1 / 66

RM Unify

RM Unify. Roadshow Events Welcome. Introductions & Agenda. Stuart Sefton – Glow Delivery Presenters: Simon Thompson – Product Manager Rob Potter – Architect Rob Chandler-Toal – Architect Tom Gregory – Programme Manager. Top Level V iew Provisioning & Authentication Provisioning

heba
Download Presentation

RM Unify

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RM Unify Roadshow Events Welcome

  2. Introductions & Agenda • Stuart Sefton – Glow Delivery • Presenters: • Simon Thompson – Product Manager • Rob Potter – Architect • Rob Chandler-Toal – Architect • Tom Gregory – Programme Manager

  3. Top Level View • Provisioning & Authentication • Provisioning • SSO & Technologies • Authentication • Establishment Transfers ( includes Identity Matching) • Account Management (Demos) • Establishment Admin Tasks • LA Admin Tasks • Staff Admin Tasks • Staff-Service Admin Tasks Outline Agenda (1)

  4. Password Policy & Password Management • Apps Process • Transition Plan • Q&A Outline Agenda (2)

  5. Top Level View Focussed on usage of RM Unify – materials to help you Continue to invest in development and content The platform will remain open and flexible

  6. Get to know RM Unify From 10,000 feet

  7. Launch Pad App Library Management Console Access to SSO apps and web links RM Unify Admin: Define layout for each role Manage your users RM Unify Admins: Full access Staff: Limited access Discover online services Staff & Admins: Install apps to Launch Pads

  8. Roles in RM Unify Student Teaching Staff Non-Teaching Staff Other Parent “RM Unify Admin” – a permission not a role

  9. Demo time Whirlwind tour

  10. Service Provisioning Data feeds in, data feeds out

  11. Service provisioning Data sources RM Unify Apps Provisioning RM Unify Provisioning online services or “Apps”

  12. Sources of user data User data can come from: SEEMiS – changes in SEEMiS are synchronised Web form – in Management Console CSV imports RM Unify provisions a user account acts as a ‘router’ - passing on user updates

  13. Data flow from SEEMiS Office 365 SEEMiS RM Unify Automatically keep services in sync Users Glow Meet Which apps need to know about this user? SEEMiS Admin

  14. Data flow using web form Office 365 RM Unify Create a single user, quickly name Users role Which apps? Glow Meet RM Unify Admin

  15. Data flow from CSV Office 365 RM Unify T Create multiple users in batch Users T Which apps for each role? Teacher App #1 .CSV T RM Unify Admin

  16. What can we get from each source? *Except parents

  17. Provisioning approaches In-advance provisioning App must know about users before access Example: Office 365 (email) Just in time provisioning App creates account on-the-fly App knows the user is authorised by RM Unify Example: Simple reading app (bookmark)

  18. Demo time Installing an app

  19. How are new apps provisioned? App is found in the App Library Privacy policy accepted Important: this defines the data release Choose the applicable roles App is installed on the Launch Pads For apps needing in-advance provisioning: Provisioning process starts

  20. Provisioning a new app The Best Science App RM Unify Students Teachers Users Best App install I need to know about the users Get users in appropriate role Filter user attributes T RM Unify Admin

  21. X How are apps de-provisioned? X X X T The Best Science App RM Unify Students Teachers Users Best App Remove Get users that were provisioned Send delete messages RM Unify Admin

  22. User Authentication Logging into RM Unify, logging into apps

  23. Logging onto Glow glowscotland.org.uk domain will continue to work Browser will redirect to RM Unify from: portal.glowscotland.org.uk secure.glowscotland.org.uk to: https://glow.rmunify.com

  24. Logging onto apps SSO apps – click and go! ‘Saved password apps’ Enter credentials first time No prompted again Any device

  25. Demo time Saved password app: Edmodo

  26. Logging out Single log out Log off RM Unify, it closes sessions on apps Can only log off SSO apps Only sure way is to close the browser

  27. Establishment Transfers The account moves when the user does

  28. Transfer: Automatic SEEMiS RM Unify Office 365 DELETE CREATE Match CREATE E2 E1 CREATE ACCOUNT MODIFY ACCOUNT    Users Attributes Security Mailbox OneDrive DISABLE ACCOUNT X E1 E2 RM Unify Admin

