Security Concepts for Student Management Users

Sue Pike Deer Park ISD 2014 TSUG

2

Security philosophy

 Who will be assigning Security Permissions  If it is more than one person…..they all need to share the same philosophy  --example…..during conversion we had one helper who decided to give everyone the 000 school rather than assign the correct specific schools. Their thought was so we would not have questions. My thought is I would rather get the question and set it up right.

 I created an Inquiry group which fits any user in Deer Park This is considered my base group…..this is the basic student view. All new users get this group. Then I add additional permission groups based on what they do.

There are some users who only get that one basic student view permission.

 However you set up your security layers – your security file needs to be able to grow with you. You will be making changes!

 Adding Security Groups  Menu Path is:

Product Setup – Skyward Contact Access – Security – Security Groups – Web Student Management

3  Decide the entity  Assign the ID and description…. -do not try to get fancy – just be direct and to the point

4 With your new security group highlighted, click the Edit Security Groups button.

….now begin the process of adding the permissions for that group For the items that you want to assign…..think about where they live in the software. Then follow that “path” in the edit security screen.

Select your item(s) and then click the Assign Selected button

5 The example below shows permissions to the course master

6  Once you get your new security group created – TEST this against a user account.

I have an account created under my name that is used strictly for this purpose……constantly changing the group(s) assigned.

 Once your new security group is all good…..then clone that to the other entities

7  You have 3 User Cloning options – I use the first option the most  The bottom section is where you select the entities to clone this new security group

8  You can use the Clone to Other Group IDs if you need to update an existing security group  As changes occur in the software or as an existing security group grows, you will need to update an existing security group.

---you can edit an existing security group and then clone that to the other entities (if you want you can also manually update that particular security group in each entity) ---I use a high school and a junior high and an elementary as my “master” security groups. I update my “master” and then clone to other entities.

9  Update the security group with the necessary changes  Test those changes against a user account  Then use the Clone to Other Group IDs  Scroll to each Entity and Security Group to be updated  Notice the bottom section….you can create a new group and clone in this same utility (in the same entity)

10  Don’t forget to assign the new security group to the necessary users (if you are not seeing any changes when you look at your tester account…..make sure you have assigned the security group!!)  You can use the Select buttons on the right or the Select links on the expanded user screens   Are you assigning various permissions for one or two Entities? Then select the Select Groups by Entity Are you assigning the Inquiry permission for all entities to your diagnostician? Then select the Select Groups by Group ID

11    You can also add users to the Security Group instead Click the Users button –   --you can search for the single person to add --you can use the Filter to find a certain group of users – example: I have “online” accounts for online registration – so you can use the Select All Users button There is an option on this screen so you can see “who” is assigned to that security group…….check the option of “only show users that are currently selected for this group

12 These are the Security Groups that we have created per entity

13

Staff import to create users

 This session was Monday  Presenter……

*You can also set up LDAP configuration so users follow your Active Directory

14 Adding Users  You can simply add users to the Secured User screen  But there are certain users who you need to also add to the Staff file (teachers and discipline officers) For these users, I add them to the Staff file first This then automatically creates a Secured User account --the default password will be applied --you do need to add security group permissions **Users have to be in the Staff file for your Nurses to add “Office Visits” for them.

15 The “add” process will walk you through the following screens ----for both the Secured User and the Staff screens

16 Secured User screen – Edit button --If you have a default password set up, that will automatically be used when you add a user --If you hit the Generate button a random password will be created --Or you can manually enter whatever password you want to assign If you want to use the button – “Save and Email Account Reset Link” ….(maybe after unlocking an account but not changing the password). The Menu Path to setup this email is: Product Setup – Contact Access – Security – Setup

– Configuration – Email Setup for Employees/Users

17 Staff screen The Teacher and Discipline Officer options are on the Staff – Edit screen Staff Entity option…..watch where you “sit” when adding a user to the Staff file. That entity will be added to the Staff Entity section The 000 staff screen allows you to add additional entities to a user When you add users……pay attention to the AlphaKey The user may have multiple alphakeys depending on their security roles assigned. This may be your troubleshooting fix if a user has teacher security group permissions and is assigned to a class section….but when they log in it says that they have no classes

