At the request of one of our school network managers, I updated the account management system this week to allow managing teachers to restrict all logins to SSO and to disable API access across the organisation. Enabling these options will require all users to log in via SSO using their organisational or school account. Standard username and password logins will no longer be permitted, and access to API reporting will be disabled.
These options are both optional. If they are not disabled (which is the default setting), features will continue to work as they currently do.
Many schools are already using SSO for logins, so enabling this should make no difference for those users. However, if it is enabled, all users in the organisation must have a valid organisational email address attached to their account in order to log in.
Teachers can add email addresses to student accounts using the “Manage Students” option, and account managers can add or update teachers’ email addresses if needed.
When SSO is enforced, it may add some friction to the sign-up process for teachers and the account creation process for students, as all users must have an organisational email address linked to their account.
For teachers signing up students, school email addresses must be added during the account creation process when SSO is enforced.
For teachers joining an organisation, you must either create your account using the Google or Microsoft sign-in option, or log in at least once using your Google or Microsoft account before attempting to join the organisation.
Managers can find the option to enforce SSO on the “Manage Account” page.
In the “Manage Account” settings, API access can now also be disabled. Doing so will immediately remove access to the API and prevent it from retrieving any reports.
For most teachers, these changes are not necessary. I already heavily restrict account access and creation, and teachers have a good level of control over how they and their students access their accounts. The amount of data stored internally is also minimal. However, if needed, these options are now available to be enabled.
Leave a Reply