Thursday, 9 May 2019

Cloudwork V30 & V31 Release Notes

Welcome to Term 2 of the 2019 school year.

The Studentnet development team has been hard at work releasing two new releases for Cloudwork so far this year being V30 and V31. Our continued aim is to increase your degree of control of your network via new features and user experience improvements in the dashboard. Please find below a brief description of newly available improvements in our V30 and V31 releases.

V30 New Features
  • Deleted User Action has been added to email sync profiles. You can now delete or suspend users that existed in the previous CSV file this profile processed, but is not in this one
  • Added Compromised Password protection settings. It is now possible to prevent users from choosing new passwords that are known to be compromised.

    One of the most common sources of compromised accounts these days is password re-use across different services. The "Have I Been Pwned" project is an enormous aggregation of data collected from data breaches of all stripes. The database currently stands at 551,509,767 real passwords that have been exposed via data breaches, and Cloudwork can now take advantage of this data to help protect our users.

    When a user changes their password through CloudworkID or "I forgot my password", or an administrator changes it for a user through the Cloudwork Dashboard, the compromised passwords check will take the new password and compare it to a list of known compromised passwords, and return an error message informing the user that they have chosen an insecure password. This feature can be turned on or off via the Cloudwork Dashboard, and can be configured to use a threshold, and only reject passwords that show up in the compromised data more often than the configured threshold.
V31 New Features
  • Admin Roles can now be assigned to Groups in addition to being able to assign to individual accounts
  • Bulk Welcome Messages can now be sent to many users(groups, org units, email addresses matching a pattern etc) from the Cloudwork Dashboard
  • CloudworkID settings can now be customised per Org Unit. This includes:
    * CloudworkID Look and Feel settings can be configured per Org Unit
    * CloudworkID enabled features can be configured per Org Unit
  • Compromised Passwords settings can be configured per Org Unit
  • Password Reset email templates can now be customised per Org Unit
  • When uploading a User CSV file, an Org Unit can now be targetted for these uploaded users
User Experience Improvements
  • Reports are now more flexibly filtered when searching by users or events
  • Provisioning Reports can now be filtered by Sync Profile
  • Search form added to SSO Services view
  • Message Templates can now be deleted
  • From address can now be changed in SMS Templates
  • Various bug fixes:
    * Fixed a bug that prevented administrators from uploading new logos and background images
    * Fixed a bug where administrators could enable "send welcome messages" without selecting a message template
If you wish to access any of these new features, your Cloudwork instance will need to be updated to V31. We will be commencing individual instance upgrades starting in May, 2019. To schedule a time for your school's instance upgrade please submit a support ticket or email your request to support@studentnet.id.

Looking forward to working with you through 2019 - Thank you

The Studentnet Team
--
STUDENTNET® - ANZIA Awards 2011 Privacy Finalist
                            Highly Commended: Australian Privacy Awards 2008
Information Desk info@studentnet.id studentnet.id                Tel +61 2 9281 1626
Suite 1, 89 Jones St Ultimo NSW 2007 Australia                            NOC +61 2 9281 3905
ABN:90 001 966 892

_____________________________________________________________
q Reduce, Reuse, Recycle  | P Please consider the environment before printing this e-mail

Thank you for your interest in Studentnet's Cloudwork and IdentiLab identity management solutions for school education.
 
Studentnet®, Cloudwork®, Make the Cloud yours®, The Studentnet® logo, and Isonet® are registered trade marks 796793, 1550282, 1480792, 799597, and 1022051, respectively, of Studentnet(ABN 90 001 966 892).
All other trademarks, trade names or company names referenced herein are used for identification purposes only and are the property of their respective owners.

