get from each source? *Except parents
17
Provisioning approaches In-advance provisioning App must know about users before access Example: Office 365 (email) Just in time provisioning App creates account on-the-fly App knows the user is authorised by RM Unify Example: Simple reading app (bookmark)
18
Demo time Installing an app
19
How are new apps provisioned? App is found in the App Library Privacy policy accepted Important: this defines the data release Choose the applicable roles App is installed on the Launch Pads For apps needing in-advance provisioning: Provisioning process starts
20
RM Unify The Best Science App Provisioning a new app RM Unify Admin Users Best App install 1.Get users in appropriate role 2.Filter user attributes Student s Teacher s T I need to know about the users
21
How are apps de-provisioned? RM Unify The Best Science App RM Unify Admin Users Best App Remov e 1.Get users that were provisioned 2.Send delete messages Student s Teacher s T X X X X
22
User Authentication Logging into RM Unify, logging into apps
23
Logging onto Glow glowscotland.org.uk domain will continue to work Browser will redirect to RM Unify from:portal.glowscotland.org.uk secure.glowscotland.org.uk to: https://glow.rmunify.com
24
Logging onto apps SSO apps – click and go! ‘Saved password apps’ Enter credentials first time No prompted again Any device
25
Demo time Saved password app: Edmodo
26
Logging out Single log out Log off RM Unify, it closes sessions on apps Can only log off SSO apps Only sure way is to close the browser
27
Establishment Transfers The account moves when the user does
28
Transfer: Automatic SEEMiS E1 RM Unify CREATE E2 Office 365 RM Unify Admin Users Attributes Security Mailbox OneDrive CREATE ACCOUNT MODIFY ACCOUNT CREATE DELETE X DISABLE ACCOUNT E1 E2 Match
29
Automatic school transfer Most transfers will be automatic Email sent to the user’s O365 mailbox No approval needed from RM Unify Admin Audit available E1 Admin sees – “Outbound transfers” E2 Admin sees – “Inbound transfers”
30
Why the need to approve transfers? Users may be enrolled in two schools concurrently Why? Dual registered students Dual registered teachers Previous school processes leavers late Previous school forgets to process leavers
31
Dual registered users SEEMiS E1 RM Unify CREATE E2 Office 365 RM Unify Admin Users Attributes Security Mailbox OneDrive CREATE ACCOUNT CREATE E1 Match E1->E2
32
What are the options? User is in multiple schools – RM Unify knows this What can happen? 1.User leaves E1 -> Automatically transfer user 2.User logs into RM Unify -> Ask them! [staff] 3.E2 Admin logs in to approve transfer Mechanisms: Automatic Manual: Self-service, or Admin-led
33
Transfer: Automatic (delayed) SEEMiS E1 RM Unify E2 Office 365 Users Attributes Security Mailbox OneDrive MODIFY ACCOUNT DELETE E1 E2 E1->E2 Back where we left off…
34
User Management Demos Robert Chandler-Toal - Architect
35
School Admin Tasks Approve manual transfers and download credentials for new accounts. Manually create a set of users. Delete users. Change user’s password. View and update a user’s attributes. Assign/remove staff member’s admin permission. Disable/enable user accounts. LA Admin Tasks Manage Child Establishments.
36
Staff Admin Tasks Change student’s password. Change teaching/registration/year group members passwords. Self Service Admin Tasks Set my home email address. Change my passwords. Reset my forgotten password.
37
Password Management Minimising administrative burden, maximising security
38
The password lifecycle How does a new user get a password? SEEMiS – Download new user credentials CSV – specify in the CSV Manual web form – specify on creation RM Unify AD Sync – synchronised from the network Forgotten passwords… Wastes teaching time Massive pain point for admins Barrier to adoption
39
Forgotten passwords Self-service where possible Non-students prompted for personal email address Students can also provide one Email addresses are verified Email addresses can be changed (and re-verified) Please don’t use the Glow email address
40
“Please reset my password?” A student can: Reset their own password, if email address verified A teacher can: Reset the password of a single student Reset the password of an entire teaching class An RM Unify Admin can: Do all a teacher can. Also reset staff passwords
41
Personal password management Encourage people to be good digital citizens Influence: Setting their password Educate with strength-o-meter
42
Assessing crackability Approach developed by Dropbox Interactive approach Real world heuristics – aware of real techniques How ‘crackable’ is the password in seconds RM Unify Agreed a minimum bar for each role Only allow a password that meets that bar https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/
43
What about iCloud? Apple iCloud was brute-force attacked 4 digit PIN = 10,000 possible combinations 0.1s per guess = 8.3 minutes for half the possibilities Experience with Easymail shows: Brute force attacks are common Must protect email services Students like to lock out their friends Admins do not like re-enabling accounts
44
Why won’t this happen to RM Unify? Locks out after 5 attempts for 1 min Auto-enables Locks out after another 5 attempts for 2 mins Auto-enables Locks out after another 5 attempts for 4 mins Auto-enables Locks out after another 5 attempts for 8 mins [you get the idea]
46
Growing the App Library In a world where content is king
47
App developer programme What kind of apps? An app or link? Education content providers General use productivity apps Apps of ‘local interest’ Who can develop? Third parties Scottish Government: Glow services LAs developing their own apps
48
Developer decisions How is it integrated? SSO APIs App Provisioning API (In-advance) provisioning Graph API Developer sandbox An establishment to experiment in Documentation Developer Portal Github SDK
49
Demo time Developer Portal – the place to start – dev.rmunify.com
50
App development process 1. Online documentation: assess API requirements 2. Request a developer account 3. Define your app Name, description, support notes, tags Applicable roles SSO technology and data attributes Provisioning API configuration 4. Test: log in, log out 5. Submit for validation
51
Demo time Developer Dashboard – define your app
52
App Contract Process Stuart Sefton – Glow Delivery
53
App Contract Process RM Contract Position and the Glow App Library Categories of Apps RM Apps Third party Apps User Apps o Saved Password Apps What this means if you want an App added at LA/School Level
54
Transition Plan Tom Gregory – Programme Manager
55
What Happens On 3 rd October? The transition from a user point of view
56
What does not change? - URL -Username and password - O365 data - RM Unify*
57
What does change? - Log in screen appearance -User management (ASM) -Some tiles will go
58
These will go:
59
What do you need to do?
60
2+ site access is going -One log in to one site -Access to owning establishment only - New credentials required for others
61
Parents and guests are going
62
What will actually happen?
63
Day by day -Thursday 2 nd – as normal -Friday 3 rd – day of change - Monday 6 th – all seeing new log in screen - Monday 13 th – all groups now in RM Unify
64
Friday 3 rd in more detail - No new users can come in that day -No password resets that day - No ASM work on that day - New log in screen will appear late pm
65
Any questions?
66
Thanks Stuart Sefton, Glow Delivery – ssefton@rmcom e: rmunify@rm.com tw: @rmunify
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.