School districts have many applications that users must access, and managing identities across these applications can be challenging. Typically, user credentials have to be managed separately within each application, which is time-consuming for IT staff to maintain and requires users to manage many sets of login credentials.
Implementing single sign-on for your school's applications relies on an identity provider to centralize the management of the identity and access for users.
User Identity and Access Management
Identity and Access Management (IAM) refers to the management of user identities within the organization. It broadly covers:
- authentication of users and systems
- authorization of users and systems
- user provisioning
- the audit of identity systems
- user repository management
- password policies
Identity Providers Help Manage Identities
Implementing an Identity Provider (IdP) enables schools to manage their users' login credentials from a centralized system so users only have to remember one set of credentials to access all or most of their applications. An identity provider creates, maintains, and manages identity information while providing authentication services to applications.
An identity provider is a third-party company that communicates with other web service providers (like PowerSchool) using languages like Security Assertion Markup Language (SAML) or data formats like Open Authorization (OAuth) to send messages regarding authentication and authorization. Service providers, like your PowerSchool applications, rely on these messages to verify the user identities.
Once the user has been authenticated, the service provider uses the user's identity information to authorize the user to applications. For example, when a teacher attempts to sign in to Schoology, the identity provider authenticates the teacher, and then Schoology uses the teacher's access to determine the classes and students associated with the teacher.
Refer to the SSO Glossary for more information on the many terms related to identity management, identity providers, and SSO.
The certified identity providers for PowerSchool applications are Microsoft Azure and Google, but there are many other identity providers. If your district is already using another identity provider that supports SAML and OIDC, you may be able to use that identity provider for PowerSchool applications.
Benefits of Using an Identity Provider
- Users can access many applications using one set of credentials, reducing password fatigue.
- IT administrators spend less time resetting passwords and helping users manage their passwords across many applications.
- Centralizing password management makes it easier to enforce password change policies.
- IT administrators can better secure user accounts from common social engineering attacks by deploying advanced access management features, including Multi-Factor Authentication (MFA).
- It is easier to implement new software applications because user credentials do not need to be created for each application.
- IT administrators can quickly remove user access from many applications at once by removing the user's access through the identity provider.