Nebraska ESUCC InCommon K-12 Pilot Summary



Similar documents
Entrust IdentityGuard Comprehensive

NCSU SSO. Case Study

Google Integration Instructions

HR Service Center James A. Honchar, SPHR

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

AVG Business SSO Partner Getting Started Guide

Connected Data. Connected Data requirements for SSO

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

Auth0 SSO Drives B2B Expansion

Beyond Spreadsheets. How Cloud Computing for HR Saves Time & Reduces Costs. January 11, 2012

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department

Brown University Libraries Technology Plan,

Summer 2013 Cloud Initiative. Release Bulletin

Ensim Unify INFRASTRUCTURE OPTIMIZATION FOR MANAGED SERVICE PROVIDERS. An Ensim Business Whitepaper

Configuring. Moodle. Chapter 82

Northern Illinois University Request for Proposals ISLE Learning Map and Assessment Applications Exhibits

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)

Flexible Identity Federation

Year 2 Objectives 1. Phase out old ticketing system. 2. Promote self service features to users.

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Configuring Parature Self-Service Portal

CAS s IDP system and resources in Education Cloud

Configuring. SuccessFactors. Chapter 67

Centrify Cloud Connector Deployment Guide

Configuring SuccessFactors

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

VMware Identity Manager Administration

A Case Study on the UWI Open Campus

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003

Identity and Access Management for the Hybrid Enterprise

Teacher Activities Page Directions

The Redesigned SAT. SAT Score Reporting Portal and Managing Access

Enterprise Portal Built by and for Higher Education

Welcome to Office 365!

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Configuring. SugarCRM. Chapter 121

EQUELLA. One Central Repository for a Diverse Range of Content.

UW System Identity & Access Management (IAM) Recommended Strategic Roadmap

Can We Reconstruct How Identity is Managed on the Internet?

QPR Performance Management

Automating Marketing Localization

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

AVG Business Secure Sign On Active Directory Quick Start Guide

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

Case Study: SSO for All: SSOCircle Makes Single Sign-On Available to Everyone

New! LACCD Student 2013

Enterprise Directory Project Pre-Feasibility Study Information and Educational Technology

SAML single sign-on configuration overview

Dell Connected Learning for Schools. Transforming Education for the Digital Age

DRIVE OFFICE 365 ADOPTION

Configuring Salesforce

TECHNICAL HIGHLIGHTS. September 16 th,2015 Oglethorpe D. oneusg

Cloud Services MDM. ios User Guide

Increase the Security of Your Box Account With Single Sign-On

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015

VMware Identity Manager Administration

MasteryTrack: System Overview

RSA Identity Management & Governance (Aveksa)

DigiDial- VoIP SSMM Service Overview No Boundaries outside the box of traditional telephony P er ver OecioV

How To Create An Online Learning Portal For A University

Canvas Mid-Semester Report. Prepared by: Penn State Information Technology Services (ITS) and World Campus. April 2015

The Roles that Librarians and Libraries Play in Distance Education Settings

Stephen Hess. Jim Livingston. Program Name. IAM Executive Sponsors. Identity & Access Management Program Charter Dated 3 Jun 15

Secure WiFi Access in Schools and Educational Institutions. WPA2 / 802.1X and Captive Portal based Access Security

Integration of Google Docs as a collaborative activity within the LMS using IMS BasicLTI

WHITE PAPER. Is Your Learning Management System Leaving Your Users Dazed and Confused?

Multi-Factor Authentication Job Aide

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page

VNC Zimlets. Version 1.0 Berlin, 06. August 2014

THE CANVAS LMS RECOMMENDATION

University at Buffalo Learning Management and Performance Management System Request for Information # 14CBW0036

If we teach today s students as we taught yesterday s, we rob them of tomorrow. John Dewey

SAMAY - Attendance, Access control and Payroll Software

QUICK FACTS. Managing a Service Operations Team for a Leading Software Developer. TEKsystems Global Services Customer Success Stories.