Studentnet is a wholly owned subsidiary of Twin-K Computers Pty Ltd, ABN 90 001 966 892


Copyright © 2019 Studentnet®
---
You received this message because you are subscribed to the Google Groups "CloudBurst Newsletter" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cloudburst+unsubscribe@studentnet.net.
Visit this group at https://groups.google.com/a/studentnet.net/group/cloudburst/.
To view this discussion on the web visit https://groups.google.com/a/studentnet.net/d/msgid/cloudburst/0c995692-f2b3-de04-1372-5a89e9d32547%40studentnet.net.
For more options, visit https://groups.google.com/a/studentnet.net/d/optout.
--

Tuesday, 15 January 2019

Studentnet Cloudwork V29 Release Notes

The Cloudwork team welcomes you all to a New Year. We're sure that you are all preparing for your new 2019 enrolling year.
Our team has been hard at work introducing many new features and user experience improvements in the dashboard. Please find below a brief description of newly available improvements in our latest release - Version 29.
V29 New Features
  • Added a notification system to the dashboard screen enabling Studentnet to easily deliver important update information to Cloudwork Administrators
  • Contents of Password Reset SMS messages can now be controlled via Message Templates
  • "Require password change at next login" feature exposed on Password Change screen in admin
  • SMS-based Multi factor Authentication can now be enabled for a user from the Cloudwork Dashboard
  • Support SSL connections in Email Sync Profiles, meaning Email Sync Profiles can now connect to a wider range of in boxes
  • New configuration option in Email Sync Profiles enabling users to be placed into a specific Org Unit
  • Extra details are now available on the IdP Details page, allowing administrators to easily discover certificate fingerprints
User Experience Improvements
  • The "Download" button in Reports now handles the report generation asynchronously, allowing much larger reports to be successfully  generated
  • Cloudwork Dashboard will now show a red error message if a group sync is attempted with a bad LDAP search filter
  • Relaxed form processing rules for SSO Services that don't have signing certificates or logout URLs
  • Removed `required` tags from some form fields, to make editing SSO Services easier
  • Help page now links to the Wiki
  • Sidebar menu will stay in its current state between page transitions
  • The Login Theme form has been broken down into smaller, more easily managed forms
  • Various bug fixes
If you wish to access any of these new features, your Cloudwork instance will need to be updated to V29. We will be commencing individual instance upgrades starting in February, 2019. To schedule a time for your school's instance upgrade please submit a support ticket or email your request to support@studentnet.id.
Looking forward to working with you again in 2019 - Thank you

Wednesday, 12 September 2018

Australian Cyber Security Centre(ACSC) alert: 2018-140 Malicious activity targeting education institutions (GREEN)

Studentnet is a registered partner of the Australian Cyber Security Centre(ACSC). The ACSC is part of the Australian Signal Directorate of the Department of Defence. Registered partners of the ACSC are considered by DoD to be part of Australia's critical infrastructure. Studentnet receives alerts such as this as a result of that status. 

The ACSC has issued the following alert that is directly relevant to our school education community.:

==========================

TLP: GREEN

2018-140: Malicious activity targeting education institutions

The Australian Cyber Security Centre (ACSC) is aware of ongoing spear-phishing campaigns targeting multiple Australian higher education institutions.
==========================  

The alert is marked TLP Green:
"Restricted to closed groups and subject to confidentiality. 
You may share GREEN publications with external organisations, information exchanges, or individuals in the network security, information assurance or critical network infrastructure community that agree to maintain the confidentiality of the information in the publication. You may not publish or post on the web or otherwise release it in circumstances where confidentiality may not be maintained."

This means that Studentnet cannot distribute the content of the alert via this blog. However, we can email the alert to directly to individual members of our community.

The alert contains detailed information on the malicious activity and recommendations on protecting your organisation. Cloudwork contains specific features that allow you to easily implement the protection recommendations of the ACSC.

Studentnet strongly recommends that you obtain a copy of the alert. You can obtain a copy by emailing a request to kjk@studentnet.id. Studentnet will email you a full copy of the alert under TLP green conditions.

Please contact Kevin Karp at Studentnet(+61 2 9281 1626 or kjk@studentnet.id) to discuss and plan your implementation of the ACSC's recommendations using Cloudwork's features.

