VLNIS SSO
Contents
Requirements for VLNIS - Single Sign On [SSO]
Outline of Problem:
- the management of VLN Internet Services users is becoming unsustainably complex - particularly now the VLNIS hosts moodle and Mahara.
- School emails are unreliable and/ or non-existent.
| Requirement |
Rationale |
possible solutions |
| each user has a single identity for VLNIS including a @vln.school.nz email address |
A single identity is required to prevent confusion when using multiple VLNIS services |
|
| The identity is managed by both the individual and the institution |
Password management needs to be possible by both the user and the home school. Schools must be able to reset passwords of learners |
|
| single sign-on across the range of VLNIS occurs |
Once logged in to a VLNIS application, credentials should be valid for other VLNIS applications. |
|
| Directory synchronisation / mirroring is possible between schools/institutions and the VLNIS directory |
Mirrored directory services will ensure that school accounts and VLNIS accounts are synchronised |
|
| Account commissioning occurs automatically |
The creation of a VLNIS identity should create a user in a range of VLNIS applications (which?) |
|
| VLNIS linked to other Ministry sites for SSO, e.g. Enrol, TKI, eAsTTle |
SSO gives access to a host of services provided by the MoE, including VLNIS |
|
| |
|
|
Scenarios:
John - the new user
John has decided to enroll on a Y10 Spanish course brokered by the VLN. John visits the person in his school responsible for VLN courses (alternative scenario – John enrolls himself on a VLN course of study) to confirm his selection. John's idenetity (username, password, email address, school etc) already exists within the VLN. This is because the directory at John's home school synchronises daily with the VLNIS Directory server. The person responsible for VLN enrollments confirms John's selection on the VLN brokerage site. John's new Spanish teacher (based at another school) is notified by email of the new enrollment. The teacher accepts John onto the Spanish course. The VLNIS service automatically enrolls John into the correct Y10 Spanish course on Moodle.
To access his Moodle course, John logs into the VLN system using his school network credentials. On his home page are links to the courses that John is enrolled on.
John is a very forgetful boy and after 3 weeks forgets his system password. The system administrator at his home school resets his password for the school network. Due to directory synchronisation, the password change is propagated to the VLNIS Directory Server.
Jane - moves school
Jane is enrolled on 2 VLN courses: German and Biology. The courses are offered by schools in different clusters and both use Moodle. Jane also uses her VLN Mahara portfolio to provide evidence of her learning. Due to circumstance beyond her control, Jane has to move school during Term 3. She is fortunate that her VLN identity is tied to her as an individual and the LMS and portfolio are associated with her credentials at her new school. When she arrives at her new school she is able to access the portfolio and Moodle course using her new credentials.
=====
Other Users:
Will other users have to be manually enrolled into Moodle instances as fall outside the SSO??
Parent - wants access to Moodle at a particular school
Parents want to access the Moodle site to either view what is available on the Moodle-Parent-role or whatever is on the Parent Portal.
Visitor - wants to have a nosey
Someone from outside the school setup wants to have access to the Moodle site to check out certain things. Possibly only for a short time.