Shibboleth and Library Resources

North Carolina Learning Technology Initiative (NCLTI) Framework for Planning

Three Case Studies in Access Management

Transcription:

Nebraska ESUCC InCommon K-12 Pilot Summary September 14, 2015 Overview Our experience with the Quilt Internet2 InCommon Federation s K 12 pilot program has been incredibly valuable for the knowledge our team has gained in the area of federated identity and the connections made with collaboration partners, best practices and vendor services during the course of our project. These will have a profound positive impact on our ongoing and future work in service of Nebraska K 12 education and allow us to contribute to work in other states nationwide. While we did not meet our original goals and expectations, thanks to the lessons learned and others shared experiences we have a working federated identity system in pilot with a number of Nebraska school districts and are poised to spread this technology statewide in the next 2 3 years, as well as to offer access to a rich set of applications for participating school districts and educational service units (ESUs). Even larger than the immediate benefits of this project is the ongoing collaboration that has developed between Nebraska efforts, the IlliniCloud and other partners. We envision a community of partners developing, contributing, and supporting open software and solutions for K 12 education nationwide. Original Pilot Description (This is presented in the original form that was submitted in Fall, 2013) Pilot target constituents : Initially, the Northeast Nebraska Network Consortium (NNNC) and the Greater Nebraska Educational Network Consortium (GNENC) including 10 ESUs and 182 K 12 school districts, progressing to 17 ESUs and 249 K 12 school districts post pilot. Pilot Scope : Initially 2 IdPs during the 2013 2014 school year Initial Pilot Goals : To federate every K 12 staff member and student within the NNNC and GNENC pilot regions To federate access to: Safari Montage learning object repository systems Pilot data dashboard system in development by the Nebraska Department of Education Zimbra e mail service Atomic Learning Learn360 elibrary Educate state leaders in educational technology to the importance and benefits of federated identity management and InCommon Assist with the development of the K 12Person schema Use our experiences to inform our design work toward a state wide K 12 federation

Targeted start and end dates for initial pilot : May, 2013 May, 2014 Post pilot longer term goals : Construct a state wide federation of all K 12 staff members and students (possibly 8 IdPs) by the end of the 2014 2015 school year Progressively integrate all internal applications as service providers in the state federation and external applications via the InCommon federation and NET+ services Develop a state wide system for user identity including stronger authentication measures such as multi factor authentication where appropriate. Federation model selected for project : In pilot, two single IdPs with delegated administration. Post pilot, possibly a federation to federation with IdP Proxy for the interface to InCommon. This will be in design during the pilot project. InCommon Affiliate assistance/role in pilot: The Gluu EDU solution has been purchased for the NNNC region. We are in initial discussions with other affiliates and will evaluate the fit of those solutions to our needs as we progress. Targeted applications or cloud services : Safari Montage learning object repository Pilot data dashboard system in development by the Nebraska Department of Education E mail service (Zimbra, others) Atomic Learning Learn360 Other educational content licensed to Nebraska schools Google Apps for Education Learning Management systems (Blackboard, Moodle, ANGEL) Student Information Systems Human Resources Information Systems Outcomes Challenges Encountered School districts, ESUs and application providers all had and continue to have work to do to prepare our environments for implementation of a federated single sign on system, from shoring up account management practices to security and authorization decisions and policies. There is a wide variance in the availability and suitability of local district directory systems, and more work is needed in this area to be able to serve all districts statewide.

Our team approached this work with some knowledge of federated identity through the experiences of the University of Nebraska campuses, but did not anticipate the amount of research and education that would be needed for potential administrators and users of a federated K 12 system. Old models of application provisioning such as uploads of spreadsheets and manual entry have been in place for so long that many technology personnel are comfortable with that process and don t immediately understand the benefits of integrating applications with a single sign on system linking data and identity management functions. It takes substantive discussion and demonstration around the federated environment to build understanding. Availability of staff time and other financial resources were constraints to our progress, but also led us to be careful and creative in our approach and implementation. Spending We have committed resources to the project in four main areas: staff time, contracted services, hosting infrastructure, and travel related to meetings and conferences. Altogether our estimated commitment over the 2 years of the project has been $250,000 to date. Successes and Benefits The regular pilot conference calls and connections made with other projects allowed us to hear and benefit from those collective experiences and explore a wide variety of solutions and providers. We took the considerable time of nearly two years to research the options that best fit our needs and resources and to build support among our in state partners, ESUs and school districts. Our organization and partners decided to contract with Unicon to consult with us on the final selection and implementation of open source, open license software to meet our needs for a SAML identity provider/proxy system and application launch portal. The project team selected the SimpleSAMLphp and uportal projects to meet these needs. SimpleSAMLphp lives up to its name and has been very flexible and extendable to work with the authentication and attribute sources presented by our pilot districts. The IlliniCloud consortium commissioned significant extensions to the uportal software with Unicon s services. These extensions allow an operator to serve multiple school district tenants with one uportal instance, as well as presenting a very clean tablet like application launch interface. IlliniCloud s work spanned 3 years and a significant financial investment, contributions which is now available to all uportal users worldwide. We are very pleased to be able to contribute in at least a small way to the work begun by their project. Our pilot project is currently serving 7 school districts which are a cross section of sizes and geographic locations, serving just over 60,000 students within the state. These districts are using the single sign on environment to access a student data dashboard application called ADVISER, which was developed using software components produced by the Ed Fi Alliance. The system is designed to compile real time, actionable data and present it in a convenient metric based view for teachers to allow early identification of problem areas or trends involving their students. Key personnel in these districts are using the system to validate their data and test the application with most planning a wider rollout of the system to staff members during the

