Frequently Asked Questions

General

I am active in multiple LEAs and have more than one email address in the IAM service. How do I select my preferred email address?

A: Users who have more than one valid email address (e.g. they are active in multiple schools within an LEA or in multiple LEAs and have a unique email in each), may now see all valid emails in the IAM service. Those users will have the ability to choose a preferred email address from within the Profiles tab in my.ncedcloud.org. The preferred email address will be the one used by the IAM Service when populating “email address” for integrated Target Applications. To choose a preferred email address, go to Profiles -> My Profile -> Edit Profile then use the pulldown menu from the dialog box as shown in the following example:

 
FAQ category: 

 

The quickest way to access the IAM Service is to type my.ncedcloud.org into your browser window and go there directly.  If you want to bookmark the IAM Service, see the FAQ on "How Do I Bookmark the IAM Service?"

 

  TYPE...   

           

FAQ category: 

 

If you want to BOOKMARK the IAM Service Rapid Identity Portal, DO NOT bookmark the Login Screen where you enter your username and password, but once you get to the Rapid Identity Portal (where your Application icons show up) you can bookmark THAT page.  Then whenever you want to go to the IAM Service you can click on that bookmark.

Key points to remember for Bookmarking the IAM Service:

 

   Don't Bookmark!                        BOOKMARK 

                           

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

           

 
FAQ category: 

There are three main criteria for challenge questions:  

  • 5 of the 10 questions must be answered
  • The answers must be 3 or more characters
  • Answers can not be repeated among questions

In addition, the answers are not case-sensitive.

If a question is not answered it will be ignored in the password recovery process. For example, if you initially answer only 5 of the questions then you will be challenged with 2 of those 5 question. If you initially answer 6 questions then you will be challenged with 2 of those 6. You will never be asked a question that you did not answer during setup.

 

FAQ category: 

No, the response to a challenge question is not case-sensitive.

FAQ category: 

 

Students that don't have an email address in PowerSchool and staff that don't have an email address either in Powerschool, HRMS or LINQ HR (upload for Charter Schools) will not have an email address associated with their NCEdCloud IAM Service accounts.  Users are not able to edit their profiles to add/change their email address in the IAM Service. The only way an IAM Service account's email address can be added/changed is if that user's email is added/changed in source data: PowerSchool for students; either Powerschool, HRMS or LINQ HR (upload for Charter Schools) for staff.

We recommend that LEAs & Charter Schools strive to provide email addresses for all their users as there are several important drawbacks for users without an email address within the service. For example:

  1. LEA Administrators and other employees that use the Workflow features of the IAM Service would have no way to automatically be notified by the IAM Service of their workflow-related task items.
  2. Some target services require the email address.  Without having email associated with the provisioned user account, functionality of those target services could be significantly impacted.
  3. The “Forgot my username” function requires an email address in order for the feature to work.

 

FAQ category: 

Various username conventions were researched and vetting over several months. We understand the UID convention does not satisfy many users. In fact there is no solution that would satisfy the various constraints of the IAM Service and also be acceptable to all users. Yet we needed to have a convention that would get the job done.  We need to have something that works in all known current and future target apps and using email addresses wouldn't meet that criteria. Based on various feedback received, the NCDPI CIO, Michael Nicolaides, ultimately made the decision to use the UID convention.

FAQ category: 

If you get a "Bad Request" message or the screen shown below, it's likely because you "bookmarked" the Logon Screen or used the "back button". To get to the IAM Service (to change/reset your password for example), go to my.ncedcloud.org.  To get to any of the applications you normally access, click on the link or icon for that application.  If you try to go directly to the login screen by bookmarking it, the IAM Service won't know where you want to go (e.g. PowerSchool, Google Apps for Education, etc.).  That's why you get an error.

You must go to the application first and it will send you to the logon page (if you haven't logged on previously) along with the path to get you back to the application.

FAQ category: 

If you are having trouble getting to applications and resources, you should follow your local technology support process for resolving such issues. This usually involves placing a call, email or web ticket to your local LEA/Charter School Technology Support department. If your local support staff cannot resolve your problem, they are authorized to escalate the problem to Tier 2 support (the NC DPI Technology Support Center) for resolution.

