Cloudwork PlatformID - world first support for Apple's Platform SSO

 

Apple's Platform SSO: An independent status update   In a significant first for local innovation, Cloudwork® is proud to advise the availability of Cloudwork PlatformID v1 supporting Apple Mac's Extensible SSO and Platform SSO v1.   Schools planning their 2024 device management need to know more about the status and relevance of this announcement.

Image source: Apple.com

Let's start with a quick re-cap: Apple announced both Extensible SSO and Platform SSO v1 at their June, 2022 WWDC. The announcement stated: Extensible SSO will allow seamless single sign-on for users, instead of separate sign-ons for device access, apps and websites. Platform SSO allows school administrators to use identity provider (IdP) credentials to centrally manage passwords, permissions and group memberships. To support these new features, Identity Providers needed to build an installable extension for the managed Mac devices. At the time of announcement, very scant details or documentation were available to Identity Providers to build this new extension. Cloudwork responded to these announcements by committing to providing support for both Extensible and Platform SSO. In a significant first for local innovation, Cloudwork® is proud to advise the availability of Cloudwork PlatformID v1 supporting Apple Mac's Extensible SSO and Platform SSO v1. Using Jamf Pro as the Mobile Device Manager (MDM) and Cloudwork as the Identity Provider we'd like to walk you through an end-to-end experience starting from a clean Mac moving on to password synchronisation and desktop and web sign-on integration. The walk through can be experienced via these four videos: CloudworkPlatformIDv1-Step1-EnrolDevice CloudworkPlatformIDv1-Step2-RegisterUser CloudworkPlatformIDv1-Step3-PasswordSync CloudworkPlatformIDv1-Step4-MacExtensibleSSO

But the story does not end there.
 

At the June 2023 WWDC Apple announced the availability of Platform SSO v2, significantly enhancing its functional range and value:

• Supports local accounts: Platform SSO is designed to be a modern replacement for binding to directory services.
• Integrates into macOS: Platform SSO is integrated with macOS and doesn't use JavaScript or render webpages for authentication.
• Creating users on demand: New local user accounts can be created on demand at the login window using IdP credentials.
• Integrates IdP group membership with macOS: Mobile device management (MDM) configurable groups can be used to manage account permissions.
• Enables the use of network accounts for Authorization: Groups can also be used to authorize network accounts.
• Supports multiple authentication methods: Platform SSO supports many different authentication methods with an IdP.

Cloudwork® has committed to building support for v2 into Cloudwork's PlatformID feature.

Our target is to have v2 available this year for testing in Q4 2023, in time to support schools for the 2024 academic year.

There's a lot in this announcement.

Start your 2024 planning process now! Contact us to arrange a planning session to work through the best options for your school community.

SBS Insight Identity Crime program

SBS Insight: Identity Crime

The SBS Insight program has prepared an episode devoted to Identity Crime. I attended the recording of the episode last night as a non-speaking audience member.

Some of the stories are absolutely harrowing.

They included examples of breaches involving schools. This is a don't miss episode for anybody interested in identity theft and resulting crimes - especially in the education community.

I am so glad that Studentnet is investing so much effort into our Identity Protection initiative for Australian schools.

Insight's Identity Crime episode is scheduled to broadcast on February 28.

Kevin Karp, Studentnet 

Welcome to 2023 - the year of Identity Protection

New Year, New Challenges

2023 - the year elevating the importance of protecting your school's identity and the identities of all of the members of your community be they staff, students and parents.

We'd like to take this opportunity of welcoming all of the new schools that are joining us for the first time in 2023 plus all of our existing outstanding school community. We can see all of the great work that you're doing bringing on board your new cohort of students, parents and teachers. 

We've got a busy year of major feature enhancements planned for Cloudwork to make your life easier and to make your community more secure. For now, it's been a pleasure and honour to work with you all during what is always a busy and stressful time.

Congratulations on another successful start to the academic year!

