SDK : Integrating with SIMS ID
Intended Audience
The SDK information is aimed at development teams from 3rd party integrators, content providers and Capita development teams.
Document Purpose.
This document provides information on the capabilities of the SIMS ID product from the perspective of how it may be utilised by other development and project teams. It details how they may benefit from a consolidated user authentication service that is common to end users across a range of Capita products. It also provides details on how development teams may use this service to accelerate their adoption of Identity Management services.
- 1. Intended Audience
- 2. Document Purpose.
- 3. Why use Identity Management from SIMS ID?
- 4. Identity Management – the Capita SIMS Approach
- 5. SIMS ID Design Structure.
- 6. Integrating with SIMS ID.
- 7. Ways to Integrate
- 8. Support for SIMS ID Partners
- 9. Benefits of being a SIMS ID Partner
- 10. The importance of partnering.
Why use Identity Management from SIMS ID?
Available to all SIMS customers with no annual charge, SIMS ID is at the heart of Capita SIMS identity and authentication approach for SIMS and SIMS Partner products, providing a single identity per user that spans all products making access simple for the user. SIMS ID allows schools to automatically provision users to Google and Microsoft Office 365 from their SIMS Data
Identity Management – the Capita SIMS Approach
Capita believes that Identity Management (IdM) is fundamental to security when providing access to multiple disparate applications, and is central to the user experience being simple and positive.
At the heart of Capita’s approach to Identity Management is SIMS ID. SIMS ID is Capita’s flagship product for Identity Lifecycle Management, Authentication and Single Sign-On. Sitting as a key component in Capita’s ‘Next Generation’ education products, SIMS ID is also available direct to SIMS 7 customers.
Security is at the heart of SIMS ID automatically extracting data from SIMS. Without the need to run reports or extracts, SIMS ID lets your data empower your staff and pupils to access a range of services. Based on the latest identity management technologies, SIMS ID creates a single identity for each user that is provisioned into the Identity Management solution. This data is then used to provision: * Capita Online Services * selected cloud services such as MS Office 365 and/or Google Apps. * Integrated Partner Applications Furthermore the data is made available, under the schools' control, to agreed partners via two Web Based APIs: * A restful provisioning API *An IMS Global One Roster API
Passwords are often the weak link in any system security. SIMS ID aids in keeping school data secure by and reducing administration by allowing partners to utilise Single Sign On from SIMS ID.
The SIMS ID provisioning route
Figure 1- SIMS ID user and data provisioning
SIMS ID Design Structure.
From an integration stance there are three elements to SIMS ID * The STS - responsible for authentication and SSO * The Data Provisioning agents / Data exchange APIs * The Tile Store User Interface
STS
Based on an implementation of Identity Server, the SIMS ID STS service provides single sign-on and access control for modern web applications and APIs using protocols like OpenID Connect and OAUTH 2.0. It supports a wide range of clients like mobile, web, SPAs and desktop applications and is extensible to allow integration in new and existing architectures. The SIMS ID implementation is extended to provide a range of authentication sources, as well as extending SSO protocols to include Shibboleth, which is commonly used in the education and academic technology space. SIMS ID is a registered provider with the UK Access Management Federation.
Provisioning Agents and Data Exchange APIs
In addition to the provisioning and data exchange elements of OAUTH and the Edu Person specification leveraged through open standards such as Shibboleth and the SAML 2.0 interactions. SIMS ID has a number of extensible provisioning agents & APIS. This allows for provisioning to Active Directory, Office 365 and Google Applications; work is also currently underway on MS SDS to support MS Classroom. Where specific provision requirements are necessary, SIMS ID has a range of methods to call 3rd party scripts, APIs and applications.
Tile store interface
For Single Sing On SIMS ID can operate in two modes: Headless and UI based. Where a partner wishes to use the UI based approach (this can be in addition to headless) a partner tile is made available to sites taking the partner service to allow application launching from within the SIMS ID User Interface. The underlying technologies are identical but the user journey is different.
Integrating with SIMS ID.
There is a range of integration options available with SIMS ID. Some are easily implemented, OAuth for example, however, others require a little more discussion. Here at SIMS ID, we are always happy to discuss options to make it easy to integrate your application with our platform. We classify the two main types of integration as Authentication & SSO and User Provisioning
Ways to Integrate
Integration can be achieved through SSO routes and SSO and Provisioning routes
Authentication & SSO
Provisioning and Data Exchange Integration
What data sources are available to SIMS ID?
SIMS ID provides automated data integration from SIMS 7 both on-premise and centrally hosted as well as SIMS Primary. Partners with core data needs can integrate with SIMS ID as a single data point integration and receive data from schools on SIMS 7 and SIMS Primary.
Where highly rich data is required then a direct integration with SIMS 7 'business objects' and the SIMS 8 (SIMS Primary) Partner APIs will still be required.
A Stable Integration Platform
Providing a safe stable integration environment is important to allow partners to integrate. Find out about the SIMS ID integration platform
Support for SIMS ID Partners
SIMS ID Partners may raise a support case by emailing simsidteam@capita.co.uk putting SIMS ID PARTNER SUPPORT at the beginning of the ‘subject’ line.
Please include full details and where appropriate to enable replication.
Please do not include any ‘keys’, ‘secrets’ or personal identifying data in any email communications with Capita SIMS ID.
Benefits of being a SIMS ID Partner
Simplified sign on to your application for your customers through SIMS ID
No passwords to manage
No password reset support calls
Secure standards-based technologies
Reduced user admin for your customers
- Simple user provisioning direct from SIMS ID, with this data drawn directly from School MIS systems
Schools know your product is available through SIMS ID
Your application tile available to ALL or restricted sets of SIMS ID schools.
Licence management options to deploy your application tile to known customers
Authentication of users to your application
You control the sale and the revenue
- Unlike other app stores you control the sales process.
Data from the best source of truth
Access to additional user attributes direct from SIMS ID, with this data drawn directly fr, m the school MIS systems – for example registration group data
SIMS ID takes its data directly from school MIS systems: SIMS Hosted and SIMS in schools. Other manufacturer’s MIS systems can also be supported
The ability to display the ‘Log in with SIMS ID’ logo and SIMS ID Partner Logos
- informing your customer base that they can simply work with your product through SIMS ID
Joint marketing opportunities.
The importance of partnering.
We believe our partners are key to our future success. Whether you are a service provider, systems integrator, independent education software vendor, reseller or other types of technology provider, we want to work with you to provide solutions that enhance our customers' system.
SIMS ID is one aspect of partnering with Capita SIMS see the main Capita SIMS Partner Sitefor additional options.
SDK Main Page | Authentication & SSO | Provisioning Integration | SIMS ID a stable integration platform