Jump to content

Parental Access to Serco ePortal - what are you doing?

jjenkins

By jjenkins
in MIS Systems

 Share

How is Serco's ePortal implemented at your school?  

14 members have voted

  1. 1. How is Serco's ePortal implemented at your school?

    • Two Factor Authentication
      1
    • Single Sign On
      2
    • SSL
      4
    • No SSL
      1
    • SSL via ISA
      4
    • Other
      0
    • Don't care
      2

Recommended Posts

jjenkins

jjenkins

Posted
Posted (edited)

We already have Serco's ePortal in school, secure web published via ISA 2k6, with secure SSL certificate.

 

Our local authority are requesting that we use Two-Factor authentication rather than just the Serco username and password to provide Parental Access for Autumn 2010 Implementation. Due to rules with our local authority, that now connect to Government Connect (GSX network), they have recommended and stipulated that we use Two-Factor authentication. It's possible that they'll provide the funding, so cost may not be a factor here. (yes, we know that could mean a big bill for the authority, if all 1900 parents, get an RSA SecureID fob in the mail, renewalable every three-five years).

 

What are other schools doing?, as far as security and authentication, two factor authentication is concerned, and how to integrate into ePortal with ISA 2k6?

Edited by jjenkins
typo - grammar!
steveej1

steveej1

Posted
Posted

We are working with a number of schools to provide a Sharepoint Learning Platform with links back to CMIS (for reporting and parental access etc.)

 

Any advice I have seen (e.g. from Becta) suggests that parents don't need to have 2 factor authentication. The only time this should be required is for teachers who have remote access to multiple pupil records.

 

I can imagine that trying to provide this to parents would not just have a cost in terms of providing the fobs but would also be a huge admin overhead (e.g. lost/replacement fobs, technical assistance on how to use and issues with synchronisation etc.) Are you sure that the LA are mandating this for parental access?

 

Steve

Novotronix Ltd

matt40k

matt40k

Posted
Posted

The LA should have the schools network cut off from the corporate network, and any connections held at arms length by a pretty firewall which is behind another firewall thus the schools are free from the GCSX\CoCo requirements.

 

Two type for parental I think was at best, a recommendation, for staff a must - at least that's what I understood Becta was saying.

 

Like Steve said, the cost would be extremely high, especially in this climate.

mbyrew

mbyrew

Posted
Posted
We use CMIS ePortal here (currently) to provide parents with a view of their childs data. This is accessed via an ISA server and authenticated by AD username and password. The same credentials are used within ePortal as SSO is enabled and active. If you follow the BECTA recommendations you should reach the conclusion that parental access only grants access to individual sets of details and not bulk or whole school records, therefore two factor authentication does not need to be applied.
jjenkins

jjenkins

Posted
  • Author
Posted
The LA should have the schools network cut off from the corporate network, and any connections held at arms length by a pretty firewall which is behind another firewall thus the schools are free from the GCSX\CoCo requirements.

 

Two type for parental I think was at best, a recommendation, for staff a must - at least that's what I understood Becta was saying.

 

Like Steve said, the cost would be extremely high, especially in this climate.

 

So with ePortal how do you turn-on two-factor for staff and none for parents?

jjenkins

jjenkins

Posted
  • Author
Posted
the example, that our LA stated, was if the student found his/her parents username and password, the student would be able to logon and view their records. If the parent had the fob on their keyring, they would not be able to do this, there is an agrument, that they could also obtain the fob as well.
RobFuller

RobFuller

Posted
Posted (edited)

We use FreeRADIUS with our ISA firewall, everyone has AD accounts but then we issue our users with passcodes for home use. Including parents & students, staff we use a known number (to them). These passcodes are controlled by us and cannot match their AD passwords.

Not perfect I know but adds another layer and totally free, better than nothing and we all know how weak peoples passwords can be even with rules in place. I dread to think managing remote keys to staff let alone parents.

 

If you are serious about secure keys, have a look at these , I had some demo unit shipped over and they were very impressive. Very strong with no batteries to replace and a low unit cost. Their software plugged right into ISA and allows you choose if you wanted certain users to use keys or not (surprising not a common feature I found) AuthLite

Edited by RobFuller

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


×
×
  • Create New...