FAQs

What is RapidIdentity?

The student login options presented for young non-readers included scanning a QR code or selecting an image. Are there alternative login methods that would be more accessible for young learners who are blind or visually impaired?"

Will there be a dashboard to enter data and push it in Munis and/or IC?

Will there be an SSO to replace Clever?

Does this integrate with Vector and Frontline?

Looking at when staff is offboarded, are we looking at and active / inactive field to auto disable account from Munis verses end date? End Date may cause last check to not be processed? (conversation with another district).

How do Active Status work with Hire Date and Termination Date?

If Termination Date has not been used in the past for all people that are not active in Munis, will a termination date have to be entered?

Is there any way to prevent an active user from being provisioned? There are times that a payroll process requires employees to be activated, but they really are not working for the district?

Will staff user accounts in IC be synced with the accounts coming from Munis in any way? Currently, staff accounts SSO to Microsoft. Will Rapid ID be a new SSO source? If so, how will staff users in IC be changed to the new SSO(district use the user batch tool in IC ourselves or will this be done for us)?

Is there any expected timeframe for provisioning to occur once the required fields exist in Munis?

Is there any expected timeframe for provisioning to occur once the required fields exist in Munis?

Can other fields in Munis be pulled from to populate information about staff users (ie. Location Address, City, State, Zip)

What fields in Microsoft, Google, Clever will the required fields from Munis and IC be populated to from RapidIdentity?

If Location Names differ in Munis and IC, but the location code is the same, will this be something that needs to be cleaned up in both systems?

Districts currently populate additional fields and use those for dynamic group assignments and other security or distribution group uses. Will there be a way to have those also populated by RapidIdentity?

What is the process when a name change occurs? Is new email automatically created? Will old address still be available. Will more manual processes have to occur?

How would we handle staff accounts with email addresses if they would like a nickname instead of their legal name? For example, a staff member whose legal name is Joshua Smith would like to be called Josh. How will email address generation work?

In MUNIS, if we use the Employee Status of B-Benefits Only, for our folks on unpaid leave, they have no term/inactive date, I want to be sure their account will not be inactive with that status?

Fired employee. if we fire someone and want them out NOW. but still need to pay, so end date may be a thing

I saw it was required to mark each staff member as inactive and terminated.  Is that correct?  Also, what about past staff members that don’t have a termination date (Past Finance may have not done this), but are marked inactive do we need to go back and put those dates in?

We have a staff member or two that goes by their maiden name in AD, Google, IC, but Munis has their married name. Will their email and all other areas of documentation need to be updated to the married name, or will there be a way that they can continue to use the maiden name for their email and such?

When someone leaves the district through retirement, termination, resignation, etc. will we delete them from MUNIS, IC and from AD?

Clarity: To ensure that the current staff member links between Munis, IC, and other platforms, do we need to ensure that the Munis field for email needs to be entered and the phone number is a cell number for MFA?  I have checked the employeeID and matched them but I was also wanting to make sure that this data item is aligned as well.

Does the Job Class in Munis need to match the Job Title in IC? For example, if Munis lists Elementary Classroom Instructor and IC lists someone as a School Teacher will that cause a duplicate or mismatch?

If an employee is in MUNIS as "A" (Active) but has a term date and/or term code will that suffice to term their email and IC access? We do not/have not necessarily marked all employees as "I" (Inactive) when they term.

Previously we did not put "preferred names" on employees. Will we need to do that for all employees during our clean up phase?

Many districts do not have IC configured to automatically create user accounts for students as soon as the person is created in the system and a schedule assigned. Will KDE have a defined method for doing this? How specific will that be?

The process of automatically creating student accounts will have to happen prior to the email address being created and written back to the Census Contact Email field. The document says that Rapid ID will convert the user to SSO. All of my users currently use email address as the username and point to Microsoft for SSO. Will this conversion process replace that automatically created userid with the email address or would a second user account be created for each student?

Also, will the SSO source be RapidID or still point to the source we currently have configured? If the SSO now points to RapidID, will the district setup that source?

Will all existing student accounts be switched to the new SSO source automatically, or will the district be tasked to run the user batch tool to convert those user accounts?

What is the timeframe for when student account would be provisioned once required fields are populated?

What fields in Microsoft, Google, Clever be populated by the data in RapidID for students. I expect this to be different from adult users.

The student's legal name is Samantha, but she would like to be called Steven. Parents call to have this information updated. How would this be handled in RapidIdentity?

Will it be possible for student accounts to be created BEFORE their 1st day of instruction?

Students must have "active enrollment in the active year" - I am just confirming that students WILL have access to their accounts in the summer, even though technically there is no "active enrollment" during that time.

Several places in the Normalization Guide and FAQ specifically mention AD, especially questions about synching data fields. None of our students and approximately 30 of our staff have accounts in AD. We only maintain accounts in Google. Is this going to affect our adoption of CUES?

When students are initially entered into IC in a district, will the IC2AD (Charlie Box) be needed anymore?

What about early graduates? Students who finish in the fall semester but will still need account access until the end of the school year?

Districts currently populate additional fields and use those for dynamic group assignments and other security or distribution group uses. Will there be a way to have those also populated by RapidIdentity?

What is the process when a name change occurs? Is new email automatically created? Will old address still be available. Will more manual processes have to occur?

Employee Number must match both IC and Munis

Does the cell phone number need to have for Type Cell-Cell or since we use Home-Home for type will this work?

