SDK : Integrating with SIMS ID

Why use identityIdentity Management from SIMS ID?

Available to all SIMS customers with no annual charge, SIMS ID is at the heart of Capita SIMS identity and authentication approach for SIMS and SIMS Partner products, providing a single identity per user that spans all products making access simple for the user. SIMS ID allows schools to automatically provision users to Google and Microsoft Office 365 from their SIMS Data

Identity Management – the Capita SIMS Approach

Capita believes that Identity Management (IdM) is fundamental to security when providing access to multiple disparate applications, and is central to the user experience being simple and positive.

At the heart of Capita’s approach to Identity Management is SIMS ID. SIMS ID is Capita’s flagship product for Identity Lifecycle Management, Authentication and Single Sign-On. Sitting as a key component in Capita’s ‘Next Generation’ education products, SIMS ID is also available direct to SIMS 7 customers.

Security is at the heart of SIMS ID automatically extracting data from SIMS. Without the need to run reports or extracts, SIMS ID lets your data empower your staff and pupils to access a range of services. Based on the latest identity management technologies, SIMS ID creates a single identity for each user that is provisioned into ourthe Identity Management solution,solution. This alongdata withis then used to provision: * Capita Online Services * selected cloud services such as MS Office 365 and/or Google Apps. * ThisIntegrated Partner Applications Furthermore the data is donemade withoutavailable, under the needschools' control, to exposeagreed orpartners linkvia yourtwo localWeb networkBased toAPIs: * MicrosoftA orrestful Google,provisioning whilstAPI *An stillIMS allowingGlobal yourOne users toRoster access the full feature sets provided by these systems. Put simply, SIMS ID takes the user data you enter into SIMS as part of your normal working practice and automatically provides user accounts into your local AD, central AD and selected cloud services, with minimal delay and no fuss.

SIMS ID is also capable of synchronising group memberships (e.g. MIS classes) and other data (e.g. MIS timetables) with integrated systems in order to synchronise sites, distribution lists and providing the option for timetables to be displayed directly into Google or Office 365 calendars.API

Passwords are often the weak link in any system security. SIMS ID aids in keeping yourschool data secure by enforcing a sensible level of password complexity and passwordreducing changes,administration whileby enablingallowing the userpartners to manageutilise theirSingle ownSign identityOn throughfrom self-serviceSIMS account administration and allowing the user to change and recover lost passwords simply and securely. A greater level of account administration can be delegated to key staff or members of your support organisation. Recognising that different users require different levels of security, multiple password policies can be enforced to allow young users to have easy to remember passwords without compromising the complex password requirements of users who have greater security privileges. Two factor authentication is high on the priority list for customers usingID.

The SIMS ID toprovisioning create and manage their AD accounts, and the ‘holy grail’ of single sign on is achieved: A single user name and password to sign into the computer and from their single sign-on to local and cloud systems. Outside of the site, the same username and password are used to access available cloud services including Capita Hosted SIMS for customers.

Developed to support industry standard claims based authentication to deliver federated identity services, SIMS ID is able to integrate with an increasing range of products provide by Capita and third-party providers. SIMS ID is designed to support more than just staff and pupils. Support for parent’s and other connected adults to access products, is also built in - allowing, where appropriate, users to link other accounts such as Twitter or Microsoft accounts to their SIMS ID access. This removes the barrier to external users accessing systems and engaging with your services.

SIMS ID provides an engaging web based user interface to support the administration of users and services as well as a tile based ‘launch pad’ for integrated applications and services. The look and feel of the ‘launch pad’ can be changed at each site; additionally ‘quick link’ tiles can be added as well as deploying additional services. SIMS ID is designed to work on a range of devices and browsers, rescaling the interface for use on the largest screens down to mobile devices and smart phones.

route

Figure 1- SIMS ID user and data provisioning

SIMS ID Design Structure.

FigureFrom 3an -integration Elementsstance ofthere are three elements to SIMS ID * The STS - responsible for authentication and SSO * The Data Provisioning agents / Data exchange APIs * The Tile Store User Interface

STS

Based on an implementation of Identity Server, the SIMS ID STS service provides single sign-on and access control for modern web applications and APIs using protocols like OpenID Connect and OAUTH 2.0. It supports a wide range of clients like mobile, web, SPAs and desktop applications and is extensible to allow integration in new and existing architectures. The SIMS ID implementation is extended to provide a range of authentication sources, as well as extending SSO protocols to include Shibboleth, which is commonly used in the education and academic technology space. SIMS ID is a registered provider with the UK Access Management Federation.