A helpful video about logging into the NCEdCloud IAM Service can also be found here:

http://www.nc-sis.org/Documents/recordings/IAM_PowerSchool_Login.mp4

 

FAQ category: 

We understand that some LEAs may have concerns about teachers being able to set their students' passwords, however, due to the fact that the IAM Service is a solution for the entire state it was not feasible to make the feature an option on a LEA/CS by LEA/CS basis. However, please keep in mind that ALL password changes are audited within the service so a record of any password transaction is captured along with who made the change.

 

FAQ category: 

Parent/Guardian login will not be affected.

FAQ category: 

PowerSchool administrators can continue to configure timeouts for PowerSchool (e.g. 5 minutes, 10 minutes, etc.). Other applications may have different timeout settings which may vary from application to application. See also..  https://ncedcloud.mcnc.org/content/what-are-default-timeouts-saml-identi...

FAQ category: 
  • Individual Applications (Service Providers) have their own timeouts -- it is Application dependent.
  • The NCEdCloud IAM Service RapidIdentity Portal:
    • Login Screen inactivity timeout (you go to the login screen but don't login) = 5 minutes
      • If timed-out here, close the unused login window/tab, open a new window/tab and start over.
    • Once in the NCEdCloud portal, the inactivity timeout = 8 Hours
  • SAML assertion timeout = it is valid for 5 minutes (the assertion itself)
    • Individual Applications (Service Providers) can have a different timeout for their session(s).  If it is > 5 minutes and that timeout occurs, they will check the SAML assertion and then handle it however they want to handle it.
  • In general it is best that users completely close their browser when they are done.
    • One example is Google Apps. If Google Apps is integrated with the IAM Service and a user logs in, they stay logged in until they close the browser, which could be days or weeks.
FAQ category: 

Browser tabs or windows opened in “private” or “incognito” mode will prevent session information from being shared between other tabs/windows. As a result there is no memory of logons done within other tabs, hence accessing NCEdCloud IAM applications in a different private tab or window would require an additional logon.  Private or Incognito mode should be disabled when using your browser for NCEdCloud Target Applications (e.g. Home Base applications, Google Apps, Discovery Education, Follett Destiny, etc).

FAQ category: 

There are a couple of Chrome settings that may help:

  1. ’Continue where I left off’ - attempts to re-establish all of your sessions that were open when you closed the browser. This can result in a continuation of a session -OR- can result in some very cryptic errors within the Application (Service Provider).  Change this under Settings > On startup

  2. ‘Continue running background apps when Google Chrome is closed’ - Disable this setting under Settings > Show advanced settings… > System > uncheck the item.

In addition, other users have reported that clearing cached images & files has also helped: Ctrl-Shift-Del (or Menu > More tools... > Clear browsing data...) and clear only Cached images and files.

FAQ category: 

For primary student accounts (grades 5 and below) the LEA/Charter School will always need to directly distribute the student usernames (pupil number) and default passwords usually through teachers. There is no claim account process (or challenge questions) for primary students.

For secondary student accounts (grade 6 and higher) the LEA/Charter School may optionally choose to have those students claim their own accounts, -or- the LEA/Charter School may directly distribute the student usernames (pupil number) and default passwords.  To claim their own account a secondary student would need their pupil number, grade, birthdate in YYYYMMDD format, and LEA/Charter School code.  To complete the account claiming process (or the initial login if account is not claimed), a secondary student will need to answer at least 5 challenge response answers. (See: Student Account Claiming ).

 

FAQ category: 

First Steps for New Charter Schools

We recommend that you visit these pages for further information:

  1. “Claim My Account” at https://ncedcloud.mcnc.org/getting-started describes introductory information on the IAM service, account claiming instructions and directions for the Tech Director to obtain the LEA Administrator role.

  2. "Next Steps for LEA Administrators" at https://ncedcloud.mcnc.org/next-steps-lea-administrators.  This page contains information to help Charter Schools prepare to roll out the NCEdCloud IAM Service to their users and move forward with accessing Target Applications (including Home Base apps when integrated) using their NCEdCloud credentials (Username and password).

