LEA Administrators and Data Auditors

What settings in the Chrome browser can affect logins?


There are a couple of Chrome settings that may improve your experience in using the NCEdCloud IAM Service:

  1. ’Continue where I left off’ - attempts to re-establish all of your sessions that were open when you closed the browser. This can result in a continuation of a session -OR- can result in some very cryptic errors within the Application.  Change this under Settings > On startup

How are privileged roles requested?

The Tech Director/CTO for an LEA or Charter School should be the first person to claim their account and request the LEA Administrator Role.  To request a privileged role for others, choose the ‘Workflow’ button on the left menu and then choose the ‘Requests’ tab along the top. Select the desired role checkbox(es) (LEA Administrator, LEA Data Auditor, LEA Help Desk, LEA Student Help Desk, School Help Desk, and School Student Help Desk) and click the Submit Requests button.

How do I see a list of employees or students in my LEA?

The My Employees tab or the My Students tab under Profiles (on the left) in the IAM Service relies on a "Search" function. You need to enter some criteria to select the users you want to lookup. The easiest search is to enter an asterisk * wildcard in the search window and click the Search button. This will only return the first 1000 matching records, however, which is the limit of any query.

How do I fix employees that show up in the wrong (or two) LEAs/Charter Schools?

Frequently, employees that transfer from another PSU are not updated in their former payroll system and the Staff UID System in a timely manner.  If you find that the Profile of an employee still lists information from a former LEA or Charter School (e.g. LEA Code and/or School Codes), you will need to contact that PSU and have them update their Payroll System and the Staff UID System.

How do I obtain an IAM Service account for a Non-Payroll (Contract) Employee

Contract employees who are not in a PSU's payroll system (which is how most employees have records created or updated in the Staff UID System), can get an account in the NCEdCloud IAM Service by creating their records directly in the Staff UID System.  Information about the UID System can be found on the NCDPI Site.

How can roles with elevated privileges be revoked for an employee?


The LEA Administrator, LEA Data Auditor, LEA Help Desk and/or the LEA Student Help Desk roles can be revoked in either of two ways:

1. The user with the elevated privilege can self-revoke a role by using the same workflow process they used to originally request the role.

For example, after logging into the IAM Service:

Workflow button - left side > Requests - top tab > Deselect the role to be revoked > Click Submit Request.

What is the linking field between IAM and PowerSchool?

Several Home Base User Group members have asked which PowerSchool field will be matched against the UID in the SAML Assertion when a user logs into PowerSchool. The UID number is the unique identifier for IAM, it is stored within PowerSchool as follows:

employee => SIF_StatePrid

student => State_studentnumber

Please note that on some screens SIF_StatePrid may show up as StatePrId. It is the same thing. So for employees,  (SIF_StatePrid = StatePrID = UID)

What's different in Primary vs. Secondary student account setup?


For primary student accounts (grades K-5) the PSUs will always need to directly distribute the student usernames (pupil number) and default passwords, or NCEdCloud Badges (QR Codes) usually through teachers. There is no claim account process (or challenge questions) for primary students.

What roles with elevated privileges can an employee request through the workflow process?


Using the workflow process, employees are able to request the LEA Administrator, LEA Data Auditor, LEA Help Desk, and/or the LEA Student Help Desk roles. These requests would typically be granted or denied based on the discretion of the LEA Administrator(s) of the LEA or Charter School. Privileged roles are described briefly below. Further information on these roles is available in the training videos on my.ncedcloud.org.  

Is the IAM Service Opt-In?

As of July 2015 the IAM Service was integrated with all Home Base applications and is no longer an Opt-In Service. The Single Sign-On (SSO) feature of the IAM Service enables users to logon to one of the Home Base applications, or any other resource integrated with the IAM Service, one time and then access any other application without having to logon again.