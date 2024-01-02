The Andhra Pradesh State Council of Higher Education (APSCHE) has issued a tender for development of a Single Sign-On service, which can facilitate access to the State’s Learning Management System (LMS) portal without having to undergo multiple logins.

What’s the Learning Management System? The LMS portal run by APSCHE is a digital educational infrastructure for students, teachers, and administrators, which provides multimedia educational resources like bilingual textbooks, podcasts, interactive content etc. The LMS platform also facilitates certificate courses, and internship or placement opportunities in collaboration with training partners and industry members.

According to the tender, currently the usage of such content on the portal is minimal. It further stated that students have to undergo multiple login processes to avail various courses on the platform or to access external domains which are not integrated with the APSCHE. This also disallows the department to track a student’s learning journey. The government is looking to establish a SSO service to unify various education portals and other relevant sites with the LMS, which they believe will improve access for students, and facilitate a comprehensive view of the data collected for the administrators.

Why does it matter: The AP government’s push for unification of multiple State education platforms to track students’ academic journey, is in line with the Union government’s pursuit of establishing a digital registry for tracking and analysing data across states. The introduction of various projects like the Education Ecosystem Registry, the APAAR Id, updating the UDISE+ plus portal, etc in the past year have all outlined the architecture for connecting individual databases, providing SSO facilities using systems like DigiLocker, and offering a comprehensive view of education data. The AP government’s move indicates that governments are taking steps towards digitisation of key processes, while questions related to uninhibited access, user consent, robust data protection mechanisms remain unanswered.

What will the SSO service provide access to?

The implementation agency is required to design and develop the SSO, which will allow the students to access information, through a single login, to the following:

Guidelines/Policy related instructions on various initiatives taken by APSCHE under National Education Plan (NEP) (Internships, Multiple entry and exit, minors etc.)

Academic calendar of the University/College

Curriculum details

Access to e-content on the LMS platform of APSCHE

Newsletters of APSCHE and Various colleges

Details of events conducted by APSCHE, Universities and colleges etc.

Examination calendar of the universities and colleges

Links to external sites offering internships, certificate courses like Swayam, NPTEL, and various college sites

Information regarding college infrastructure and college placements

It will also have to provide multifaceted features for user registration and authentication; offering role-based access for students, faculty, and administrators; course enrolment options; access to content and discussion forums; options to submit assignments and assessments; onboarding content creators; controls for course and content management, among others.

Applications and portals the SSO will be integrated with:

The APSCHE wants the SSO service to be integrated with the State’s Student Information System (SIS) to provide a unified portal for students to access academic records, course schedules, and personal information. Additionally, the implementing agency will have to integrate the SSO with the Library Management System, online examination portals, institutional websites, email services and communication tools, and any other “institution-specific applications and systems” requiring user authentication.

The APSCHE will also provide a comprehensive list of specific campuses, regional offices, or geographical regions where SSO will be deployed to ensure that users across different locations can access the educational ecosystem. Of the other requirements, the SSO solution has to be compatible with mobile applications on iOS as well as Android, and must also be integrated with cloud-based services and legacy systems within the educational institutions.

What are the authentication methods the APSCHE is looking for?

The implementation of a SSO service will require different authentication methods to establish the credentials and ensure the data security of the user. The tender outlines the following methods desired by the APSCHE for the SSO facility:

Username/Password: This will require the input of a unique username and password.

Biometrics: Biometric authentication may include fingerprint, facial recognition, or other biometric identifiers.

Smart Cards: Smart card-based authentication makes use of a physical token for user identification and access.

Multi-Factor Authentication (MFA): MFA requires users to provide multiple forms of authentication, such as a password, a one-time code, or a fingerprint. These methods should be implemented in a flexible manner for users to choose the most suitable method while adhering to the security requirements of each service, application, or system.

What about data security?

The APSCHE has outlined the following measures to be implemented for ensuring security of the SSO service:

Authentication: The agencies have to deploy “strong authentication methods”, such as multi-factor authentication (MFA), to enhance the security of user logins.

Data Encryption: This will include implementing data encryption protocols, such as TLS (Transport Layer Security), to protect user data during transmission.

Authorization Controls: The agencies will have to define access control policies and methods to ensure role-based permissions for user access to resources within the integrated services.

Threat Detection and Response: This will require implementation of real-time monitoring and threat detection methods to identify and respond to security incidents in time.

