© 2018 Capita Business Services Ltd. All rights reserved.
Capita Education Software Solutions is a trading name of Capita Business Services Ltd. Our Registered office is 30 Berners Street, London, W1T 3LR and our registered number is 02299747. Further information about Capita plc can be found in our legal statement.
Work in Progress
SIMS ID Identity Management offers an industry standard identity platform based on Identity Server. This then offers OAuth 2 and potentially other identity challenge services which are available to TIs.
Why Might SIMS ID offer a good identity platform for TIs
In essence SIMS has an GUID external ID for all people within the school's system, If your application needs to know:
Then SIMS ID has potential. If you also know that a the group of users uses SIMS ID to log in to other ESS products or TI products that use SIMS ID for identity then there is the added potential for single sign on. Often staff at a school have a SIMS ID login, many parents also have a SIMS ID login but fewer students have one because there are fewer applications currenly available for students. In addition, many student centred apps may have a lower security threshold requirement, for example a library log in may only need a PIN and at that point SIMS ID may be overkill for that need.
Each vendor needs to work out if SIMS ID is appropriate. ESS are happy to provide guidance on the features and implementation but would leave the decision on suitability to the TI.
There are 2 models of permission management:
Even for the blanket model, additional API calls may be required to obtain further data from SIMS which will incur per school charges. It is only if the 'member of the school' test is sufficient for example a school internal news site where additional data needs can be avoided.
Discrete, typically requires a list of staff / students / parents which require additional API calls which would incur per school charges.
SIMS ID does not manage permissions for third party applications!
SIMS ID can support:
Please note that when multiple identity plaforms are allowed, SIMS ID users must always login with their chosen 3rd party IDP. If the user forgets and say choose Apple initially and then tries to use their Microsoft ID to login second time then the login will fail even if their Microsoft claims are validated.
TIs may use invitaion APIs to create users but they must be people within the school and must use the external ID of the person in SIMS as their core ID.
The invitation flow includes the user setting up self help for password recovery. It also adds the user to the list of users in the school. Schools can access this list and do day to day maintenance including password resets.
Additionally, ESS are unable to help your customers with questions relating to your application of the form 'I'm logged in as <user>' and I can / can't do <thing>, or obviously any questions relating to your application or service.