Presentation on theme: "TEXAS STUDENT DATA SYSTEM TEAL for TSDS and the TSDS Portal Simple Solution. Brighter Futures."— Presentation transcript:
TEXAS STUDENT DATA SYSTEM TEAL for TSDS and the TSDS Portal Simple Solution. Brighter Futures.
Course Agenda 2 What is TEAL? How to Request a TEAL Account How to Request Access to TSDS Applications TSDS Portal Roles TEAL Service Accounts TEAL Auto Account Provisioning TEAL Admin Access TSDS Portal
TEAL 4 TEAL – Texas Education Agency Login A single sign-on that provides users access to many TEA applications Secure authentication ensures only authorized users can access the applications Users must first create a TEAL identity and then request account access to the specific applications needed
TEAL Security Questions 10 After initial log on to TEAL, the user must change their password, agree to assurances (every 30 days) and answer security questions: The user must then request account access.
TEAL Account Access and Approval Process 11 Once a TEAL ID is created, the user must request access to the specific TEA applications to which they need access If a request for account access is not made within 60 days, the TEAL account is inactivated (the user will get email notification each day for 7 days before the inactivation occurs) Requests for account access must first be approved by the Organization Approver (Superintendent, ESC Director, or designated alternate; this also may be a Limited Approver) if no action is taken within 5 days the request is rerouted to the alternate approver (if the organization has one). If no action by the alternate within 5 days, the user gets an email notification & must resubmit the request. Once requests are approved at the organization level, they are routed to the TEA Service Approver for approval
Requesting Access to TSDS Portal Applications 12
Requesting Access to Applications 13 The user must click on Apply for Access to initiate the account request process.
Requesting Access to TSDS Applications 14 The user must select Request New Account and then select TSDS Portal
Add Access 15 The user must click on Add Access
Add Access 16 The user must click on Add Access
Enter Employing Organization 17 The user must enter their Employing Organization and select the roles they need:
Enter Additional Information The user must enter additional information: Requested Organization (required for most TSDS roles) Unique ID (required for LEA Dashboards roles) After the request is submitted, it is routed to all Approvers for organizations entered on this screen. 20
studentGPS™ Dashboards users not set up via the automated account provisioning process must enter their Unique ID as part of the request Notice the function to find a Unique ID 21 Manual studentGPS™ Dashboards Account Provisioning
TSDS Portal Roles 25 RoleDescription studentGPS™ Dashboards An LEA authorized TEAL role for access to the Dashboards. For each user, it is mapped to one of the 7 local Dashboards roles. Access to TSDS with this role must be approved by the LEA Superintendent or designee. May be requested through traditional TEAL process or the LEA may opt for automated provisioning. studentGPS™ Dashboards Configurator A temporary LEA authorized role that allows the user to configure LEA goals and provision accounts for other LEA users. Must be selected with the studentGPS™ Dashboards User role. Corresponds to the local System Administrator role in the Dashboards – usually for the LEA Dashboards or Data Steward. Access to TSDS with this role must be approved by the LEA Superintendent or designee and Approver enters the expiration date. ODS Campus Data Loader An LEA authorized role for the scheduling and loading of campus data into the eScholar data warehouse. Targeted users: Campus Data Steward or Campus PEIMS Coordinator. ODS Data LoaderAn ESC/LEA authorized role for the scheduling and loading of LEA data into the eScholar data warehouse. Targeted users LEA: LEA PEIMS Coordinator and/or Data Steward; Targeted users ESC: Technical and/or PEIMS Champion.
TSDS Portal Roles 26 RoleDescription Uniq-ID Campus An LEA authorized role providing search and update access to Unique ID at the campus level. Uniq-ID LEA An LEA authorized role providing search and update access to Unique ID at the LEA level. Uniq-ID SearchAn authorized role providing search-only access to Unique ID at the statewide level. TIMS LEA Support Role designed for LEA staff providing TSDS support for their own LEA. Access to TSDS with this role must be approved by the LEA Superintendent or designee. TIMS ESC Support Role designed for ESC staff providing TSDS support for one or more LEAs. Access to TSDS with this role must be approved by the LEA Superintendent or designee. PEIMS Campus Submitter An LEA authorized role providing the ability to load, validate and view PEIMS data and reports for campus level data to the PEIMS Data Mart. Targeted users: Campus Data Administrator. PEIMS Data Submitter An ESC or LEA authorized role that will allow the user the ability to load, validate and view PEIMS data and reports. Targeted user LEA: PEIMS Steward; Targeted users ESC: Technical and/or PEIMS Champion. PEIMS Data Schedule/Promoter (LEA/ESC) An ESC or LEA authorized role for scheduling and promoting of ESC, LEA and/or campus level data to the PEIMS Data Mart. Targeted users LEA: PEIMS Steward; Targeted users ESC: Technical and/or PEIMS Champion.
