Supporting the access needs of your district is enough to fill a full-time job. Your departments and schools depend on a variety of applications to get work done. If you’re okay with a “bandaid” fix instead of a real solution, you could use a patchwork of a few platforms and hope for the best. A piecemeal solution carries a considerable risk of being inefficient, overcomplicated or accidentally vulnerable to exploitation.
Your faculty, staff and students need something quick and easy to use. You need something secure - a comprehensive system that ties in neatly and completely to your existing network. As a part of your directory integration processes, a single sign-on service ensures easy and safe access to the applications you need and rely upon.
This checklist helps you measure if an SSO solution is enough to deliver convenient, secure performance for your schools, staff and students.
Support for All Users In Your Community
Can everyone count on the support of your SSO service?
- Staff & Faculty
- Users only need one username and password for access
- Only one login per session required to access applications and platforms
You need a system that plays nicely in the sandbox. Does your SSO support your applications?
- Supports all on-prem applications in your district
- Integrates with all cloud-connected applications
Open Standards Compliant
Is your solution using widely accepted protocols to nurture a trusted relationship?
- OpenID Connect
- OAuth 2
Known for Safety
Is your SSO provider up-to-date with the latest and most stringent security standards and processes?
- ISO 27017, 27018 and 27001
- Skyhigh Enterprise-Ready
- SOC 2 Type 2
- U.S. Privacy Shield
- CSA Star
- EU Model Contract clauses
- NIST Cybersecurity Framework compliant
- Fully compliant with digital privacy legislation GDPR, SOPIPA & CalOPPA & CCPA
- Are they actively probing their systems for exploitable weaknesses using penetration tests, network scans and a bounty program for discovered bugs?
24/7 Responsiveness and Disaster Recovery Assistance
Can you reach a live person at your SSO provider in the event of a cyber-attack or catastrophe?
- Replication and redundancy across regions by design
- Multiple data centers across multiple regions
- Historical and recent availability of over 99%
User Friendly, Front & Center
Your time is too valuable to struggle with overly complicated systems. Why rely upon an SSO system that makes login and access more difficult?
- Single point-of-access
- Common browsers are supported and easily synchronized - Chrome, Firefox, Safari, etc.
- Access to apps is streamlined
- Login is quick and easy without extra hurdles to jump through
- Easy self-service password change for users
If you depend on mobile applications for your district’s workflow, do you have confidence that your SSO client is mobile-device compatible?
- Native mobile device functionality supported
- A wide variety of devices are supported without needing special updates or patches
- Seamlessly connects with your multi-factor authentication (MFA) tool
Password Rule Management Remains in Your Hands
Maintaining control of your password provisioning processes is crucial.
- Your SysAdmin controls requirements for password complexity and expirations
- Reduces the burden on your helpdesk team with password expiration alerts for users
- Smoothly connects with your MFA client and enforces MFA rules for password resets
Corporate Identity Directory Integration
Can you use your current directory management platform in tandem with the SSO system?
- Microsoft Active Directory
- Google Directory
- Azure Active Directory
- Human Resource Management Systems, including PowerSchool Unified Administration, WorkDay, BambooHR or Kronos?
Can You Be Too Secure?
What extra levels of protection does the SSO system offer to you and your district?
- Multi-factor authentication (MFA)
- Adaptive authentication
- Forced authentication for high-risk resources by default
- X.509-based certificates
Do you get APIs and support when you need it, allowing you to enable single sign-on for your custom applications and third-party platforms?
- Full registration & life-cycle management APIs for SSO
- Major platforms and languages supported via SDK
- OpenID Connect compatible
Behavioral Analytics for Enhanced Response
Does your SSO improve the way your operations can authenticate users and proactively respond to perceived risk?
- Ability to Blacklist & Whitelist user capabilities according to geolocations, providers and IP addresses
- Create default responses to high-risk access attempts
- Set re-authentication requirements for select applications
Are you able to manage authorization through the SSO solution for existing identity provisioning systems?
- RBAC access compatible
- Supports user account provisioning and deprovisioning with apps and systems in use
Can you implement the SSO solution without needing to replace, customize or otherwise modify significant elements of your network or existing software solutions?
- API integration supported for custom apps
- Easy incorporation without needing extensive modification or removal of other solutions
There were probably a few of the bullet points above that made you sit back and wonder. That’s a fairly common reaction. Don’t worry about how many of those line items you couldn’t check “yes” to, this wasn’t graded.
With the rise of distance learning and virtual classrooms, your staff and students need reliable, streamlined access more than ever. Level Data Easy Access connects your schools to the apps they need when they need them. You won’t need to worry about how this will integrate with your existing PowerSchool environments and systems used in your district - we'll handle the hard work for you.