Identity and access management (IDAM) for the Ultranet

Release 1 information for principals

Purpose of this presentation

This presentation is designed to:– Provide an overview of IDAM– Provide timelines for IDAM Release 1– Describe Release 1 roles (principal, IDAM admin, others)

– List preparatory tasks for principals– Provide tips (to inform decision making)

– Detail how to access more information and training

This is a high-level view only.

Further detail will be presented to IDAM administrators in information sessions provided by Ultranet coaches.

What is IDAM?

• It is the Department’s system that:– Manages usernames and passwords – Enables access to and security for the Ultranet

Think of it as the ‘key’ that gives users access to the Ultranet.

Where does IDAM fit in?

Manages identitiesand passwords

Manages accessto the Ultranet

Maps Ultranet relationships(e.g. links a student with their school in Phase 1

and with their family/ies in Phase 2)

Provide identity data about users

Data sources

CASES21, VSR, Entity Register,

Edumail

IDAM The Ultranet

Timelines

• IDAM will enable the following users to access the Ultranet in Release 1:– Staff with EduMail accounts– StudentsSchools will be provided with access to IDAM in line with their deployment schedule.

• In Release 2, IDAM will enable the following additional users to access the Ultranet:– Staff without EduMail accounts– School visitors (e.g. school council members)– Parents and guardians.

Schools will be provided with access to additional IDAM functionality to support Release 2 deployment in mid-late August.

IDAM roles – Release 1

IDAM self-service· Change

password· Reset password· Maintain secret

questions and answers

· Setup & maintain IDAM system

· Delegate admin. role to principal

· Coordinate student welcome letters

· Reset passwords· Manage accounts· Delegate admin

rights· Change student

usernames

DEECD central Staff withEduMail account

IDAM Admin’r

· Has full admin rights

· Delegate admin. rights to staff

Principal

Initial registration

· Change password

· Set up secret questions

Student

Initial registration

· Register EduMail account details in IDAM

EduMail self-service

· Change or re-set password

· Set up and maintain secret Questions

Administrative roles Registration & self-service

IDAM roles – principal

• Receives notification from DEECD that IDAM is available

• Receives full ‘administrator’ rights• Uses the hyperlink provided to register on IDAM

(see the next slide)• Delegates administration rights to nominated staff.*

Administration rights can be changed at any time and can be delegated further (downwards) to suit.*See: ‘Tips - Delegating admin rights’.

How users register and use IDAM

Phase 1 users

Username and password

How do they register? The password is maintained or changed in…

All staff with EduMail

Is the same as EduMail Goes to IDAM to activate registration

EduMail self-service

Students 1. Is created in IDAM from CASES21 data (temporary password)

2. IDAM administrator prints and schools give students IDAM welcome letters

1. Registers in IDAM with temporary password

2. Changes the password to a 7-digit alpha-numeric

3. Sets up secret questions

IDAM self-service

IDAM administrator may be required to support some students

IDAM roles – administrator

• Coordinates student welcome letters* (generation, printing, distribution)

• Plus, as required:– Resets student passwords– Unlocks student accounts– Enables/disables student accounts– Delegates admin. tasks (downwards)

– Generates alternative student usernamesDetails and scenarios will be presented to IDAM administrators soon.

*See ‘Tips - Student welcome letters’

Preparatory tasks for principals

1. Decide how your school will delegate IDAM tasks*

2. Nominate staff for administrator training*3. Discuss administrator roles with chosen staff4. Decide how your school will:

–distribute student welcome letters**–make sure students and teachers register for the

Ultranet–support students to protect and manage their

usernames and passwords.*See: ‘Tips – Delegating admin rights’ **See: ‘Tips – Student welcome letters’.

Tips – Delegating admin rights

• Choose IDAM administrators early:– Schools deploying Ultranet in:

• Term 2 - choose IDAM administrators early in Term 2 • Term 3 - choose IDAM administrators by middle of Term 2.

– IDAM administrators need to:• attend network briefings provided by Ultranet coaches• work through online training modules• register in IDAM then coordinate student welcome letters, so

students can get onto the Ultranet quickly

• Weigh up the benefits of:– delegating to many to share the load but reduces overall security

vs – delegating to few for tighter security but is more work for each.

Coaches will contact schools early Term 2 about IDAM administrator training.

Tips – Student welcome letters

• Prior to Ultranet deployment, you need to decide how your school will manage student welcome letters:– Who will distribute them (home group

teachers, office staff, year-level coordinators?)

– What security arrangements will be made to keep these letters from getting into the wrong hands?

Support for IDAM administrators

• Information sessions – Run by Ultranet coaches in each network

• early Term 2 for schools accessing Ultranet in Term 2• late Term 2 for schools accessing Ultranet in Term 3

– These sessions will cover:• An overview of IDAM• IDAM concepts (households, digital identity and entitlements)  • Privacy and access issues.

• Training materials– User guides and quick sheets– IDAM online training modules

• Brief, self-paced lessons and simulations covering common administration and self-service tasks.

• Other information– IDAM FAQs– IDAM fact sheets

Further information

• Available early term 2:– Overview for IDAM administrators (PowerPoint)– IDAM quick sheet for principals

• How to register and set up secret questions• How to grant admin rights

– A presentation for staff about privacy/security, safe and responsible use, intellectual property (IP) and copyright as they relate to the Ultranet.

– Information for parents about privacy and access.

All information will be available from the Ultranet Schools Sharing Centre at:https://edugate.eduweb.vic.gov.au/sc/sites/uip/usr/default.aspx

ULTRANET © 2010Department of Education and Early Childhood DevelopmentGPO Box 4367 Melbourne, Victoria 3001