Provisioning Agents and Data Exchange APIs

In addition to the provisioning and data exchange elements of OAUTH and the Edu Person specification leveraged through open standards such as Shibboleth and the SAML 2.0 interactions. SIMS ID has a number of extensible provisioning agents & APIS. This allows for provisioning to Active Directory, Office 365 and Google Applications; work is also currently underway on MS SDS to support MS Classroom. Where specific provision requirements are necessary, SIMS ID has a range of methods to call 3^rd party scripts, APIs and applications.

Figure

Tile 4store - SSO and provisioning options

User Interfaceinterface

For Single Sing On SIMS ID can operate in two modesmodes: Headless and thoughUI based. Where a partner wishes to use the UI based approach (this can be in addition to headless) a partner tile is made available to sites taking the partner service to allow application launching from within the SIMS ID User Interface. The underlying technologies are identical but the user journey is different. Some integrations can be set to only operate through the UI mode and headless mode will also provide the option to operate via the UI.

Support tools

There is a separate interface that is provided for ‘high level’ support staff. This interface allows a range of support activities that are not designed for delegation down to customers support organisations or end users to be carried out.

The SIMS ID Architecture

Figure 5- SIMS ID Application Architecture

SIMS ID Localisation

The product is currently undergoing STS localisation initially with the Welsh Language, and this will be completed in Q1 2017. This work will confirm the localisation framework for the product is implemented in all areas of the core product. Further Language packs will be developed as business needs dictate.

Integrating with SIMS ID.

There areis a range of integration options available with SIMS ID. Some are easily implemented, OAuth for example, however, others require a little more discussion. Here at SIMS ID, we are always happy to discuss options to make it easy to integrate your application with our platform. We classify the two main types of integration as Authentication & SSO and User Provisioning

Ways to Integrate

Integration can be achieved through SSO routes and SSO and Provisioning routes

Authentication & SSO]

Provisioning and Data Exchange Integration

What data sources are available to SIMS ID?

SIMS ID provides automated data integration from SIMS 7 both on-premise and centrally hosted as well as SIMS Primary. Partners with core data needs can integrate with SIMS ID as a single data point integration and receive data from schools on SIMS 7 and SIMS Primary.

Where highly rich data is required then a direct integration with SIMS 7 'business objects' and the SIMS 8 (SIMS Primary) Partner APIs will still be required.

A Stable Integration Platform

Providing a safe stable integration environment is important to allow partners to integrate. Find out about the SIMS ID integration platform

Support for SIMS ID Partners

SIMS ID Partners may raise a support case by emailing simsidteam@capita.co.uk putting SIMS ID PARTNER SUPPORT at the beginning of the ‘subject’ line.

Please include full details and where appropriate to enable replication.

Please do not include any ‘keys’, ‘secrets’ or personal identifying data in any email communications with Capita SIMS ID.

Benefits of being a SIMS ID Partner

• Simplified sign on to your application for your customers through SIMS ID

  • No passwords to manage

  • No password reset support calls

  • Secure standards-based technologies

• Reduced user admin for your customers

  • Simple user provisioning direct from SIMS ID, with this data drawn directly from School MIS systems

• Schools know your product is available through SIMS ID

  • Your application tile available to ALL or restricted sets of SIMS ID schools.

  • Licence management options to deploy your application tile to known customers

  • Authentication of users to your application

• You control the sale and the revenue

  • Unlike other app stores you control the sales process.

• Data from the best source of truth

  • Access to additional user attributes direct from SIMS ID, with this data drawn directly fromfr, m the school MIS systems – for example registration group data

  • SIMS ID takes its data directly from school MIS systems: SIMS Hosted and SIMS in schools. Other manufacturer’s MIS systems can also be supported

• The ability to display the ‘Log in with SIMS ID’ logo and SIMS ID Partner Logos

  • informing your customer base that they can simply work with your product through SIMS ID

• Joint marketing opportunities.

The importance of partnering.

We believe our partners are key to our future success. Whether you are a service provider, systems integrator, independent education software vendor, reseller or other types of technology provider, we want to work with you to provide solutions that enhance our customers' system.

SIMS ID is one aspect of partnering with Capita SIMS see the main Capita SIMS Partner Sitefor additional options.

SDK Main Page | Authentication & SSO | Provisioning Integration | SIMS ID a stable integration platform