NCEdCloud IAM Service Updates - January 29, 2016


This Friday, January 29, 2016 at 5:00 PM ET, the NCEdCloud IAM Service will be updated with the “LEA-Specific Privileged Roles Enhancement” and a change to the Schoolnet roles data processing logic. No downtime is expected as a result of this update.

The Privileged Roles enhancement will link each privileged role (LEA Administrator, LEA Data Auditor, LEA Help Desk, LEA Student Help Desk) to the LEA in which the user is employed.  The reason for this enhancement is because currently, if a user has one of the privileged roles and is employed by two (or more) LEAs or Charter Schools, the privileges apply to all LEAs that the user is a “member” of.  This can occur if a user is legitimately employed by two LEAs, or if an employee transfers between LEAs and the former LEA does not update their payroll system (and consequently the UID system) in a timely manner.  This can present a security risk for an LEA that has not approved the role for that user, so this enhancement will mitigate that risk.

This should impact less than 1% of all users who currently have privileged roles.  If an employee is in a single LEA or Charter School, their role will be revoked and then re-granted in the new format, associated specifically with the LEA they’re in.  For users that are in multiple LEAs and have one or more privileged roles, their roles will be revoked during the upgrade, and they will need to re-apply and indicate the LEA from which they’re requesting the role.  We will be communicating directly with the few users who fall into this category so they are aware they must resubmit new requests.

The new process for requesting a role through the Workflow page will prompt the user to enter their 3-digit LEA Code along with the reason for their request.  If a user is providing support to two different LEAs, they will need to submit two different Requests - one for each LEA.  Users must exist in the LEA for which they submit a role request, or it will fail.  A new video on requesting privileged roles will be available later this week on the Identity Automation website when you click on the “Training” icon on your Applications page.

The IAM Service will also be implementing a data processing change to improve the accuracy and timeliness of student and employee updates to Schoolnet roles in the IAM Service.


Published Date: 
Tuesday, January 26, 2016 - 15:30