18 You can copy one user’s security group permissions to another user.

The Menu Path is: Product Setup – Contact Access

– Security – Setup – Utilities – Clone User Security

19 Login and Password Setup for Secured Users The Menu Path is: Product Setup – Contact Access

– Security – Setup – Configuration – Auto Generate Logins and Passwords - Employees

20 Login and Password Setup for Students The Menu Path is: Product Setup – Contact Access – Security – Setup –

Configuration – Auto Generate Logins and Passwords - Students

21 Login and Password Setup for Guardians The Menu Path is: Product Setup – Contact Access – Security – Setup –

Configuration – Auto Generate Logins and Passwords - Guardians

22

23

Internal/External vs Internal

 When you create a Security Group…..you have the option to make this available in and out of your network or to only make this info available when the user is accessing Skyward through your network.

 I use this for student accounts….such as our journalism students

24 Secured User screen  Log button – this will show a few change items on a user

 Login history will show the following info --expand the user line to find the login history 25 Secured User screen

26

User Tracking

Menu Path is: Product Setup – Contact Access – Contact Access – User Tracking Change the “View” to see different configurations of the User Tracking information I use the “funnel” to filter what I see on this screen

27 The picture below shows a portion of the User Tracking screen

Super User Account

28 A super user account is a user who has “System Wide Access” You do not assign security group permissions to a super user…..they automatically have full access Or give system wide access by area rather than to the entire system

29

Super User Log

 This log shows who has been hitting the “web login” button  Menu path is:

Product Setup – Contact Access – Super User – Super User Log

You can see: --the super user person --who they web logged in --as what role :

account picture shows logging in to a secured user account and a family

30

Super User Log

 Do you want to see if other super users are web logging in to your account?

Create a web filter for your name/account

31 When removing permissions…. you can use the Select Groups by Entity option. Then use the Unselect All Groups to remove any permission assigned to that entity You can remove the 041 permissions for this user in two clicks

32

Inactive Users

 You can send the reports of an inactive user to the new user taking that position  Report card template acted weird for me though The Menu Path is: Product Setup – Contact Access – Security – Setup –

Utilities – Inactive User Report Cleanup

33 A list of all the reports for that inactive user will display **Skyward templates are also in the list if you choose the Check All Select the reports you want to copy to the new user Click the “Transfer Selected Reports” button – on this screen you will enter the user to whom the reports will be transferred

34

Teacher Passwords at the beginning of the year

--Early August I send all of the teachers an email with a password reset link if they don’t remember their Skyward password --Also an easy way to send the new teachers their password  This requires 2 steps 1 st – set up the email message 2 nd – run the email utility The Menu Path is: Product Setup –

Contact Access – Security – Setup – Configuration – Email Setup for Employees/Users

The Menu Path is: Product Setup –

Contact Access – Security – Setup – Utilities – Security User Utilities – Mass Email Account Info

35 1 st step – Create the email message The Menu Path is: Product Setup – Contact Access – Security – Setup –

Configuration – Email Setup for Employees/Users

36 You can preview your email message before running the utility

37 2 nd step – Create and run the email utility The Menu Path is: Product Setup – Contact Access – Security – Setup – Utilities

– Security User Utilities – Mass Email Account Info

38

Alternate teachers

 When the campuses add Alternate teachers to Sections….. You need to give those users EA+/Teacher security group permissions Sometimes these Alternate teachers are special ed aides. Since they don’t take attendance…..they may not be set up with teacher permissions when their Skyward account is created.

39

Activities and Teachers

 When you assign Activity permissions to teachers….you need to give them their entity Activity permissions along with 000 Activity permissions.

40

Custom Forms and Teachers

 The “distributed” fields are not viewable fields for the teachers. So instead create a custom form that contains the distributed fields. Then give your teachers security permissions to that custom form.