TSDS Portal Roles 27 RoleDescription PEIMS Data Completer An ESC or LEA authorized role of a user that can load, view, report, set as complete, and lock the data. Targeted user LEA: PEIMS Steward; Targeted user ESC: PEIMS Champion PEIMS Data Approver (LEA/ESC) An ESC or LEA authorized role that will allow the user the ability to view reports and approve or reject a PEIMS data collection. Targeted users: Superintendent or ESC Executive Director PEIMS Data Accepter (ESC) An ESC authorized role that will allow the user the ability to view, run reports, and approve or reject a PEIMS data collection. Targeted users: ESC Data Accepter FERPA Policy Admin An LEA authorized role providing the ability to configure FERPA policy through the TSDS solution. Targeted users: LEA/ESC FERPA administrator and Data Steward.
TSDS Service Accounts TSDS has a web service available for Unique ID (optional) and secure FTP (sFTP) for the Data Transfer Utility (DTU) (required) For security purposes, it is necessary to authenticate each time a user accesses the services by requiring a user name and password At least one user within the organization must be set up as a Service Account Manager (SAM) to manage service accounts for the organization Each district, charter school, or other user organization must set up at least one service account for Unique ID and DTU if they’re going to use the above mentioned features Service account credentials are entered in the application that requires them 31
Service Account Managers These users manage service accounts for the organization. This includes the ability to: Request new service accounts Reset service account passwords (required yearly) Delete service accounts 32
Requesting Service Account Manager (SAM) Status To request SAM status, the user must select Edit My Profile 33
Requesting SAM Status 34 Click the Service Account Manager Status link.
Requesting SAM Status The user must click Request Service Account Manager Status 35
Requesting SAM Status In the Service Account Manager Details popup the user must enter the Organization for which they are requesting SAM status and click Submit: 36
SAM Status Approval Process Requests for SAM status must be approved by the Organization Approver 37
Managing Service Accounts Once a user has SAM status, they can manage service accounts, by selecting Manage Service Accounts 38
Request Service Account Click Request New Service Account 39
Request Service Account Select the application from the Application dropdown enter an Administration email address (optional) and click Submit: 40
Request Service Account A confirmation message is displayed: 41
Service Account Approval Process Requests for Service Accounts are sent to the Organization Approver for approval If approved, the user who submitted the request receives two separate email notifications (one with the service account user ID, and the other with the service account password) These credentials must be entered into the application that requires this access 42
Resetting Service Account Passwords Any user with SAM status can reset a password for a TSDS service account by checking the box associated with the service account, selecting Reset Password and clicking OK on the popup. When this action is performed, all service account managers for the organization receive an email with the new password for the web service. All software applications that were using the previous password will not function until the new password is provided within the application. 43
Deleting Service Accounts Any user with SAM status can delete a service account by checking the box associated with the service account, selecting Reset Password and clicking OK on the popup. The requestor and all service account managers are notified by email when a service account is deleted. Any software application that is using the web service credentials associated with a deleted service account will no longer be able to use the web service in its processing. 44
Revoking SAM Status Only Computer Access at TEA, or the user with Service Account Manager status, can revoke that status (no one at the organization can revoke another’s SAM status) If it is necessary for an organization to terminate Service Account Manager status for a former employee or other user, the Organization Approver must contact Computer Access at email@example.com@tea.state.tx.us 45
How to Revoke SAM Status A user with SAM status, may revoke it by: Clicking on Edit My Profile Clicking on Service Account Manager Status 46
How to Revoke SAM Status Clicking Revoke Selected Status and clicking OK on the popup: 47
49 Key points about policy – The studentGPS™ Dashboards application provides different levels of user access to comply with FERPA LEA staff must ensure that user access roles in the Dashboards align with district data policies FERPA and District Data Use Policies
50 The admin tool in the studentGPS™ Dashboards application uses LEA position titles from the LEA source systems (HR or SIS) to link to the studentGPS™ Dashboards roles or ‘claim sets’ studentGPS™ Dashboards roles determine the ‘claim’ a person has to specific data in the Dashboards This is done via an extraction of the TEDS StaffAssociation interchange that can be mapped by the LEA Steward within the Dashboards administrative panel The LEA needs to determine that their source system can extract the TEDS StaffAssociation interchange studentGPS™ Dashboards Staff Classification & Claim Sets
51 Claim sets are used to map LEA job codes – taken from the LEA source system – to Dashboards roles Each user’s level of access is determined by his/her job code as defined in the source system (HR or SIS) – for example, “teacher”, “principal”, “coach” The extracted interchange is used to port the LEA job codes to the Dashboards so they can then be mapped to claim set roles by the LEA Steward in either single or batch mode The LEA Steward maps job codes to claim set roles; each role is associated with an organization level (superintendent – district, principal – campus) Mapping is done by job code, not by individual; therefore, every principal will have the same level of access within his/her LEA Dashboards Staff Classification & Claim Sets