  3. "Self-Service Onboarding Checklist" at https://ncedcloud.mcnc.org/system/files/Self-ServiceOnboardingChecklist-Mar2014_0.pdf This checklist was developed with feedback from the onboarding planning sessions for Early Adopters of the NCEdCloud IAM Service and is intended to assist schools in preparing for a rollout of NCEdCloud user accounts. Charter Schools who wish to use the service should review the items below and plan/complete all tasks prior to requesting the integration of Target Applications.

You can go to "Claim My Account" from the NCEdCloud Home page and the process will be explained there.

LEA Administrators and/or Technology Directors can also find more information on requesting and granting privileged roles at the following:

How Are Elevated Privilege Roles Requested?

What Roles With Elevated Privileges Can An Employee Request Through The Workflow Process?

How Can Roles With Elevated Privileges Be Revoked For An Employee?

The eScholar UID number is the former 9- or 10-digit NCWise Student or Pupil Number (for Students) and the 10-digit State Employee UID or PowerSchool UID for teachers and staff. Employee UID numbers should be in the UID system as well as Payroll, so your Finance Department may be able to help you locate the number.  Many LEAs and Charter Schools were already using the UID number to logon to PowerSchool.  If so, then it's the same number/username you're already used to.

User Passwords and Expiration

  • Passwords shall be at a minimum 8 characters in length and no longer than 16 characters.
  • Passwords shall be comprised of at least one of each of the following:
    • Upper case letters
    • Lower case letters
    • Numbers
  • Passwords shall not contain the username alias (the portion of the user’s email address before @yourdomain.com).  
  • Username, first name, last name, spaces cannot be used within the password
  • Passwords shall not begin or end with ! (an exclamation point)
  • Allowed special characters are: @ # $ % ^ & * - _ + = [ ] { } | \ : ’ . ? / ` ~ ” < > ( ) ; !
  • Passwords shall not be shared. No one will ever ask you for your password.
  • Passwords shall be changed at a minimum every 90 days for all in-scope users
  • Passwords shall not be reused until twenty-four additional passwords have been created
  • If a user suspects any password has been compromised or is known by another individual the user shall immediately change their password and notify their local administration

Password change notifications will begin ten (10) days prior to a user’s password expiration. Within the 10-day window, each time a user logs into the IAM Service they will receive a pop-up notifying them their password will soon expire and they will be prompted to update their password. Users will continue to receive this notification until the password has been reset. Failure to change your password during this 10-day period will result in the user being prevented from further logins until they complete a password reset, which will be required by the IAM Service the next time the user tries to login.

Yes, passwords can be reset at any time, but for employees they must be changed at least every ninety (90) days. For students, the password expiration feature may optionally be turned on if the LEA wishes.

When a new employee claims their IAM account they will be forced to set an initial password. They will be prompted to change their password beginning 80 days (10-day notice) after they set their initial password.

Only if their LEA or Charter school opts-in to the IAM Service student password expiration.  To opt-in to the student password expiration policy, please have an IAM Service LEA Administrator submit a ticket to the NC DPI Technology Support Center at:

https://nc-myit.us.onbmc.com  or  919-807-HELP (4357)

Student password expiration can be implemented in one of the following ways:

  • The entire LEA or Charter School
  • Only students in grade levels 6 - 13
  • Students in grade levels 5 and below. 

 

Once implemented, students will be required to change their IAM Service passwords upon their next login and then again after 90 days.

 

Changing a user password that has expired is fairly straight forward:

Step 1: You attempt to login at the IAM Service RapidIdentity screen as usual.

Step 2: When you click on "Go" you receive a red error message indicating your password is expired.

     

Step 3: At the My Employee Profile screen click on the "Change Password" button.

Step 4: Review the Password Policy requirements and Enter your Current Password

Step 5: When you begin typing your "New" password, you will see an error message "Password Does Not Meet Requirements" (in red) displayed at the bottom of the screen.  This is normal until you have fill all the requirements of the password policy (length, case, number).

       

Step 6: Once you have entered a password that meets the Password Policy requirements, the message will change to "Password Meets Requirements" (green).

