SDK : Integrating with SIMS ID
Intended Audience
The SDK information is aimed at development teams from 3rd party integrators, content providers and Capita development teams.
Document Purpose.
This document provides information on the capabilities of the SIMS ID product from the perspective of how it may be utilised by other development and project teams. It details how they may benefit from a consolidated user authentication service that is common to end users across a range of Capita products. It also provides details on how development teams may use this service to accelerate their adoption of Identity Management services.
- 1. Intended Audience
- 2. Document Purpose.
- 3. Why use identity Management from SIMS ID?
- 4. Identity Management – the Capita SIMS Approach
- 5. SIMS ID Design Structure.
- 6. The SIMS ID Architecture
- 7. SIMS ID Localisation
- 8. Integrating with SIMS ID.
- 9. Support for SIMS ID Partners
- 10. Benefits of being a SIMS ID Partner
- 11. The importance of
Partnering.partnering.
Why use identity Management from SIMS ID?
Available to all SIMS customers with no annual charge, SIMS ID is at the heart of Capita SIMS identity and authentication approach for SIMS and SIMS Partner products, providing a single identity per user that spans all products making access simple for the user. SIMS ID allows schools to automatically provision users to Google and Microsoft Office 365 from their SIMS Data
Identity Management – the Capita SIMS Approach
Capita believes that Identity Management (IdM) is fundamental to security when providing access to multiple disparate applications, and is central to the user experience being simple and positive.
At the heart of Capita’s approach to Identity Management is SIMS ID. SIMS ID is Capita’s flagship product for Identity Lifecycle Management, Authentication and Single Sign On. Sitting as a key component in Capita’s ‘Next Generation’ education products, SIMS ID is also available direct to SIMS 7 customers.
Security is at the heart of SIMS ID automatically extracting data from SIMS. Without the need to run reports or extracts, SIMS ID lets your data empower your staff and pupils to access a range of services. Based on the latest identity management technologies, SIMS ID creates a single identity for each user that is provisioned into our Identity Management solution, along with selected cloud services such as MS Office 365 and/or Google Apps. This is done without the need to expose or link your local network to Microsoft or Google, whilst still allowing your users to access the full feature sets provided by these systems. Put simply, SIMS ID takes the user data you enter into SIMS as part of your normal working practice, and automatically provides user accounts into your local AD, central AD and selected cloud services, with minimal delay and no fuss.
SIMS ID is also capable of synchronising group memberships (e.g. MIS classes) and other data (e.g. MIS timetables) with integrated systems in order to synchronise sites, distribution lists and providing the option for timetables to be displayed directly into Google or Office 365 calendars.
Passwords are often the weak link in any system security. SIMS ID aids in keeping your data secure by enforcing a sensible level of password complexity and password changes, while enabling the user to manage their own identity through self-service account administration and allowing the user to change and recover lost passwords simply and securely. A greater level of account administration can be delegated to key staff or members of your support organisation. Recognising that different users require different levels of security, multiple password policies can be enforced to allow young users to have easy to remember passwords without compromising the complex password requirements of users who have greater security privileges. Two factor authentication is high on the priority list for customers using SIMS ID to create and manage their AD accounts, and the ‘holy grail’ of single sign on is achieved: A single user name and password to sign into the computer and from their single sign-on to local and cloud systems. Outside of the site, the same username and password are used to access available cloud services including Capita Hosted SIMS for customers.
Developed to support industry standard claims based authentication to deliver federated identity services, SIMS ID is able to integrate with an increasing range of products provide by Capita and third-party providers. SIMS ID is designed to support more than just staff and pupils. Support for parent’s and other connected adults to access products is also built in - allowing, where appropriate, users to link other accounts such as Twitter or Microsoft accounts to their SIMS ID access. This removes the barrier to external users accessing systems and engaging with your services.
SIMS ID provides an engaging web based user interface to support administration of users and services as well as a tile based ‘launch pad’ for integrated applications and services. The look and feel of the ‘launch pad’ can be changed at each site; additionally ‘quick link’ tiles can be added as well as deploying additional services. SIMS ID is designed to work on a range of devices and browsers, rescaling the interface for use on the largest screens down to mobile devices and smart phones.
Figure 1- SIMS ID user and data provisioning
SIMS ID Design Structure.
