LEA Administrators and Data Auditors

Frequently, employees that transfer from another LEA or Charter School are not updated in their former payroll system, and therefore the UID system, in a timely manner.  If you find that the Profile of an employee still lists information from a former LEA or Charter School (e.g. LEA Code and/or School Codes), you will need to contact that LEA/Charter School and have them update their Payroll System and push an upload to the UID System.

Contract employees who are not in an LEA's or Charter School's payroll system, can get IAM Service accounts by creating their records directly in the UID System.  Information about the UID System can be found on the NCDPI Site.

The LEA Administrator, LEA Data Auditor, LEA Help Desk and/or the LEA Student Help Desk roles can be revoked in either of two ways:

1. The user with the elevated privilege can self-revoke a role by using the same workflow process they used to originally request the role.

For example, after logging into the IAM Service:

Workflow button - left side > Requests - top tab > Deselect the role to be revoked > Click Submit Request.

Several Home Base User Group members have asked which PowerSchool field will be matched against the UID in the SAML Assertion when a user logs into PowerSchool. The UID number is the unique identifier for IAM, it is stored within PowerSchool as follows:

employee => SIF_StatePrid

student => State_studentnumber

Please note that on some screens SIF_StatePrid may show up as StatePrId. It is the same thing. So for employees,  (SIF_StatePrid = StatePrID = UID)

For primary student accounts (grades K-5) the PSUs will always need to directly distribute the student usernames (pupil number) and default passwords, or NCEdCloud Badges (QR Codes) usually through teachers. There is no claim account process (or challenge questions) for primary students.

Using the workflow process, employees are able to request the LEA Administrator, LEA Data Auditor, LEA Help Desk, and/or the LEA Student Help Desk roles. These requests would typically be granted or denied based on the discretion of the LEA Administrator(s) of the LEA or Charter School. Privileged roles are described briefly below. Further information on these roles is available in the training videos on my.ncedcloud.org.  

As of July 2015 the IAM Service was integrated with all Home Base applications and is no longer an Opt-In Service. The Single Sign-On (SSO) feature of the IAM Service enables users to logon to one of the Home Base applications, or any other resource integrated with the IAM Service, one time and then access any other application without having to logon again.

PowerSchool administrators can continue to configure timeouts for PowerSchool (e.g. 5 minutes, 10 minutes, etc.). Other applications may have different timeout settings which may vary from application to application. See also..  https://ncedcloud.mcnc.org/content/what-are-default-timeouts-saml-identi...

Browser tabs or windows opened in “private” or “incognito” mode will prevent session information from being shared between other tabs/windows. As a result there is no memory of logons done within other tabs, hence accessing NCEdCloud IAM applications in a different private tab or window would require an additional logon.  Private or Incognito mode should be disabled when using your browser for NCEdCloud Target Applications (e.g. Home Base applications, Google Apps, Discovery Education, Follett Destiny, etc).