Step 7: Once you enter a new valid password (green message remains), you will need to Confirm it by retyping the password.  Until you accurately duplicate your new password, the "Change Password" button at the bottom will remain "grayed out".  When you type in an exact match to your new password, the button will become active and you can click on "Change Password" to complete your password change.

     

Step 8: Once you have completed the above screens and clicked on Change Password, you should see the following screen indicating a successful password change:

 


* Error:  If you receive the following message after clicking on change Password, it means that you mistyped your current (old) password in the first box.

 

 

 

 

The self-service function of changing a user password is fairly straight forward:

 

Step 1: Log into the NCEdCloud IAM Service, and at the Applications screen click on "Profiles".

Step 2: At the My Employee Profile screen click on the "Change Password" button.

Step 3: Review the Password Policy requirements and Enter your Current Password

Step 4: When you begin typing your "New" password, you will see an error message "Password Does Not Meet Requirements" (in red) displayed at the bottom of the screen.  This is normal until you have fill all the requirements of the password policy (length, case, number).

       

Step 5: Once you have entered a password that meets the Password Policy requirements, the message will change to "Password Meets Requirements" (green).

Step 6: Once you enter a new valid password (green message remains), you will need to Confirm it by retyping the password.  Until you accurately duplicate your new password, the "Change Password" button at the bottom will remain "grayed out".  When you type in an exact match to your new password, the button will become active and you can click on "Change Password" to complete your password change.

     

Step 7: Once you have completed the above screens and clicked on Change Password, you should see the following screen indicating a successful password change:

 


* Error:  If you receive the following message after clicking on change Password, it means that you mistyped your current (old) password in the first box.

 

 

 

If you forgot your password and it has expired (90 days or more since it was last set) you should reset it using the IAM Service's "Forgot My Password" functionality:

  1. Go to my.ncedcloud.org
  2. Click the "Need Help?" link toward the top right hand side of the login screen
  3. Click the "Forgot My Password" link
  4. Enter your username
  5. You'll be asked to answer some of your challenge questions and enter a captcha code
  6. Next you'll be able to set a new password, and you're good for another 90 days
  7. Return to my.ncedcloud.org and proceed with your usual NCEdCloud activities

 

If the above steps are unsuccessful, please reach out to your school's Technology Support team for assistance with having your password reset.

 

Every user has a default password that is randomly generated for that specific user.  However some users won't actually use their default password as they will reset it during the account claiming process.

Employees will be asked to choose a new password when they proceed through their initial account claiming process, so for them the default password is essentially a moot point.

For secondary students (grade 6 and higher) the LEA/Charter School may optionally have those students claim their own accounts, or the LEA/Charter School may directly distribute the student usernames (pupil number) and default passwords.  To claim their own account a secondary student would need their pupil number, grade, birthdate in YYYYMMDD format, and LEA / Charter School code.  When they start the process, they will be asked to chose and set their password. To complete the account claiming process (or the initial login if account is not claimed), a secondary student will need to answer at least 5 challenge response answers. (See: Student Account Claiming).

For primary student accounts (grades 5 and below) the LEA/Charter School will always need to directly distribute the student usernames (pupil number) and default passwords usually through teachers. There is no claim account process (or challenge questions) for primary students.

 

Currently there is no limitation on password history - which is to say that passwords may be reused.  However at NCDPI’s discretion in the future, password reuse limitations may be enabled.

LEA Administrators and Data Auditors

I go to the Profiles tab and click on Manage My Employees, but I don't see anything.  Are my employees in the IAM Service?

The My Employees tab or the My Students tab under Profiles in the IAM Service is a "Search" function. You need to enter some criteria to select the users you want to lookup. The easiest search is to enter an asterisk * wildcard in the search window and click the Search button. This will only return the first 1000 matching records, however, which is the limit of the query.  You can also look for all users beginning with the letter P by entering P* in the search window, and clicking Search.  To filter your lookup, click on the box for Advanced Search Mode and enter more specific criteria there. Save the search criteria, and click on Search. When searching on Last Name it is helpful to always enter a trailing asterisk * wildcard to make sure you retrieve users whose last name may be followed by a generational qualifier such as Jr., III, etc.