Thursday, 6 September 2018

Advisory: NTLM Abuse Mitigation

NT Lan Manager (NTLM) authentication is currently being abused to harvest user credentials, so CERT Australia has prepared a list of recommendations for techniques to mitigate NTLM abuse.

CERT Australia is now part of the Australian Cyber Security Centre(ACSC) of the Australian Signals Directorate(ASD) section of the Department of Defence.

Wednesday, 16 November 2016

Advanced User Upload Usage

The user upload feature is not new, it has been in operation many years. We have recently looked at it's capabilities and decided to update what it can do in our dashboard.

Let's look at what it currently does.


You can upload a CSV file to create or update multiple accounts at once.


Your CSV file must contain the following headings: 

Email,User Name,First Name,Last Name,Password,Role

For example:

Email,User Name,First Name,Last Name,Password,Role
principal@example.edu.au,principal,School,Principal,pri2009,teacher
joeblogs@example.edu.au,joeblogs,joe,blogs,joe2009,teacher
a.student@example.edu.au,SN1234,Alfred,Student,as2010,student
 
The following email accounts will be created:
  • Username: principal
    Password: pri2009
  • Username: joeblogs
    Password: joe2009
  • Username: SN1234
    Password: as2010
Valid roles must be chosen from the following list:
  • Student
  • Alum
  • Teacher
  • Parent
 

This has been pulled directly from the dashboard so no new information there.

All of these values are the same and remain required information.

The Let's look at the additional fields that we have added.

Recovery Phone

This is the phone number that is used in password reset. As with the other headings it must be put exactly as above. This field is not compulsory and may be left out if it is not required.

Recovery Email

 This is the email address that is used in the in password reset. As with the other headings it must be put exactly as above. This field is not compulsory and may be left out if it is not required.


Additional Attributes

This is where things can get a little more interesting. You can now add additional attributes to the import and will will import them into the Custom Attributes for the user. This can be useful when having to bring additional information for a user that needs to be sent to the service provider, but doesn't quite fit in the existing categories. For example StudentID, SynID etc

These are not compulsory and can be left blank for the users that do not have such a value.

If we look at what this might look like in a spreadsheet





This will create a record as normal with the below attibute
User Name: principal
Email: principal@example.edu.au
First Name: School
Last Name: Principal
Password: pri2009
Role: Teacher

With the new attributes this will also add

Password Reset Recovery Email: othermail@gmail.com
Password Reset Recovery Phone: 0412345678

Another attribute will be created:

SynID: 314159

Once the user logs in, all the normal attributes will be created and sent to the service provider, additionally this user will have SynID sent. NB Password reset information is NOT exposed to service providers.

So when the user is created all the information about the user is already there without need for further interaction.

Conclusion

Just to make things clear on these new attributes, they can be left blank for users that they do not apply, or just simply not included in the import.

Remember these imports can be run as scheduled imports through the sync profile interface.

 









 

 

 

Tuesday, 26 January 2016

Managing your Alumni accounts for the new academic year

Updating your graduating students to Alumni status is a simple process.


We have prepared new instructions for maintaining your graduating year students on the Cloudwork Wiki.

These instructions can be found here: https://wiki.studentnet.net/index.php?title=Graduating_Students_Accounts

Tuesday, 8 December 2015

Password Reset Flow



Password Reset Flow
When looking to reset a password a user will be given a link, this can be on a portal or the login page or whatever method is preferable.
The first screen that is presented is below. This screen the user will enter their username and choose how they want the process to go, by choosing Email or Mobile



If the username is not found or the user does not have the particular recovery method available to them an error will be given. This can happen if the user selects Mobile and the system does not have any record of a Mobile number for the user. Same applies for email. For security reasons the actual reason for failure is not given.


Otherwise we move onto the next screen


Given that we are now on this screen this means a message has been sent to the user’s email or mobile.
Mobile:

Email:





The user will then enter the code that was sent to them into the field and continue.

From there the user will be able to reset their password. This is the point where password complexity rules will be applied.






Once the new password is put in and the “Change Password” is pressed. The password change is made and the user is now able to use that password for future logins.