District Account Management and Single Sign-on (SSO) (Updated 06/2016)

Over the past few months, I've been sharing how one district solved the account management problem through the adoption of an identity management/automation solution. Unfortunately, in every meeting, I encounter a question that is central to the needs of Texas (and other) school districts--Does this solution resolve the overwhelming amount of data file creation requests for digital textbook publishers? And, each time, my answer has to be, "No."  In this blog entry, I share what may very well be THE solution.

Automated Provisioning (includes federation)

Link updated since it wasn't working earlier. Also inserted additional information and links to files

The worst part of the deal is that I wish districts like Denton ISD had spoken up and shared this sooner...the same goes for ESC-11. As the saying goes, "You don't hide your light under a basket!" That would have saved a lot of effort before for many.

For now, here's the backstory to this search for the Holy Grail--an identity management/automation solution that not only interacts with Active Directory, Office365/GoogleApps, but also all the OTHER stuff that comes up without any additional costs. The backstory is outlined here and is worth reading so you can understand the scope of the issues and the various solutions:
  1. The Texas Digital Textbook Data Nightmare - In this engaging comprehensive primer, featuring quotes from Texas school districts, Miguel explores the problem and solutions available. This is a great intro for those struggling with vague notions of what is happening (or not) in regards to data integration.
  2. Data-Driven School Districts Experience Growing Pains - In this "pictures of the problem"-rich article, Miguel shares his journey to find a solution, including job descriptions and expectations.
  3. To the Rescue - @Clever in Texas Schools? - Want to use Clever to in place of or to complement your existing user provisioning solution? Read this article to get answers to key questions!
  4. MyNotes: ClassLink for Rostering - My notes on ClassLink's connection to OneRoster.org, a presentation shared at the TCEASysAdmin.
You can also find ALL my materials--sans The Solution mentioned below--online at http://tinyurl.com/tceaidentitycrisis. There's a LOT of information there and I recommend you review it all before jumping into any one solution.

At the TCEA 2016 State Conference, I was scheduled to present on Wednesday about Identity Crisis. On Tuesday, though, I met one on one with the Education Service Center, Region 11's solution provider partner, Enboard's Encore. I listened to them (audio recording) for about an hour and a half.

I was blown away.

In one fell swoop, the solutions I had touted so highly, as well as others like Clever, would prove unnecessary.

This is THE solution school districts need. Some of the salient points:
  • Encore is a cooperative member, which means if you had to, you could skip the bid process. Coops include Buyboard and Region 11 TETCP.
  • Encore is in Texas school districts and has been for years. Customers include the following: 
    Denton ISD, Lewisville ISD, Mesquite ISD, and Crowley ISD. Denton ISD's Ernie Stripling also recorded a video about the relationship between Denton ISD and Encore.
  • Encore is a subscription model, based on total user cost. Total users include staff and students because, to be blunt, you need all of them. For example, a district with 15K of staff and students would pay $30K annually. This is actually quite a savings to other solutions that charge up front and then annually for NEW products.
    • Enboard can also provision Parent/Guardian and Community Accounts and enable Parent/Guardians to log in with their own accounts and access their associated Student’s Account Information without having to log-in as the student (commonly called Impersonation). 
  • Encore deploys 25 Applications/Resources for the District per year, then 10 additional per year (phenomenal!!). Also, districts can deploy as many applications as they want to (no limit) after they complete training and never get an additional charge as well. So, if you have some new digital content provider or assessment vendor say, "Hey, we need these 5 data files for our system to work in these formats!" then Encore will generate those data files for you.  The District is fully trained on the Enboard Platform and can add as many SSO Applications as they need without any additional charge.
  • Districts pass on the the data file schemas--how data files should be created--from the vendor to Encore and Encore will generate those files, then place them on your secure FTP (SFTP) server for pickup by the vendor, or provide even more support. All Data is kept within the Districts environment as all data should remain private and confidential.
  • Encore provides Single Sign-On (SSO) to everything you can imagine, including the Big 3 Textbook Publishers...let me say that again. They handle the textbook vendors. For example, when looking at Pearson, I realized it would cost about $900 to auto-generate that file from our regional service center. Instead, Encore could do this at no additional cost.
    • Encore can support any Web-based Application that is Forms-Based, supports LDAP/Active Directory Integration, has an Authentication API or Supports Federation (SAML, WS-Federation, oAuth, etc.).
    • Encore also supports creating Accounts on Third Party Platforms of varied Username and Password variations.
  • Encore stores all District Account Authentication Information Encrypted in the District’s Active Directory Environment.  Encore does not store the credentials in a third-party platform.
    • In fact, Encore won an award from Microsoft for encryption and security for SSO Credential Data.
    • Encore maintains all PII information within the districts complete control and audit and log all details for transmissions.
There's a lot more that can be said but it's pretty simple recommendation--go with Region 11 and Encore.
Note: You can access these resources online:
    • Enboard Value Statement: Reviews overall Value Statement of Enboard
    • Enboard Comparison to SSO Platforms – Review Enboard Comparison with other SSO Platforms
    • Enboard SSO Application Library List – Details Encore’s Current SSO Application Library List
    • Enboard Overview – General Overview Presentation of Enboard
    • Instruction Benefits – One Page Overview for Instruction Enablement
Other Resources: 
 If you think SSO isn't that big of a deal, imagine your K-12 students and staff trying to juggle 40+ different logins and passwords...imagine logging into ONE place, then tapping on an icon. For example, in the screenshot below, users click on Moodle icon, and that logs them straight into the popular course management system...the same is true for Istation, Think Through Math (TTM), and many other solutions...you can get an insight into the breadth of these by looking at the pictures below:

This includes SSO into GoogleApps as well as Office 365:

A few more pictures:

Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure


Katie Favara said…
We have been adding additional information about Encore at http://www.esc11.net/encore.
Anonymous said…
This solution is the best. hands down!

Popular posts from this blog

COVID-19 Droplet Spread and #FREE Tests

Trying a New Pup Out #SPCA #Dog

AudibleNotes: Culturally Responsive Teaching for Multilingual Learners