Select the Manage Employees tab or Manage Students tab (under Profiles) and do an Advanced Search for all users (Last Name = *) AND with an invalid email address (Email != *@*.*)

The easiest way to search for user records that are missing an email address is to select the Manage Employees tab or the Managed Students tab (under Profiles) and then do an Advanced Search for [Last Name = *] AND [Email != * ] (this equates to "not equal anything").

Any user, including new teachers, must have a UID in order to appear in the IAM Service. UIDs are obtained through the UID process.

UID Overview

UID information is requested from and maintained in an eight step process described here. The process was originally designed to be performed on a monthly basis to coincide with payroll cycles, as UID data is extracted from the payroll system and the results are stored back into the payroll system. Current technology, however, requires an almost real-time need for identity management information. Processing UID data on a daily basis will provide the most up-to-date employee data to the IAM Service & supported applications, as well as alleviate delays for LEAs and Charter Schools.

UID Staff Process

  1. LEA/Charter Generates CEDARS Staff File From Payroll System
  2. LEA/Charter Uploads CEDARS Staff File into UID Staff & Initiates Data Validation
  3. LEA/Charter Downloads Fix Errors Report (if data errors are found by UID Staff System)
  4. LEA/Charter Fixes All Errors in UID Staff and in Payroll Source System
  5. LEA/Charter Initiates Assign ID Process in UID Staff
  6. LEA/Charter Resolves All Pending Near Matches
  7. LEA/Charter Downloads File of Assigned Staff IDs
  8. LEA/Charter Imports File of Assigned Staff ID into Payroll System
 

Please see the following resources for more details on the UID System:

Source Data Requirements

UID Support & Training

Charter Schools should also look here: For Charter Schools

 

Frequently, employees that transfer from another LEA or Charter School are not updated in their former payroll system, and therefore the UID system, in a timely manner.  If you find that the Profile of an employee still lists information from a former LEA or Charter School (e.g. LEA Code and/or School Codes), you will need to contact that LEA/Charter School and have them update their Payroll System and push an upload to the UID System. UID Staff contacts at LEAs and Charter Schools can be found on the NCDPI website at http://www.ncpublicschools.org/cedars/uniqueid/staff/training  (The list, "Statewide UID Staff User Contact List", is located under “Support Documents” on the UID Staff Training website.)

Steps:

  • The employee's payroll record at the former LEA/Charter School needs to be marked "Inactive".
  • The record needs to be pushed to the UID System, which will mark the UID record at the former district as "Inactive".
  • The following business day the old data will no longer be pulled into the IAM Service and "old" information should disappear from the user's IAM Service Profile.

 

Contract employees who are not in an LEA's or Charter School's payroll system, can get IAM Service accounts by creating their records directly in the UID System.  Information about the UID System can be found on the NCDPI Site.  The process for adding Non-LEA Employees to the UID System can be found under - Acquiring Staff IDs for Non‐Payroll Staff.

If Contract employees will need to access PowerSchool, they'll need to be added to your PowerSchool instance.  Make sure their UID# is in the StatePrid field in PowerSchool, as that field is matched when a user logs in using the IAM Service.

Several Home Base User Group members have asked which PowerSchool field will be matched against the UID in the SAML Assertion when a user logs into PowerSchool. The UID number is the unique identifier for IAM, it is stored within PowerSchool as follows:

employee => SIF_StatePrid

student => State_studentnumber

Please note that on some screens SIF_StatePrid may show up as StatePrId. It is the same thing. So for employees,  (SIF_StatePrid = StatePrID = UID)

Also note that if you see Student_number on the screen it is the same number as the state_studentnumber.  (Student_number = state_studentnumber)

The Tech Director/CTO for an LEA or Charter School should be the first person to claim their account and request the LEA Administrator Role.  To request a privileged role for others, choose the ‘Workflow’ button on the left menu and then choose the ‘Requests’ tab along the top. Select the desired role checkbox(es) (LEA Administrator, LEA Data Auditor, LEA Help Desk, LEA Student Help Desk) and click the Submit Requests button. (See https://ncedcloud.mcnc.org/claim-my-account for more information and an example screen-shot.) Note that anyone who has the LEA Administrator Role automatically attains the same privileges as LEA Help Desk, LEA Student Help Desk and LEA Data Auditor, hence it is not necessary for an LEA Administrator to also have the other roles.