2015 16 school year. Thirty additional school districts are preparing to adopt the system and stage live student data in late 2015 or early 2016. Before the vision for a federated single sign on environment supporting a broad set of applications can be realized in all Nebraska school districts, teachers, students and administrators must manage individual, unsynchronized accounts over the set of applications they use in their daily work. Provisioning, deprovisioning and correlation of these accounts are manual processes. This leads to wasted time enabling and disabling access as enrollments change, and managing password problems. Our BlendEd initiative s leaders have identified the frustration of logging into multiple systems as a barrier to educators adoption and use of applications and resources, regardless how high their quality. The federated single sign on solution envisioned and piloted by this project is one of three components that will streamline student, teacher and administrator access to and management of an integrated learning environment. The single sign on framework will facilitate easy access to applications from system administrators easily selecting and managing access to students and teachers being one click away from an application once it has been turned on for their use. A second component of this environment is the collection of applications and resources into a launch portal where users can see and access a rich set of applications that have been configured and provisioned for their use one click away. Finally, automatically correlating user accounts and access across multiple applications is an important step toward relating formative activity data from these applications and providing real time, actionable data to teachers, students, parents and administrator to personalize and improve student learning and outcomes. Moving Forward Lessons Learned and Recommendations The name InCommon is very fitting in many ways to the needs and solutions we became aware of through our pilot project. Knowing that K 12 systems nationwide have similar needs and use similar software technology to meet those needs, it should not come as a surprise that many approach the project of federation and single sign on in similar ways as well. There were many years of thought, planning and work invested in solutions to the challenges in this project space and that has only increased through the work of our fellow pilot projects. High quality solutions are available, and a growing community is very open to sharing our experiences, processes, and designs with others who have interest. The first and best point of advice is to talk to those around you, those responsible for efforts in other states and institutions. Another is that while this technology simplifies access to applications and resources for our users, change is involved and can be difficult to understand and to accept. Education is needed at all levels for those who administer, support and use the federated environment to build understanding of the changes to operational processes and daily use that are possible in the federated environment, and to equip them to effectively use the system.

A third recommendation applies to all projects, and that is to consider the sustainability of any solutions implemented. It is vital to our efforts that a solution be implemented which is both available to all of our constituents (school districts of all sizes, locations and financial conditions) and which can be provided reliably on a long term basis. We must match our staffing availability and funding sources with the software licensing, hosting, network and staffing requirements. The open source software community is very helpful in this regard, but it is a fallacy to believe this type of software is free. Future Plans and Next Steps Having the live system in place and in the hands of pilot districts, we plan to expand and refine the system, adding additional applications, functionality and numbers of participating districts. As mentioned above, a number of additional school districts and ESUs are interested in using the system. With original pilots and the first wave of early adopter districts who are preparing to use the system, about 40 districts and 10 ESUs will be on board by the end of the 2015 2016 school year, with another 50 districts and 7 ESUs planned during the 2016 2017 school year and statewide rollout to all 245 districts during the 2017 2018 school year. Learning management systems, existing in state applications, and Google Apps for Education are early targets for applications to be added to the environment. We will continue a process of suggestion and review by participating districts and ESUs to prioritize application and feature development. For the duration of the rollout activities, we expect to continue to face the challenges of changing habits and practices both of users and system administrators, as well as to continue to be responsive to the needs, refinements and advancement of applications, resources and data that educators will need to readily access. To address these challenges and the unexpected, we will continue and enhance our process of user input, review and prioritization that has brought the work to its present state along with continuing to build our collection and network of professional development resources related to this project. We also will continue our work with collaboration partners in other states to strengthen those relationships, to build a foundation for related self sustaining open source software projects that can be of benefit nationwide, and to explore operational and financial models that will allow the K 12 institutions of Nebraska to participate in broader federations such as InCommon. Conclusion We are very thankful for our involvement in the Quilt InCommon K 12 federation pilot project for the enhanced services that will be available to all K 12 institutions in our state as a result and for the expanded awareness of the benefits of federation and collaboration in a nationwide context. Our combined work will have a great and lasting impact on K 12 education.