The Studentnet Team

www.studentnet.net

Studentnet Security & Privacy Credential

Security & Privacy

Commendations

• Australian Privacy Awards 2008 – Highly Commended, Microsoft Small Medium Business category

• Australia New Zealand Internet Awards(ANZIA) 2011, Finalist, Security and Privacy category

Industry Associations

• Cybersecurity Advisors Network(CyAN)

• Access 4 Learning - Schools Interoperability Framework(SIF)

• Office of Australian Information Commissioner(OAIC) - partner

• APNIC

• .au Domain Administration(.auDA) – Supply Member via CoClo

• OpenID Foundation sustaining member – via Parent company Coherent Cloud(CoClo)

• IDPro Advocate level member – via Parent company Coherent Cloud(CoClo)

• Ed-Fi Alliance member

• Internet Society - member

• Internet Society of Australia(ISOC-AU) – Bronze member via CoClo

• Association of Computing Machinery(ACM)

• Financial Services Institute of Australia(FINSIA)

• Managers of IT in Education(MITIE)

Standards

• Cert Australia Partner – registered with Australian Federal Government’s Defence department Australian Signals Directorate as part of Australia’s Critical Infrastructure

• Joint Cyber Security Centre(JCSC) – registered Sydney JCSC partner, an initiative of Cert Australia

• Australian Internet Security Initiative(AISI) – Studentnet was the first education related organisation to participate in and comply with AISI

• APNIC DASH - Dashboard for Autonomous System Health

• Payment Card Industry – Data Storage Standard(PCI-DSS) – Studentnet’s facilities have been audited to comply with the standard required for the storage of credit card and financial data even though we do not retain any such data

• Notifiable Data Breach(NDB) – scheme participant

Technology

Standards

• SAML 2

• oAuth 2

• Shibboleth

• OpenID Connect

Facilities

• GlobalSwitch data centre

• NTT connectivity

• Telstra Connectivity

• Indicium connectivity

• Pipe Networks - peering

oOo

Safer Technology for Schools(ST4S) accreditation for Cloudwork

 

Safer Technologies 4 Schools (ST4S) is a national service that assesses the safety of digital products and services used by Australian schools.

The ST4S badge helps school leaders and educators easily identify suppliers who have been assessed through the ST4S service. This gives schools peace of mind that simple, easy to understand privacy and security information is available for this supplier’s product, and it meets the minimum required standards for use in the badge program.

Studentnet is proud to advise that Cloudwork has successfully qualified to be part of the Safer Technologies 4 Schools (ST4S) Product Badge Program in 2021.

Undergoing assessment under the ST4S program is part of Studentet's security and safety commitment to the Australian education community.

Studentnet Cloudwork V43 Release Notes: AuthentID School Branded Authenticator

 V43 New Features

• AuthentID - A new multifactor option has been added. Find the CloudworkID Authenticator on the Apple and Google Play stores today. Available in generic and school branded versions.
  
• Improved file uploads - A new sync profile for for uploading files has been added. Over time, we'll be migrating email CSVs to use this new sync profile to provide more reliable and more powerful syncing 
• Password Complexity - New password complexity options have been added, allowing for more powerful and flexible password and passphrase rules. 
• MFA - The MFA onboarding workflow has been significantly improved, with better user hints and the ability to continue logging in after enabling SSO 

Bug fixes and improvements

• OpenID Connect support has been revamped to provide large performance improvements 
• New event types have been added for geoblocking related authentication failures 
• Resolved an issue that prevented Azure AD from authenticating SMTP requests correctly 
• Fixed an issue resulting in user sessions sometimes not lasting as long as expected 
• Fixed a bug that sometimes prevented Administrators from replacing the logo in the theme 
• Some changes have been made to improve performance of Adobe syncing. This is the first phase in a longer project to improve support for Adobe 
• New event types have been added for TASS syncing 
• Welcome messages have been updated to allow the SIS ID to be included as a template option 
• Resolved minor security issues

Studentnet’s Holiday Availability 2021/2022

 

The Cloudwork Support team would like to wish you all a fabulous Christmas plus a happy and safe New Year! We just wanted to let you know that all of our normal 24x7 monitoring systems and emergency response arrangements will be in place and operational over the entire holiday period. The following restrictions will apply over the festive season: An embargo will apply on all changes or requests for implementation of new feature between 10am December 24th  2021 and 10am January 10, 2021 All existing account provisioning implementations will continue on their agreed to schedules. No new account provisioning implementations will commence until after the commencement of Term 1, 2022. Between mid December and mid January key vendors do not allow any planned changes. This restricts our ability to complete new orders and to change services.  If you have plans during this period please contact us now for further details about how you may be affected, and please submit orders early to avoid delays. Between the 24th of December and the 10th of January, Studentnet will have skeleton NOC staff available. Non-urgent issues are best communicated via either: submitting a ticket via (https://support.studentnet.net), or sending an email to help@studentnet.net limited phone support will be available during business hours on +61 2 9281 1626 Of course our normal emergency support and operation services still apply. For urgent issues, the contact number for the NOC is +61 2 9281 3905. Once again please have a safe and joyous festive season. The Studentnet Team