Security Controls for Customer Authentication and Access Management

1. Overview

This document outlines the security controls that are available to customers to ensure the security and confidentiality of their data within Waterford Early Learning. These controls include authentication mechanisms, access control measures, and associated configuration options available to customer administrators.

________________________________________________________________________

2. Authentication Controls

Customers are provided with multiple authentication options to protect access to their environments:

  • Single Sign-On (SSO) Support
    • SAML 2.0 integration for federated identity management
    • OAuth 2.0 support for delegated access
    • LTI 1.0 support for educational integrations
    • Clever support for clever educational integrations
  • Password Policies
    • Enforced minimum password complexity (Staff and Teachers):
      • At least 8 characters
      • At least one uppercase letter
      • At least one special character

________________________________________________________________________

3. Access Control

Customers have administrative access to configure and manage access to their data using the following controls:

  • Role-Based Access Control (RBAC)
    • Predefined Roles:
      • District Administrator
      • School Administrator
      • Teacher
      • Teacher + Class Administrator
      • Least-privilege model enforced by default

User Management

  • District School and Class administrators can create, modify, and deactivate user accounts respective to their data visibility scope
  • Users rostered through Clever, ClassLink, and OneRoster are managed by source and are read-only.
  • User audit logs are available to track account activity

Session Management

  • Session timeout 1 hour
  • Device/browser recognition for added login context

__________________________________________________________________________

4. Customer Responsibilities

While Waterford Early Learning provides strong security defaults, customers are responsible for:

  • Regularly reviewing user access and privileges
  • Integrating SSO, where feasible, to centralize identity management
  • Educating users on password hygiene and safe login practices

Last Updated: 5/20/25


How did we do?

Powered by HelpDocs (opens in a new tab)