Integrated database password management and authorization failovers

Some Finalsite installations are "integrated" with Student Information Systems (SIS) to manage user data and login credentials, streamlining access to school resources. This integration allows IT administrators to maintain a single database and users to have one account for all online resources. The connection between the website and SIS enables remote authentication, where user credentials are verified against the SIS database. In case of a connection failure, Finalsite can use a failover procedure, relying on a cached copy of credentials to ensure continued access.

There are two aspects involved in configuring the remote authentication failover process: setting up password caching, and establishing the methods of authentication for constituent roles. Password caching simply means that the Finalsite installation maintains a separate record (or "cache") of user login information. The method of authentication describes which record the website looks to when authenticating a site user: the SIS record or the website record.

Enabling password caching

To set up the failover functionality, password caching must be enabled in the Authorization settings in Integrated Services Manager.

To check if password caching has been configured, open Integrated Services Manager and click the "Authentication" tab at the top of the window.

Screen Shot 2018-12-19 at 15.10.16.png

You'll see the available methods of authentication appear in the left-hand menu; one of them will be "finalsite," the other(s) will be your school's SIS (in this example, LDAP; other examples might be SeniorSystems, VeraCross, PCR, or something else entirely).

Click on the name of your school's SIS (not "finalsite") to display the settings. Make sure the checkbox marked "Enable Cached Passwords" is selected.

Annotation on 2018-11-3.png

If the checkbox is not selected, contact Finalsite Support to enable it. With this checkbox enabled, your Finalsite installation is set up to maintain a separate record of user credentials that can be used in case the network connection to the SIS database is unavailable. Password caching is optional, but it is the only way Finalsite can ensure continued login ability in the event of a connection problem.

Important Note

Users must have logged into the website at least once in order to take advantage of this failover setup. Users who have never used their credentials to log into the site would not be able to take advantage of the failover in the event of a disrupted network connection to the database.

When the SIS database is not available

If users are experiencing difficulty logging in with the SIS authentication process, it may be necessary to enable the failover and authenticate against the cached passwords.

Testing the SIS connection

Before you switch from authenticating against the SIS database to authenticating against the Finalsite database, it's a good idea to test the network connection to the SIS to ensure that the problem really lies with that connection.

  1. Open Integrated Services Manager and select the "Authorization" tab.

  2. Click on the name of your school's integration database (not "finalsite").

  3. Select the "Test Authentication" button, and enter a valid username and password in the appropriate fields.

    Screen Shot 2018-12-19 at 15.09.04.png

  4. If you encounter an error saying that the authorization failed, then you know that there is an issue with the connection to the SIS database. At this point, you can switch to using failover authentication by following the steps below.

Important Note

It is recommended that multiple user credentials are tested to rule out a problem with any particular account in the system that is authenticating the user. Typically, when the network connection to the third-party system is down, all users authenticated through that system will not be able to log in. If only a few users cannot log in, it is most likely an issue with their account in the third party system, rather than with the network connection.

Enabling failover authentication

Once you have tested the SIS authentication and established there's a problem, you'll need to turn off that authentication and turn on the "finalsite" authentication.

  1. On the Authentications tab, select whichever authentication is failing.

  2. Select "Role Settings" in the upper-right corner.

    Annotation on 2018-11-3.png

    You'll be presented with a list of roles that use that authentication.

    Screen Shot 2018-12-19 at 14.52.06.png

  3. Click the green checkbox next to the role to disable the authentication and route the users through Finalsite.

    Screen Shot 2018-12-19 at 15.23.49.png

  4. When the issue with the SIS is resolved, go back through the same steps and click the black "X," which should turn to a green checkmark. Everything will be routed back through the enabled authentication.

Was this article helpful?
2 out of 2 found this helpful

Comments

0 comments

Please Sign in to leave a comment if you don't see the comment box below.