Many school districts and even some higher-learning institutions have their technological infrastructure run by a skeleton crew due to things such as politics and budgetary constraints. Situations such as this can often lead to many issues within the organization:
- Lack of network resources for end users
- Inability to properly support end users and systems
- No time to research and implement newer technology
This causes frustrated overworked admins to think outside the box and turn to other solutions, such as software-based, automated or semi-automated identity management.
Automated account management solutions and workflow management can help school districts take the day-to-day provisioning tasks off of their plate so they can focus on other aspects of managing the environment, as well as researching and implementing new projects for the school.
Most, if not all schools have some sort of student information system (SIS) in place such as PowerSchool. With an automated account management solution you can create a schedule and automate the routine that queries data within the SIS as well as user data in Active Directory. These two datasets are compared and deltas are produced. With these deltas, the solution can provision users as follows:
- Create new active directory user
- Update existing active directory user
- Disable user in active directory
- Enable user in active directory
- Delete user in active directory
Additionally, each of these provisioning subroutines can be extended to provision within other systems such as Exchange, Google, Office 365, intranet portals, and the list goes on.
Partially Automated Provisioning
A rather common scenario we run across is that a school system will want provisioning as described above, but with a caveat. That being, when a new student enters the system they should be provisioned, but they should not have network access until they (or their parent or guardian) agree to an acceptable use policy (AUP).
This scenario is handled just as automated provisioning is with one difference – the new student account is created in a disabled state in active directory. Workflow management then comes into play in that the AUP form is web based within the WFM portal. The user or parent/guardian is directed to this AUP web form, and upon agreeing to the terms therein, the active directory account for the end user is enabled in active directory, and all provisioned resources are now available.