The first request from an LEA for the LEA Administrator role will be vetted by NCDPI support staff prior to granting the role.  Once granted, an LEA Administrator may approve future workflow requests, as well as have access to administrative functions in the IAM Service for their district's employees and students.  They will also be granted access to the LEA Administrator website where more protected content is available.

 

 

Using the workflow process, employees are able to request the LEA Administrator, LEA Data Auditor, LEA Help Desk, and/or the LEA Student Help Desk roles. These requests would typically be granted or denied based on the discretion of the LEA Administrator(s) of the LEA or Charter School. Privileged roles are described briefly below. Further information on these roles is available in the training videos on my.ncedcloud.org.  

It is up to each LEA and Charter School to determine which employee(s) should be granted these priviliged roles. Keep in mind they do have extra privileges and access to data so you must use careful judgment in granting the roles.  Note that anyone who has the LEA Administrator role automatically attains the same privileges as LEA Data Auditor, LEA Help Desk and LEA Student Help Desk, hence it is not necessary for an LEA Administrator to also have the other roles.

LEA Administrator

The LEA Administrator Role is the highest level of privilege an employee can receive in the IAM Service.  Any employee with this role is granted full access to all your LEA’s or Charter School’s student and employee identity data, the ability to enable/disable accounts, change passwords and to request and approve other privileged roles for Administrators, Data Auditors, Help Desk Support, etc.   You can have as many employees with these roles as you would like, but just be aware of the access and associated risks.  If you have this role, no other roles are needed as their privileges would be redundant.  Allowed actions include: Full access to LEA user data (Profiles, data files, viewing and searching).  Typically this role would be assigned to the CTO/Technology Director and his/her designated trusted staff.

LEA Data Auditor

The LEA Data Auditor role has two main capabilities:  1) View-only access to student and employee profiles (e.g. View My Students, View My Employees); and 2) Use of the File Access Module where source data files are located and downloadable. CAUTION: Downloaded data files contain highly sensitive data. It is essential that the LEA/CS practice proper handling, storage & disposal of downloaded data files. The LEA Data Auditor role does NOT allow changing another user’s password or disabling/enabling user accounts.  If a user with the data auditor role also needs to reset passwords for users, they can request the Help Desk role.  Allowed actions include: Viewing and searching user data for the district, access to LEA source and user data files.  Good candidates fo this role might include PowerSchool Data Coordinators and staff who are responsible for entering payroll and/or HRMS data.

LEA Help Desk

The LEA Help Desk role allows LEA/Charter School technical staff the ability to perform basic account management for users within their LEA. Allowed actions on all accounts in the LEA include: reset challenge questions, change password and disable account claiming.  You might find this role appropriate for technology faciltators, help desk personnel and Media Specialists.

LEA Student Help Desk

Employees with the LEA Student Help Desk role will be able to access the “Help Desk For Students” tab in the Profiles section of my.ncedcloud.org. From there they will be able to perform basic account management for student users within their LEA. Allowed actions on all student accounts in the LEA will include: reset challenge questions, change password, and disable account claiming. You might find this role appropriate for technology faciltators, help desk personnel and Media Specialists.

 

The LEA Administrator, LEA Data Auditor, LEA Help Desk and/or the LEA Student Help Desk roles can be revoked in either of two ways:

1. The user with the elevated privilege can self-revoke a role by using the same workflow process they used to originally request the role.

For example, after logging into the IAM Service:

Workflow button - left side > Requests - top tab > Deselect the role to be revoked > Click Submit Request.

The privileged role would be revoked immediately.

 

2. Designated LEA/Charter School personnel may request role removal by submitting a request to the NCDPI Technology Support desk:  http://www.nc-sis.org/support.html

 

NOTE:  While an LEA Administrator doesn't have the ability to *directly* remove another employee's elevated privileges, an LEA Administrator *does* have the ability to immediately disable an account if needed.  That process is described in the Training Videos (see the Applications tab -> Training ->  LEA Administrator Training -> "How do I disable someone's account?")