52 Roles within the studentGPS™ Dashboard Superintendent Leader (can be LEA or campus level) Administration Principal System Admin or LEA Steward and Key Designees Staff Specialist (generally used for teachers) None (or blank – means no access) Dashboards Roles
53 studentGPS™ Dashboards Roles & Claims to Data: Staff & Specialist DescriptionDistrictSchoolOperationalClassroomStudents StaffUser may view the district-level Dashboards or school-level Dashboards only (dependent on organizational assignment. This is a “metrics-only” view and users are restricted from seeing any student or staff level information If district org If school org No SpecialistUser may view only those students that are associated to their staff ID. District/Campus specialist: User may view only those students in the district of a specific school in a capacity other than teacher (as determined by student rosters, e.g., counselor). Teacher: User may view only those students across the specific school(s) that are associated with user as a teacher (students assigned to the teacher’s class sections). Teacher can see a school level view; student lists are limited to those assigned to teacher’s sections. If district org If school org NoRosters or Classes in District or School
54 studentGPS™ Dashboards Roles & Claims to Data: Leader, Administration & Principal DescriptionDistrictSchoolOperationalClassroomStudents LeaderUser may view the student Dashboards for all students currently enrolled in the district or specific school (depending on organizational assignment). User cannot see any operational or staff metrics. If district org If school org NoYes AdministrationUser may view the student, classroom and full campus Dashboards for all students and teachers currently enrolled in the district or specific school (dependent on organizational assignment). If district org Yes PrincipalUser may view the student, classroom and full campus Dashboards for all students and teachers currently enrolled in the specific school. May also view campus goals and do “what if” analysis of goals, but changes won’t be saved for future sessions. NoYes
55 studentGPS™ Dashboards Roles & Claims to Data: Superintendent & System Admin DescriptionDistrictSchoolOperationalClassroomStudents SuperintendentUser may view the student, classroom and full campus Dashboards for all students and teachers currently enrolled in the district. User also has the ability to set and manage district and campus goals or thresholds. Yes System Admin or LEA Data Steward and Key Designees User may impersonate the view of the student, classroom and full campus Dashboards for all students and teachers currently enrolled in the district Yes
Mapping Other LEA Users to Claim Sets To add staff members (besides principal or superintendent) who need access to student-level information in the Dashboards, you will need the following: StaffAssociation interchange from HRIS Dashboard/DDM role as "Specialist“ Proper staff/student association via UniqueID through the StudentCohort interchange from SIS 56
Setting User Access Levels in the Administrative Tool: Step 1 57 Log in as System Administrator Select Position Title Claim Sets
Setting User Access Levels in the Administrative Tool: Step 2 58 The user can select Single Edit or Edit Batch The user can also select the Position Title from the drop down menu
Editing a Single Title: Position Title 59 Select Single Edit button Select Position Title drop down to see list of district titles and select title
Editing a Single Title: Select Claim Set 60 Select Claim Set drop down Choose desired access setting Click Save Wait at least 10 minutes LEA steward should test by impersonating user
Batch Editing 61 Select the Batch Edit button Click ‘User Roles Template’ to export current list of district position titles and Dashboards claim settings (in xls) Be sure to use the 7 ClaimSet roles with correct spelling and punctuation when batch editing
Batch Editing: Review Settings for Multiple Position Title Claim Sets 62 Review claim settings for each Position Title Make changes to Dashboards claim set using the list of options Save file to local drive
Batch Editing: Review Settings for Multiple Position Titles Claim Sets (cont’d) 63 Use Browse button to select updated file from your local drive Click submit to upload file Wait at least 10 minutes Test by impersonating user Note: Be sure to use the 7 ClaimSet roles with correct spelling and punctuation when batch editing
Testing Roles Use the impersonation feature Search for name of person you wish to check On the search detail page, select ‘Staff’ button Use the ‘LOGIN AS’ button to impersonate specific user 64
Claim Setting Questions What if I want to review the roles I have now? Use the Batch Edit feature to export current list of position titles and settings in Excel Can I change access for a particular person? In the case where a specific person needs access, we recommend setting up a new position title for that person in your LEA source system. Once this is established, you can assign the desired studentGPS™ Dashboards claim setting for that position title. 65
studentGPS™ Dashboards Auto Provisioning of TEAL Accounts 66
TEAL Account Auto Provisioning - Key Points 1 67 Using this feature, TEAL accounts are automatically created for studentGPS™ Dashboards users This process uses the TEDS StaffAssociation interchange to map roles If an LEA wants to use Auto Provisioning, the StaffAssociation interchange must include dates of birth The Dashboards Configurator user must select the Configurator role on first logon to the studentGPS™ Dashboards
Opt-in to the Automated Process 68 Indicates LEA approval for all accounts provisioned Must obtain authorization from LEA Approver
ESC TEAL Admin Privileges 70 Access granted by TEA (cannot be requested in TEAL) Users with this permission can perform various TEAL administrative functions including: Reset passwords Make minor updates to TEAL user email addresses Restore users
TEAL Admin Functions 71 Administration options are accessed via the left side navigation