error_outline Only administrators can perform this action
As an administrator, Ans provides multiple options to increase security within your institution. The security measures that you can take are related to account authentication and verification. The settings can be configured for the whole school. This means all accounts are impacted by these settings, unless mentioned otherwise.
To navigate to the security menu, follow the steps below.
- Click the domainSchool name in the menu on the left.
- Click settingsSettings in the menu at the top.
- Click Security in the menu on the left.
Now, you can configure all settings in the menu.
Enforce Single Sign-On (SSO)
The first option within authentication is to enable authentication. This option only works if you have an SSO provider configured. You can add your own identity provider under the menu Single Sign-On. Ans also supports the use of third-party services to set up SSO. The following services are currently supported:
To set up the authentication for SURFconext, your administrator of SURFconext can request a connection with Ans via the dashboard of SURFconext. After requesting a connection, our support team will receive a notification and they can approve the connection. Ans has all environments prepared for a connection in the SURFconext dashboard.
- Production: https://ans.app/
- Stage: https://stage.ans.app/
- Development: https://dev.ans.app/ (can only be connected to a test active directory)
- Education: https://edu.ans.app/
To connect your active directory via eduGAIN, the beta feature SAML Single Sign-On needs to be enabled. Please contact email@example.com. The Ans support team will need the domain which is registered at eduGAIN. The list with all registered domains is available via: https://metadata.surfconext.nl/ (see below 'eduGAIN metadata'). After we've set the domain on your account, you are able to set up a eduGAIN account via the SAML Single Sign-On menu.
Enforcing SSO will prevent users from logging in with their local account. By local account, we mean an account that has been created via Ans and which is authenticated via their own created password in Ans. On our login page, the SSO login method is located at the top and below that, you can log in with your local account. Enforcing SSO will make sure access to Ans is denied if users log in via their local account. An exception to the rejection of local accounts is the option 'Use one-time password'. This option can be enabled via the taking menu during a digital test. If a student forgot the password of the account, an employee can set a one-time password which is valid for 15 minutes. This is the only way to log in outside the SSO. If the 15 minutes have passed or if the one-time password is used, the user student will need to log in via SSO the next time.
Ans has multiple possibilities to import students to your Ans instance, for example via a group import, class import or student import via the Users menu. If the option Enforce SSO is enabled, it will not be possible to send invitations to your users. The first step in the invitation workflow is sending a URL to set a password for a local account, which is not possible anymore.
Require two-factor authentication (2FA)
As an additional security measure, you can require all employees to log in with two-factor authentication (2FA). Ans supports various 2FA solutions. Instructions on how to enable 2FA for your account can be found here.
Student ID number length
The student ID is required for each student. It is a numerical field which consists of at least 1 digit and a maximum of 12 digits. You can set the default length for all of your student IDs in this dropdown menu. In case you decide to change this field when users are already added to your school, take the following two things into account:
- Increasing the student ID is possible at all times. Ans will add zero(es) to the existing student IDs. For example, if you had a default length of 6 and you change it to 8, the student ID '123456' will be converted into '00123456'.
- Decreasing the student ID is only possible if all student IDs have the number 0 in the positions that will be decreased. For example, if you want to decrease the length from 8 to 6, this will only be possible if the first two numbers of each student ID are zero. You can easily check this by navigating to the overview of students and by sorting on their student ID.
Please sign in to leave a comment.