No, there is no requirement that you make any changes to your user accounts within your LEA. The UID number however is the login for cloud-based services such as HomeBase and other NCEdCloud IAM apps (should you choose to adopt them).  Whether an LEA chooses to use NCEdCloud IAM accounts within their local district services is up to you. If it is of interest to do so, it is possible the NCEdCloud IAM’s CDLR service could help facilitate that. 

There are several important drawbacks for users without an email address within the service.  For example:

  1. LEA Administrators and other employees that use the Workflow features of the IAM service would have no way to automatically be notified by the IAM service of their workflow-related task items.

  2. Some target services require the email address.  Without having email associated with the provisioned user account, functionality of those target services could be significantly impacted.

  3. The “Forgot my username” function requires email, so that IAM feature would not work.  

The ability to see the "My Students" tab in the Rapid Identity Portal under Profiles view, is based on whether the employee who logs into the IAM Service has one of the designated "Teacher Job Codes".  Job Codes are setup by the NCDPI and are assigned to an employee through their payroll system and stored in the UID system.  Below are the job codes (sometimes referred to as object codes), that allow an employee to see the My Students tab.  An employee with this tab would be able to use it to help reset passwords for any of their students that are assigned to them (typically as the primary teacher for a class) within PowerSchool.

There is a “My Students for Non-teachers” exception role in the IAM Service that can optionally be requested by employees that don't have one of the above job codes but do have students assigned to them. When granted, this role allows employees who are teaching classes but do not fall within the previous job codes, to see their assigned students via the "My Students for Non-teachers" tab in the IAM service.  This role must be requested each school year, as it will expire on June 30th of the school year in which it is granted.

 

To request this role, the employee would do the following after logging into my.ncedcloud.org:

Workflow tab on left -> Requests tab across the top -> Check "My Students for non-Teachers" box -> click "Submit Request" button

The approval request would then go to an employee in your LEA/Charter School with the LEA Administrator role.

The complete process for restoring an account to unclaimed status is:

  • Under Profiles > Manage Employees tab or Manage Students tab, enter the user's UID and click Search to retrieve the account in question.
  • On the far right of the account line that was returned, click the "pencil". A dialog box opens and then UNCHECK the "Disable Claim Account" box and click Save.
  • Select (check) the checkbox on the far left of the account line and then...
  • Click Change Password button above the search box. A dialog box opens and then check only the "Set Password to Default Value" option and then click Save.
  • Click Reset Challenge Responses button above the search box and then Yes to confirm.

 

This entire process must be followed to assure a complete reset to unclaimed status.

 

Home Base Maintenance Periods typically involve downtime of PowerSchool and sometimes other Home Base applications. However, during such downtime, other IAM Service integrated applications remain available.

For a complete schedule of Home Base Maintenance Periods, please see... Home Base Maintenance Schedule

 

Upstream data processes produce the user data that is provided to the NCEdCloud IAM service early in the morning on Monday through Saturday. If an updated data field value is entered into that field's source system prior to that source system's cutoff time, then the data is provided to the IAM service the following day. (Note that data is typically NOT provided to the IAM service on Sunday mornings). After the IAM service receives updated data very early on the following morning, it is processed by the IAM service and made available later on that same day, usually before school starts.

For details on the source systems and cutoff times for various employee and student fields and SchoolNet roles please see:

NCEdCloud IAM Service Sources and Timing for Employee Data Fields

 

As of July 2015 the IAM Service was integrated with all Home Base applications and is no longer an Opt-In Service. The Single Sign-On (SSO) feature of the IAM Service enables users to logon to one of the Home Base applications, or any other resource integrated with the IAM Service, one time and then access any other application without having to logon again.

Non-Home Base Target Application will continue to be opt-in for LEAs and Charter Schools, however, now that the service is rolled out to all North Carolina K-12 users it will make more sense to continue to integrate additional applications to take advantage of the SSO provided by the IAM Service.