Please remember – SIMS ID is subject to weekly maintenance and upgrades works, this maintains service performance and introduces new features, details of when this takes place is outlined here https://www.empsn.org.uk/knowledge-base/capita-maintenance-windows/
Visible Developments made over the Quarter Include
SIMS ID for All Users
My Profile Email Address Update
Further improvements to the Email Address page in both User Management and the user’s Profile page have been applied.
The improvements are:
- Update the email address list to include all emails linked to the account (MIS, External and SIMS ID)
- Give clarity as to what is the generated SIMS ID username, and which are manually added SIMS ID email address
- Update the login Alias and Notification functionality to work for MIS email addresses and SIMS ID sourced email addresses
Resetting a Password when Adding an Email-BasedLogin
The password recovery process is now initiated when a user without a password activates an email address-based login within SIMS ID. This is to assist users who are registered with a third-party login to add an email-based login
When a user with a verified email address enables it to be used as a login. The user will receive a password recovery email. This will allow the user to reset their SIMS ID password using the one-time email password recovery flow and gain access to their SIMS ID account using the selected email address.
SIMS ID For Local Site Administrators
User Management – Google Email Address Update
In a previous release, ESS enabled SIMS ID to update Office 365 email addresses on demand. ESS has now extended this functionality to update the SIMS ID provisioned Google email address.
User management – Support OneRoster/SDS for AD Sync with stored MIS Email Address
To support schools that provision Office 365 through AD sync where they populate SIMS with the Office 365 email addresses ESS have updated their SDS provision to use MIS data so that they can support them when they attempt to use SIMS ID for SDS.
ESS has updated SDS provisioning to support stored MIS email addresses, so where the site has stored as MIS email address that matches the sites Office 365 settings this will be used for SDS data so there is no need for sites that use AD Sync to go through the user matching process in order to create SDS data.
TileStore – DeX Onboarding Service
ESS have created a new Self Onboarding Application/Area within SIMS ID that will allow sites to enable the DEX Service. This operates much like the People Service and OneRoster self-onboarding applications. This is in preparation for SIMS Next Generation.
Preferences -The Self-Onboarding section of preference has been removed
ESS has updated preferences to remove the Self-onboarding tab. This is to remove confusion. Installation of all applications/ services is now carried out through the Tile Store.
Preferences – 2FA Rule Fix
ESS have implemented bug fixes for 2FA settings, to enable Local Site Administrators to control which users have 2FA enforced on their logins. The options are:
- Rule 1
- Enable 2FA for ALL users
- Enable 2FA for ADMIN users only
- Enable2FA for ALL users EXCEPT STUDENT users
- Rule 2
- Enable 2FA for specific users at the site
- Enable 2FA for specific users and ALL admin users at the site
SIMS for Technical Integrators
Managing Integrated Applications-URL Encoded Clients and Secrets
The SIMS ID STS Server now accepts encoded and non-encoded Client ID’s and Secrets for basic authentication. This is to meet a ratified standard and has no user impact.
ESS has updated the Technical Integrator endpoints within RAPAPI to bind RAP API client with the assigned partner scopes, and to the site-specific data regarding applications and clients that are being returned associated with that client.
Endpoints will only allow valid RAP API clients to access the data when they are linked to the sites, they are attempting to return Application data/Client Data for.
DeX API Data Permissions
ESS has implemented integration between the Data Exchange (DeX) APIS and the Application Setup within the Technical Integrator Applications side of SIMS IDThe integration allows Technical Integrators to specify what data elements, known as securables, their application requires. ‘Securables’ are akin to data/security domains.
Technical Integrator Users are able to select from the available list of ‘securables’ as well as determine the level of access for the ‘securable’ they require (Read, Read & Write) this is applied to the Application on Save. The permissions are activated when a school installs the application through the tile store. This process streamlines the application of permissions that control access to data and empower schools to be fully in control of their data.
SIMS ID for Active Directory Management
UPN Split from SAMAccount
Previously within SIMS ID ADAM provisioning the UPN and SAMAccount for a user were set to the same value. This release allows two separate values to be generated and set as the SAMAccount and a UPN for a user.
This update includes the necessary updates to the user interface for ADAM within SIMS ID. Each value has a separate tab for setting up the rules to generate each value. Values can be defined by tokens and selectable domain values similar to other areas of SIMS ID that allow users to set username values.
Tokens available for this purpose include a new token within AD settings that allow sites to use MIS Email address as the UPN or SAMAccount for a user. This update is to facilitate ADAM schools who populate office 365 using AD connect and need to set a discrete SAMAccount name and UPN.