Secure User Information methods:
SchoolFront offers many different methods to secure user account information. The following is a breakdown of the options with pros and cons.
These security selections can be configured differently for existing employees, new employees and students/ families.
|
Login & Password Storage |
Pros |
Cons |
|
SchoolFront Usernames and Unencrypted Passwords
How to Configure |
Simplified communication of passwords to users at all times, even if they have changed their passwords. |
Least secure. Privileged users can see the passwords of other users. Disabling users delayed until feed from source financial platform if one exists, or until someone manually disables. |
|
SchoolFront Usernames and Encrypted Passwords
How to Configure |
No need to have Active Directory accounts for all users. A Level of protection to passwords after the user has changed their password. |
Forgot password process is more tedious for infrequent users. Disabling users delayed until feed from source financial platform if one exists, or until someone manually disables. |
|
Active Directory Federated Services (ADFS)
|
Most secure. Users will leverage the same username and password they use to login to their local windows device reducing help desk requests. Users will not be able to login to SchoolFront as soon as they are disabled in Active Directory. Possibility for true automated single sign on depending on workstation and browser configuration. |
Additional expense and requires you setup an ADFS proxy that is accessible to the internet. |
It is suggested that districts use a combination of SchoolFront Usernames with Encrypted Passwords and ADFS. During the onboarding process, SchoolFront will generate a password for the user using their personal email address as their username and when designated in the onboarding process, transition them to an Active Directory account.
For information on all ADFS configurations and other security measures, please click here