Figure 3 - Elements of SIMS ID
STS
Based on an implementation of Identity Server, the SIMS ID STS service provides single sign-on and access control for modern web applications and APIs using protocols like OpenID Connect and OAUTH 2.0. It supports a wide range of clients like mobile, web, SPAs and desktop applications and is extensible to allow integration in new and existing architectures. The SIMS ID implementation is extended to provide a range of authentication sources, as well as extending SSO protocols to include Shibboleth, which is commonly used in the education and academic technology space. SIMS ID is a registered provider with the UK Access Management Federation.
Provisioning Agents
In addition to the provisioning and data exchange elements of OAUTH and the Edu Person specification leveraged through open standards such as Shibboleth and the SAML 2.0 interactions. SIMS ID has a number of extensible provisioning agents & APIS. This allows for provisioning to Active Directory, Office 365 and Google Applications; work is also currently underway on MS SDS to support MS Classroom. Where specific provision requirements are necessary, SIMS ID has a range of methods to call 3rd party scripts, APIs and applications.
Figure 4 - SSO and provisioning options
User Interface
SIMS ID can operate in two modes and though the underlying technologies are identical the user journey is different. Some integrations can be set to only operate through the UI mode and headless mode will also provide the option to operate via the UI.
Support tools
There is a separate interface that is provided for ‘high level’ support staff. This interface allows a range of support activities that are not designed for delegation down to customers support organisations or end users to be carried out.
The SIMS ID Architecture
Figure 5- SIMS ID Application Architecture
SIMS ID Localisation
The product is currently undergoing STS localisation initially with the Welsh Language, and this will be completed in Q1 2017. This work will confirm the localisation framework for the product is implemented in all areas of the core product. Further Language packs will be developed as business needs dictate.
Integrating with SIMS ID.
There are a range of integration options available with SIMS ID. Some are easily implemented, OAuth for example, however, others require a little more discussion. Here at SIMS ID, we are always happy to discuss options to make it easy to integrate your application with our platform. We classify the two main types of integration as Authentication & SSO and User Provisioning
Ways to Integrate
Integration can be achieved through SSO routes and SSO and Provisioning routes
Authentication & SSO]
Please use visit our pages detailing options for using SIMS ID to provide Authentication services & SSO Services including sample clients
Provisioning Integration
Please use visit our pages detailing options for using the SIMS ID Provisioning API and the SIMS ID IMS Global One Roster API to provide Provisioning Information and assiociated data access. Links to the relevant SWAGGER documention endpoinsts are also provided.
A Stable Integration Platform
Providing a safe stable integration environment is important to allow partners to integrate. Find out about the SIMS ID a stable integration platform
Support for SIMS ID Partners
SIMS ID Partners may raise a support case by emailing simsidteam@capita.co.uk putting SIMS ID PARTNER SUPPORT at the beginning of the ‘subject’ line.
Please include full details and where appropriate to enable replication.
Please do not include any ‘keys’, ‘secrets’ or personal identifying data in any email communications with Capita SIMS ID.
Benefits of being a SIMS ID Partner
Simplified sign on to your application for your customers through SIMS ID
No passwords to manage
No password reset support calls
Secure standards based technologies
Reduced user admin for your customers
- Simple user provisioning direct from SIMS ID, with this data drawn directly from School MIS systems
Schools know your product is available through SIMS ID
Your application tile available to ALL or restricted sets of SIMS ID schools.
Licence management options to deploy your application tile to known customers
Authentication of users to your application
You control the sale and the revenue
Unlike other app stores you control the sales process.
For a limited time no commission is taken for sales generated.
Data from the best source of truth
Access to additional user attributes direct from SIMS ID, with this data drawn directly from the school MIS systems – for example: registration group data
SIMS ID takes its data directly from school MIS systems: SIMS Hosted and SIMS in schools. Other manufacturer’s MIS systems can also be supported
The ability to display the ‘Log in with SIMS ID’ logo and SIMS ID Partner Logos
- informing your customer base that they can simply work with your product through SIMS ID
Joint marketing opportunities.
The importance of Partnering.partnering.
We believe our partners are key to our future success. Whether you are a service provider, systems integrator, independent education software vendor, reseller or other type of technology provider, we want to work with you to provide solutions that enhance our customers' system.
SIMS ID is one aspect of partnering with Capita SIMS see the main Capita SIMS Partner Sitefor additional options.
SDK Main Page | Authentication & SSO | Provisioning Integration | SIMS ID a stable integration platform