OEDSA Confusion Regarding EMISFFE, IdM and AD??

Today I received an email saying (slightly paraphrased): 

Can you please send out an clarification explaining the use of IDM with EMISFFE and use of Active Directory for student packages? Somewhere in the OEDSA presentation some of the ITCs got the idea they had to ditch Active Directory and had to switch to IDM  for everything. At least one ITC on yesterdays ODE/ITC call had already starting changing everything to IDM.  When questioned, they claimed at OEDSA they were told they could not use anything but IDM.

Apparently, this confusion is being attributed to something I said at OESDA.  Nothing I said at OEDSA should have been construed as requiring ITC's to use IdM "for everything".

What I recall saying is:

  • The "Flat File Editor" (EMISFFE) will require an IdM account provisioned for the new "LEA Editor" role.
  • If you're using Active Directory for VRF (Data Collector) authentication (LEA Submitter, LEA Collector LEA Reviewer), then:
    1. The subset of users that need the FFE will also need an IdM account. 
    2. Most users will not need FFE and so won't need an IdM account.
  • The SSDT is working with the James Group on the synchronization between ITC Active Directories and the IdM.  When ITC's AD's are synchronized with IdM, the duplciate account will no longer be required.

 Hopefully, this is clear enough. If not, please comment here or send me an email.

Comments

IdM for CC & CJ record types.

There has not been much information provided on the IdM system and its use with EMIS-R. I understand what you are saying but it does not clarify a comment someone else had made during the meeting. The comment was that everyone would eventually need an IdM account for the CC and CJ record types. This comment was made in response to when I surmised that we can stay on AD if our VRF is already configured that way and everything is running fine until such a time something else requires we use IdM. Is this correct? If so, then it would appear to make sense to switch our VRF Data Collector over to use IdM now. Thanks.

Who is "Everyone"?

Let's work on the phrase "everyone would eventually need an IdM account for the CC and CJ record types".  If I said that out loud, what I meant was "each district".   If the district has no other means of producing a CC/CJ record, then someone in each district will need access to the EMISFFE.   That "somone" may be exactly one person per district.  There is no reason to move all the district's users into IdM just because one of them needs an IdM account.  You can just create a (perhaps temporary) IdM account for those who actually need it.

Next, we are dealing with two temporary situations:

  1. Support for CC and CJ is going to be added to USPS.  So in the future, the "everyone" may drop to zero if the district is using USPS and has no other need for FFE.
  2. The IdM project is working towards AD synchronization.  When/if your ITC's AD is synched with IdM, you'll be able to create AD accounts that will automatically become IdM accounts.   This will satisfy the FFE requirement to have an IdM account.

What I don't know is your ITC's plans for AD verses IdM.  If your ITC is planning on sticking with AD and will synch with IdM when it becomes available, then I'd suggest you stay with AD now and only create IdM accounts for users who need FFE. But if your ITC is not planning on synching your AD with IdM, then IdM may be your best choice now and you might want to go ahead and move everyone to IdM now.

-djs

Thanks

Thanks Dave for the additional clarification, it makes more sense now. I am not sure yet what our plans for AD are right now. So I will just stay with AD and create IdM accounts for those needing FFE. The communication I had received made it seem like ITCs needed to switch the Data Collector to IdM now. I should say the "phrase" we have been talking about did not come from you. It came from someone during Monday's ODE/ITC EMIS-R conference call.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.