[ASPEN] Cloud Hosted/Aspen

[pbainbridge]

For those who have Aspen/Cloud hosted MIS are you using 2 factor authentication? Obviously a local server/client/LAN setup doesn't require this but accessing childrens details over http or https: certainly should.

[GREED]

Interestingly enough we are working with a client who uses 2 factor authentication to limit access outside the LAN, inside the LAN does not use it. The method puts Aspen one step removed from the web with the 2 factor authentication layer providing the buffer.

I would say however that before this thread begins any potential scare mongering, remember every MIS out there provides web access in some form to parents and often staff, while it should be considered it is Definately not being implemented in a vast number of schools. LAs often do provide this to their hosted schools.

[pbainbridge]

It was meant to be a question, not a statement. I realise that many LAs don't do 2 factor authentication although at Newcastle it's mandatory, the result of a security review a few years back. All our schools staff who want remote access use fobs/pins + username/password to access schools systems.

I was just wondering how a hosted web system coped with that scenario.

[GREED]

Apologies I was too hasty in my original response, so I edited!!

So the client we are working with has the same set up, and Aspen sits inside the 'firewall' for want of a better term, and the authentication into the network occurs first (through web browser) before forwarding as appropriate to Aspen. So the authentication to the LA systems occurs first using whatever you have already, and then into aspen as a separate step.

In the same way as mentioned the location can determine how this is handled as well as inbuilt features in aspen that presents alternative permissions if located outside of the network!

Aspen integrates with AD and can authenticate with AD so utilising SaSO.