Entity Admin Additional Resources as of April 26, 2017 Entity administrators are ultimately responsible for ensuring that their users are able to take advantage of the convenience and security ADEConnect offers. By appropriately assigning application roles, entity admins permit users to access the ADE applications they need to do their work. Entity administrators also maintain the security of Parent Entity and ADE information by ensuring that users only have access to the applications and data they are authorized to see.
As we get more quick reference guides approved for publishing, you can find them here on this training page or can also be accessed from the Entity Admin FAQ page. They will always be the most up-to-date version of these available resources.
Once a Parent Entity is set up to use ADEConnect, administration of ALL users is delegated to and is fully managed by the Parent Entity. In other words, ADE trusts you to manage your own users. That means no more waiting for the ADE to add, modify, or delete user permissions – Parent Entities can make changes that take effect immediately. At present, ADEConnect operates according to two models: Access via the Student Information System (SIS and also known as Federated) and Direct Sign-on. The Student Information System model is the standard toward which ADE is moving.
Student Information System
ADE has been working with the SIS vendors in the state to add SAML 2.0 Identity Provider Services in their products. If a Parent Entity is using an ADEConnect-enabled SIS, users that are logged into that SIS can access ADE applications via single sign-on. The Entity administrator simply configures the SIS with the users’ AZDash application roles and other pertinent information. ADEConnect will validate that information and grant access to users. NOTE: If a user requires access to any other ADE Applications, the user account must be set up manually in the Entity Administration application with the appropriate entity access and ADE application roles by the Entity Administrator. Simply ensure the email address for the users are the same within the Entity Administration application and the SIS. This will ensure that all of the assigned ADE applications will display for the user on their ADEConnect home page when accessing ADEConnect via the SIS. For assistance, review the Entity Administrator training videos.
ADEConnect uses industry standard SAML 2.0. A list of SIS platforms and version numbers that have been tested with ADEConnect is maintained on this site. If your SIS is compatible and you have not already integrated ADEConnect, contact the ADE Support by phone (602-542-7378 / 866-577-9636) or email ([email protected]).
Secure-Socket-Layer (SSL) Enabled
Secure-Sockets-Layer (SSL) Enabled: SAML works by sending authentication and authorization information from your SIS to ADEConnect servers via the public Internet. In order to ensure that the authentication information sent by your SIS is secure and prevent unauthorized access to your data, ADEConnect requires your SIS to run with SSL enabled (i.e. the URLs to access your SIS must start with “https:”). If your SIS is not running with SSL enabled, please contact your vendor or ADE support for information on what you need to do to enable SSL.
Direct Sign-on Model
ADE verifies and grants a superuser at each Parent Entity, known as an “Entity Administrator,” full rights to an ADE application called the “Entity Administration Application.” Using this application, each Entity Administrator can add, modify or remove user accounts for all of the Related Organizations in their Parent Entity. Changes take effect immediately.
Users can access ADEConnect and the Entity Administration Application using any modern web browser.