SSO and Mac Login Window Authentication beta is now available
How identity management can help schools safely save time in Apple deployment

How identity management can help schools safely save time in Apple deployment

Mosyle Team
written by Mosyle Team

Twitter
Linkedin
Create my account

When it comes to device deployment at schools, you may be tasked with managing anywhere between hundreds and thousands of devices. Whether your end-users are teacher or students, your main goal is give them access to knowledge and educational resources such as apps and books as quickly as possible without making them jump through hoops.

Setting up devices can be one of the most time-consuming aspects of device deployment, and can slow down progress in the classroom especially when teachers and students are asked to complete multiple logins during the short time they have in the classroom.

To reduce the time spent on setting up users, giving access to specific apps and user authentication, mobile device management solutions have started incorporating aspects of identity management.

In this article, we’ll go over what identity management is, the different types of user authentication options and how identity management solutions can help your school by enhancing the user experience safely and securely.

What is identity management for K-12 schools

Identity management improves the user experience in many ways, not just by eliminating the need to log in more than once. When a user logs in to a system, their user credentials must be authenticated before they can access certain information. Identity management is a form of user authentication used for allowing access to people who have been given permissions to parts of a system. This way, they can access specific apps or networks based on their identity credentials.

Identity management is used for onboarding and offboarding users, or in the case of K-12 schools, adding and removing teachers/students to have access to different resources. This process can take a long time as it requires that certain users are given certain permissions depending on their role.

An extra layer of added security is another benefit of an identity manager. By giving you control over who has access to what, you are protecting important user information that is associated with your school and its is one of the biggest benefits of using a mobile device management solution that has a built-in identity management feature. An important aspect of identity management is the integral role identity providers play.

What is an identity provider

An identity provider (IdP) is used to authenticate users and is what gives you easy access to certain parts of a system or application. For example, when you see “sign-in with Google,” you are using an IdP - in this case it’s Google. Identity providers are seen as trusted providers and is key to using the single sign-on method.

When it comes to device management, some solutions provides built-in identity management features that can better help K-12 schools according to their specific needs. For example, Mosyle offers Mosyle Auth that allows you to add user accounts for Mac computers using certain identity providers and has an enhanced Mac login screen window. Below are some examples of identity providers that can be integrated with Mosyle Auth to making singing on an even easier process.

Google Account (G-Suite)

G-Suite is a cloud computing service that offers Gmail, Drive, Calendar and more! When you use G-Suite as an identity provider, you can log in using your Google credentials.

Microsoft Account (Azure AD and Office 365)

Azure AD is Microsoft’s cloud-based identity service. You can use your Microsoft account credentials to log in if you use Azure AD/Office 365 as your identity provider.

AD Federation Services (AD FS)

Active Directory Federation Services is used to authenticate users and was created by Microsoft to work with Single Sign-On.

LDAP Active Directory

Lightweight Directory Access Protocol (LDAP) works with Active Directory to authenticate users by using LDAP servers.

On-Premise Active Directory

This type of AD is a local server that does not allow access to public servers. On-premise active directory only works with Mosyle Auth.

Using identity management in education can help keep both teachers and students safe. It reduces the risk of a security breach, especially with single-sign on. Identity management also improves user experience by being an effective solution that simplifies teacher and student login workflows.

Since we're speaking about Apple deployment, it's also critical to highlight the possibility of using federated identity when integrating the identity service provider with the Apple School Manager. There are a couple of differences between the usual Single Sign-On and the Federated Identity that we will briefly explain.

Single Sign-On Option

Single Sign-On (SSO) allows users to access multiple parts of a system with a unified login that eliminates the need to log in each time while allowing access easily and securely. When you initially log in to the web based portal that has SSO activated, you can access tools, apps, softwares and configurations that are part of that system. You can set up Single Sign-On for your mobile device management solution like Mosyle Manager, which is available on iOS and macOS devices.

Federated Identity with Apple School Manager (ASM)

Federated identity allows access to multiple systems using one login once integrated with the identity provider. In this case, identities are stored within identity providers and are added to Apple School Manager (ASM), which combines the Device Enrollment Program (DEP) and Apple’s Apps and Books.

DEP allows you to easily deploy and configure your Apple devices. Once the identities are added, the Managed Apple IDs can created and be integrated with an MDM solution, such as our educational MDM called Mosyle Manager.

Managed Apple IDs are Apple IDs that are made especially for educational institutions. Using this, you can add students, teachers and staff in bulk while restricting access to certain aspects. Learn more about Managed Apple IDs here.

Using an identity management solution is key to creating an enhanced user experience through a seamless login experience for teachers, students and IT specialists.

You can save time on setting up user authentication and reduce costs by investing in identity management, especially when you find a mobile device management solution that has a built-in identity management feature. We just launched SSO and Mosyle Auth for Mosyle Manager, the most cost-effective solution on the market!

Discover the most cost-effective MDM solution for schools

Learn more about the plan that better fits your school or district’s budget

2019 Mosyle™ Corporation |  Trusted by 10,000+ educational institutions across the globe