  29. Automatic school transfer Most transfers will be automatic Email sent to the user’s O365 mailbox No approval needed from RM Unify Admin Audit available E1 Admin sees – “Outbound transfers” E2 Admin sees – “Inbound transfers”

  30. Why the need to approve transfers? Users may be enrolled in two schools concurrently Why? Dual registered students Dual registered teachers Previous school processes leavers late Previous school forgets to process leavers

  31. Dual registered users SEEMiS RM Unify Office 365 CREATE E1->E2 Match CREATE E1 E2 CREATE ACCOUNT Users Attributes Security Mailbox OneDrive E1 RM Unify Admin

  32. What are the options? User is in multiple schools – RM Unify knows this What can happen? User leaves E1 -> Automatically transfer user User logs into RM Unify -> Ask them! [staff] E2 Admin logs in to approve transfer Mechanisms: Automatic Manual: Self-service, or Admin-led

  33. Transfer: Automatic (delayed) SEEMiS RM Unify Office 365 Back where we left off… DELETE E1->E2 E1 E2 MODIFY ACCOUNT    Users Attributes Security Mailbox OneDrive E1 E2

  34. User Management Demos Robert Chandler-Toal - Architect

  35. School Admin Tasks Approve manual transfers and download credentials for new accounts. Manually create a set of users. Delete users. Change user’s password. View and update a user’s attributes. Assign/remove staff member’s admin permission. Disable/enable user accounts. LA Admin Tasks Manage Child Establishments.

  36. Staff Admin Tasks Change student’s password. Change teaching/registration/year group members passwords. Self Service Admin Tasks Set my home email address. Change my passwords. Reset my forgotten password.

  37. Password Management Minimising administrative burden, maximising security

  38. The password lifecycle How does a new user get a password? SEEMiS– Download new user credentials CSV – specify in the CSV Manual web form – specify on creation RM Unify AD Sync – synchronised from the network Forgotten passwords… Wastes teaching time Massive pain point for admins Barrier to adoption

  39. Forgotten passwords Self-service where possible Non-students prompted for personal email address Students can also provide one Email addresses are verified Email addresses can be changed (and re-verified) Please don’t use the Glow email address 

  40. “Please reset my password?” A student can: Reset their own password, if email address verified A teacher can: Reset the password of a single student Reset the password of an entire teaching class An RM Unify Admin can: Do all a teacher can. Also reset staff passwords

  41. Personal password management Encourage people to be good digital citizens Influence: Setting their password Educate with strength-o-meter

  42. Assessing crackability Approach developed by Dropbox Interactive approach Real world heuristics – aware of real techniques How ‘crackable’ is the password in seconds RM Unify Agreed a minimum bar for each role Only allow a password that meets that bar https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/

  43. What about iCloud? Apple iCloud was brute-force attacked 4 digit PIN = 10,000 possible combinations 0.1s per guess = 8.3 minutes for half the possibilities Experience with Easymail shows: Brute force attacks are common Must protect email services Students like to lock out their friends Admins do not like re-enabling accounts

  44. Why won’t this happen to RM Unify? Locks out after 5 attempts for 1 min Auto-enables Locks out after another 5 attempts for 2 mins Auto-enables Locks out after another 5 attempts for 4 mins Auto-enables Locks out after another 5 attempts for 8 mins [you get the idea]

  45. Growing the App Library In a world where content is king

  46. App developer programme What kind of apps? An app or link? Education content providers General use productivity apps Apps of ‘local interest’ Who can develop? Third parties Scottish Government: Glow services LAs developing their own apps

  47. Developer decisions How is it integrated? SSO APIs App Provisioning API (In-advance) provisioning Graph API Developer sandbox An establishment to experiment in Documentation Developer Portal Github SDK

  48. Demo time Developer Portal – the place to start – dev.rmunify.com

  49. App development process Online documentation: assess API requirements Request a developer account Define your app Name, description, support notes, tags Applicable roles SSO technology and data attributes Provisioning API configuration Test: log in, log out Submit for validation

More Related