Single Sign-on (SSO)

SSO-300x112Introduction

Our School Ltd’s SSO service was originally set up in conjunction with an initiative led by the Ministry of Education (see http://www.iam.school.nz/, though the site is a little out of date).

Our School Ltd (OSL) has subsequently extended the original service significantly and we can now provide SSO integration not only for a school’s fixed (or wired) network but also for their wireless network and firewall, as well as an ever-increasing range of cloud services commonly used by schools.

There are many services already integrated into our SSO such as Google Apps, Office 365, Ultranet, Moodle, eTV, Oliver, ZenDesk, AccessIT, MyPortfolio, PCSchool, eTAP, Atomic Learning, ClickView and SumDog.  Most other services can also be readily integrated into our SAML-based SSO.

Reference schools for OSL’s SSO include Diocesan School for Girls, Macleans College, Albany Senior High, Rangitoto College, St Cuthbert’s College and Christchurch Girls’ High.


Deployment

The objective for SSO is to allow users to access as many school services as possible with the minimum number of authentications (logins) “at any time, from anywhere, with any device”.  In practice, this typically means that any user will log in just once per day and have access to all the school’s main services without needing to log in again till the next day (which is a recommended security precaution).

Typical steps in a rollout would include:

 • specification of the SSO project eg which services are to be initially included, how is user provisioning (ie identity attributes) to be handled, integration with wireless and/or firewall

 • installation of wildcard SSL certificate

 • the design of “welcome screen” for logging in  using school logo, etc – please see examples listed below

 • firewall pinhole

 • setting up of identity attributes in network directory (eg Active Directory) or preferably Our School’s User Management Engine, as well as in the individual cloud services

 • exchange of metadata with cloud service providers

 • optional deployment of Kerberos for single login on LAN-based machines

 • optional integration with wireless network

 • optional integration with firewall

 • in future, occasional addition of new services into SSO

In practice, there is a reasonably technical initial setup required but subsequently further services can be readily added into the school’s SSO


Example SSO Login Screens

Diocesan School for Girls

St Cuthbert’s College

Albany Senior High

Rangitoto College

Macleans College


Pricing

Our standard monthly charge is $99/month (ex GST) for a larger school and this caters for up to 4 cloud services such as Ultranet, a library system, etc.  Integration of SSO with a wireless network and/or the school’s firewall is separately priced.

Initial implementation (which will vary depending on, for example, whether SSO is being linked to the school’s network directory such as AD or to OSL’s User Management Engine) and any moves/add/changes are done at our standard hourly rate.