Monday, January 31, 2011

A school system registers parents...

As part of this blog, I strive to present unique cases where clients have requirements that are “outside” the box of normal Identity Management solutions and I think this one definitely fits the bill.

One of the top 10 school districts in the State of Florida, and top 25 in the country, had an Identity Management issue that did not involve students or faculty/ staff but rather the parents. Legislation had been passed that required any parent wanting access to their child's on line learning environment present themselves in person with identification and request an account. With over 125 physical locations and 500 + users that would be handling the process, a paper system was out of the question.
The solution that was settled on was a combination of standard Tools4ever products and just a little bit of custom web work.

Tools4ever worked very closely with the technical staff of the district to insure the requirements were very detailed to avoid any missed components. In the end, a solution was delivered utilizing User Management Resource Administrator (UMRA ), in about 30 hours of consulting that fully met their needs.

Here is a brief overview of the solution:

  • A parent shows up at a school and requests an account to access their child(s) information.

  • A secretary or administrator verifies their ID and enters relevant information into a web page including:

    • Name

    • ID type, number and expiration date

    • Phone number(s)

    • Address

    • E-mail

    • The secretary then searches for the student(s) using name or student ID criteria and verifies with the parent the correct name is displayed.

    • The individual then hits a “Create Parent Record” and, if no duplicate entries are found, the record is created in Active Directory and the student information system and a link between the parent and child is created.

    • A temporary password is returned and the secretary records the information, along with the user name, and delivers it to the parent.


    As part of the project, Self Service Reset Password Manager (SSRPM ) was also deployed for the parents to allow them to enroll and reset their passwords via challenge questions and avoid an unnecessary burden on the help desk staff.

    Additional web forms were delivered to allow administrative staff to reset passwords for parent’s accounts, check their SSRPM enrollment status, to run last logon reports, disable accounts, update accounts and SSRPM enrollment reporting.

    Since deploying the system, over 100,000 parents have been successfully enrolled and can access their child’s records with ease. Paperwork that had previously utilized for the process has been eliminated and, through SSRPM, the additional burden on the help desk has been non-existent.

    To learn more about Tools4ever solutions, please visit our website,
    Tools4ever, Inc.
    Posted by at No comments:

    Wednesday, January 26, 2011

    UMRA & Controlled Assessment

    UMRA & Controlled Assessment


    Traditionally, schools and colleges use Tools4ever Identity Management Suite is UMRA Forms, a secure interface to quickly and accurately manage the life cycle of a user. However, when a school links Active Directory to their student information system, all student account changes are automated, with no need for manual intervention. This negates the requirement for UMRA Forms.

    However, a couple of months ago we were approached by a school with an interesting problem regarding controlled assessment. The school’s IT Manager creates exam accounts for pupils, with home directories shared in the normal way to each user. In the home directory he creates a series of "Exam" folders, which the pupil should only access during a Controlled Assessment session. As a boarding school, the pupil may need to use their exam account outside of a controlled assessment period, so enabling and disabling the account as required is not a suitable solution.

    What the IT Manager really required, was a way to control NTFS permissions on the exam folders within the home directory for each account. So, Tools4ever built a simple interface, delegated to teaching staff, that switches access to the exam folders on and off at the click of a button.

    Now he has shifted the tedious task of controlling exam accounts back to teaching staff. More importantly UMRA is logging every action to keep the auditors happy.

    To learn more on Tools4ever solutions, visit our website:
    Identity Management
    Posted by at No comments:

    Wednesday, January 5, 2011

    Password Management Leads to More!

    A recent pilot project at a large Canadian manufacturing firm, with about 3,500 employees, resulted in successful implementation and purchase. After evaluating numerous vendors over a 6 month period, this diverse, global manufacturer decided on a pilot implementation of Tools4ever products as a proof of concept. We deployed several of our standard products, along with professional services, to meet the client requirements. Here is a brief synopsis of their requirements and how we set about providing a total solution.

    The first phase of the project was to provide a standard methodology to allow end user to reset their Active Directory passwords without calling the helpdesk. In addition to modifying the Windows login screen, a web portal was also required to facilitate resets from machines that were not part of the domain. Further, both components needed to be available in English, French, Spanish, German and Finnish. Self Service Reset Password Manager (SSRPM) provided the needed functionality out of the box with the only shortfall being native support for Finnish. However, as all the text for the Enrollment and Rest Wizards is contained in a locale file, the modification for Finnish was accomplished by the client in about 45 minutes.

    The second phase of this project involved the use User Management Resource Administrator (UMRA) Web for Employee Self Service and Delegation and Password Synch Manager. The desired result of this phase was to be able to reset a user’s SAP password at the same time and using the same password as the AD password. In order to accomplish this, it was necessary to collect the SAP user name form the end users as there was no relationship established between the AD and SAP credentials. A number of other attributes, such as manager’s name and cell phone were also collected for populating AD. Once this phase was completed, an end user could perform a normal password reset through ALT-CTRL-Del or reset a forgotten password through SSRPM, and the password would automatically be reset in both AD and SAP.

    The third and final phase of the project involves the UMRA Delegation and Workflow components. The company has a large number of consultants and temporary employees. When their accounts are created in AD, they will be tagged with an anticipated expiration date in Active Directory. Two weeks prior to this date, the manager will be notified of the pending action and given an opportunity to extend the date. If no action is taken a second notice will be generated one1 week and then again the day prior to expiration. If no action is taken prior, the account is automatically disabled and moved to a separate OU. After 30 days in a disabled state, the account is automatically deleted from AD. This process allows an automated methodology for keeping AD clean.

    Shortly after wrapping up Phase 3, the company will begin to look at other Tools4ever solutions including Enterprise Single Sign on and automated user account provisioning. To learn more on Tools4ever solutions, visit our website:
    Identity Management
    Posted by at No comments:
    Labels: ,
    Subscribe to: Posts (Atom)