1 st – create the custom form 2 nd – check the option of secure the form 3 rd – add the teacher group for each entity 4 th – edit the security levels from 5 to 1

41

Create the custom form

--menu path is: Student - Setup – Configuration – Custom Forms Setup

42 Edit the Custom Screen and check the option to “Secure Screen” Then click the Set Security Groups button…..check all of the teacher groups

43 Custom Form Security The security levels default to 5 – 5. To edit this go to the Custom Form Security link Expand the teacher security group Edit the Screens section

44 Teachers will now see a Custom Forms link when viewing “Student” info They can view per student or they can print for an entire class

45

Touch Monitors/Wanding Device

 We use the touch monitors for the following student check-in screens --nurse office visits --counselor office visits --discipline office visits  We use the Wanding Device screen for our tardy stations ---The security screens and sample student check-in screens are on the following slides.

The check in reasons are entered…… Office

– Guidance – Setup – Codes – Office Visit Reasons

46 Touch Monitor Counselor Office (guidance)

The check in reasons are entered…… Office

– Discipline – Office Visit – Setup – Codes – Reason Codes

47 Touch Monitor AP Office (Discipline)

The check in reasons are entered…… Office

– (health) Office Visits – Setup – Codes – Office Visit Reasons

48 Touch Monitor Clinic (Health Office Visits)

49 Tardy Station

50 Gradebook Tracker  The Course/Section field becomes a link on the Current Schedule screen and/or the Grades screen.

Can see that the Course/Section field is a link since the cursor is a hand rather than an arrow A new window opens containing lots of info about that class. But that VIEW GRADEBOOK button will allow the user to open the teacher’s gradebook in “view mode”.

The Course/Section field acts the same way on both the Current Scheduling screen and on the Grades screen.

51 Gradebook Tracker….

 Security Group permissions to make the Course/Section field a link

52

Miscellaneous

 Data mining --- When you assign Data Mining to a security group, make sure you assign this as a 4 so all users can Add and Edit and Delete their own data mining reports

53

Miscellaneous

 Create a user account for testing permissions  Also use this user account for creating how to docs……the choices that would show in your screen shots are more similar to what everyone has versus what your super user account has

54

Lock Users

The Lock User is a utility The Menu Path is: Product Setup – System Admin – System Admin – Utilities

55

Family Access username and password

  We have the option selected to Keep the Family Access login/password separate from their secured user info The Menu Path is : (Student Management ) Families - Family Access - Setup – Configuration – District User Settings   We checked that setting several years ago…..so that “show the Family Access Alias setup screen” has come and gone for us This August I had several users who could log into Skyward secured user for their work but could not log in to their Family Access account….so I started the investigation…..

56

This was affecting the users who worked for the district and also had a child in the district

When I looked at their Secured User screen…..everything looked fine. But any changes here would only change their Secured User information.

When I looked at their Web Access screen at their child’s entity…..I saw that red message. (The Family/Guardian screen did not show any of this.) But I could not see any information nor could I change any information.

57 The only way to make a change was to Web Login to their secured user account.

Then I could see their Family Access Login (but cannot change it) Then I could change their Family Access Password

58

Family Access - removing access to just one child

   We have Open Enrollment with an annual renewal This August, I encountered an open enrollment parent who had multiple children in the district. One of the children had their Open Enrollment revoked. But the other was still in the district. Normally we uncheck the Family Access option and change their password to “OE denied”.

However, in this case…..I went to the Family Access Users screen. Then selected the student whose Open Enrollment was revoked and changed the Disabled to Yes.

59  Custom Forms security     Student – Setup – Configuration Custom Form setup link Secure screen Select group     Now go to Custom Form Security link Screens Edit Enter access

Instead I have added Custom Form as a security group and then assign to users The ones who make changes to the custom form are basically the same group of people for all forms.

Security Reports

60 I do run the User Report during August to look for any new user who I have forgotten to add permissions.

61  Release notes – look over the menu path updates  After major release – go to your basic INQ account and double check the look/permissions (example: The security to the social security field was under change for awhile…..had to make changes as I felt the changes in the releases/addendums)

62 Feel free to contact me if you have any questions or would like additional information: Sue Pike Director of Information Services Deer Park ISD 832-435-5707 [email protected]