What is the NCEdCloud IAM Service?

The NCEdCloud IAM Service is based on the principle that strong identity management is a foundational component to support the shift toward cloud technologies. As more services move to the cloud, a centralized and standard way to manage accounts, roles, and permissions for accessing these technologies is required for their successful deployment and ongoing management.

The goal of the NCEdCloud IAM Service is for every student, teacher, staff member, parent or guardian, and school community member to have a single, unique username and password to access cloud-based learning resources in North Carolina.

The IAM Service will provide self-service capabilities to all users and delegation capabilities to all PSU (district and charter school) administrators. The service will have three major components:

  • A centralized data repository with all user identity information collected in a single location, which will create an opportunity for better reporting capabilities, data analytics generation, and access control management.
  • A central directory service that provides a master authentication and authorization resource. It will also bring new options to local school district personnel with an automated mechanism for synchronizing user information from the centralized directory service to local directory services.
  • Federation software (SAML) that enables Single Sign-On functionality for users, which is a single username and password that grants access to all of a user’s relevant cloud services.

What will it look like for me?

The features available in the IAM service may differ among users and even at different schools, depending on what applications they have and their roles in the system. However, all users will have a single account to access the available resources.

Students will be able to:

  • See an Applications window with icons to the applications they have access to
  • View profile information about themselves
  • Reset their password, using self-service capabilities
  • Use a "badge" (QR Code) to login to their account (for K-5) if their PSU chooses this feature

Teachers, in addition to the student features listed above, will have the ability to:

  • View their students’ information
  • Reset their students' passwords

LEA Administrators, in addition to the functions of students and teachers, may:

  • View all the students and employees in the district
  • Enable and disable accounts and passwords
  • Create sponsored guest accounts
  • Have access to user and audit data
  • Approve privileged role requests
  • Submit webform requests to opt-in to additional features/enhancements