Finally, email addresses much match, but there was alt email (Personal) will this need filled out to link existing users to their current email accounts or is this for just creating new accounts. I know that there are several personal accounts in the system already - Alt Email (personal) can be used for account claiming of the RapidIdentity account and setting the initial password.

I see on page 4 of the readiness guide at the bottom it gives two options for mapping, it states that employee # from IC and Munis respectivieyly should be populated in the employeeID field for each user in Active Directory. Does this mean we need to put the #s in AD for each user or will it map it for us? Also what about Google?

Option 2 states emails much match? Just want to make sure for staff.

Can identities be customized? Will districts have any customizable fields? Example: Google Districts can only use FirstName LastName OR LastName, FirstName - Cannot use LastName, FirstName – District or Title Script to append last name – i.e., Woods (Technology Dept)

I assume a name change will create aliases within Google and or Microsoft, so They can get emails sent to their previous address

We currently use Clever, and it pulls data from IC. Will Clever now pull data directly from RapidIdentity?

How should contracted employees be handled? Would they be added to Munis?

How are Acceptable Use Policies handled? Currently, with IC, we have a process that looks to see if it has been completed before a script enables the account. For Staff we assume that has been completed during onboarding.

How does the system deal with name changes (marriage, divorce, adoption, etc)?

Can the Inactive field be used interchangeably with the Terminated field in Munis for account offloading?

We have two bus garages, so have created a 901L and 901M to identify each location. Will that create any issues since it is a slight variation from the KDE location code for 901 Bus Garage?

We provide quite a few accounts for student teachers; how would we handle that?

What data field determines which OU the account gets placed into? I'm asking about Google, but I'm sure AD districts would also like to know.

Will "preferred" name in MUNIS also allow for preferred last name? The example provided related to a preferred first name, but we have multiple staff members whose legal last name is hyphenated but they prefer to use only one of the last names.

In MUNIS, CELL is not listed as an option when adding a phone number. HOME is my only option. How do I fix that?

How would this work with dual enrollment students who have a home school outside of the district where they attend classes? Where it is using the state ID would it create two instances? Make a mess of things?

What should we do if we have an unpaid Volunteer Coach or someone without an Infinite Campus account? Additionally, how should we handle a maintenance account in similar situations?

When HR initially inputs folks into Munis. Should they leave the primary email address field blank and allow Identity Automation to write the email address?

Is there anything special that needs to happen for student workers that are paid through MUNIS?

In the CUES Readiness Guide Slide Deck, you mention "Additional IdAs" as potential systems that could send data to the CUES Provisioning system.  Can you please explain what "IdAs" stands for and give an example?

I was reviewing the FAQs and saw this question:  "Can we choose to stay with Clever for app management? And keep Clever badges?" and read the answer to the question which stated that authentication will be handed through RI then you can access Clever.  So my question is will the user first log into RI with a QR or badge (Example) and then have to use a clever login or will it be streamlined.  Reason for the question is if RI can do the same thing as clever then why have two different sources to get students into a product.

Question on clean up:  I've been cleaning up AD and noticed that some account accounts were created in the clould that are not on Prem.  Also, I noticed some Munis and State accounts in the system.  Will cues push to our local on Prem AD servers or to the cloud. And who do we need to contact about the Munis and State accounts to ensure they are good.

For MFA:  In munis I see Home by phone number for staff, I didn't see Cell or C as an option.  We will be wanting to use MFA by phones for staff.  The question is do we need to create a drop down option with C or Cell as another option for Home?

For users who currently exist, does the user email munis need to be the same as the contact email in Infinite Campus?

When an account becomes inactive, it writes to AD or Google that the account is disabled I believe, how long will that account stay in those 3rd party devices.  Or will termination delete them in a timely manager.

I see that for AD we need to use employee ID for connection, what about Google accounts will that also be employee ID field.  I have matched it in both AD and Google but are their others that need to be done to ensure that they connect?

On Tyler EERP data normalization, are there any data entry standards? For example, the Enrollment data standard for Campus says to not use punctuation, hyphens, etc. In addition to punctuation, are there standards for proper-, upper- or lower-case entry? If there is not, since most data in EERP is entered in uppercase, will the data flow as displayed in EERP, or will there be a conversion to a selected case? What about names that have camel case such as McDowell?

Page 2 of the "CUES Normalization/Readiness Guide and Activities - v1.0" displays a CUES High Level Overview graphic and the bottom of that graphic shows "Students", "Teachers", and "Staff" each as individual boxes with data flowing from them to RI. These boxes are unique to one another as there is a Chrome icon in the Student box, Chrome and Windows icons in the Teachers box, and Apple and Windows icons in the Staff box. As these icons appear to be very intentionally placed, can you provide some additional explanation.

Do we need to work on populating the preferred name in Munis for existing users that have a non-standard email address or is this only for new users moving forward after project completion?

Is there a limit on the length of an email address that CUES can create for an individual? Our longest name currently, including the period in-between the first/last name is 35 characters. It could be longer in the future.

If we do not enter a cell phone number for staff in Munis, will there be other MFA options?

Does RapidIdentity integrate with PaperCut for user synchronization, including the ability to generate or sync PIN numbers for authentication?

From the regional meeting: Melissa mentioned during a call that JAMF will be used for MacOS devices. What does this look like? Is there a MacOS agent, or will JAMF need to set the password on the MacOS device for the user?

What process must be done to make end user devices ready for RapidIdentity (ie. what has to be done to a domain joined windows workstation to make it login directly to RapidIdentity rather than on prem AD)? Do we install software on the workstation? Is something installed on Domain Controller to redirect the login? Is this even possible?

I notice on linked in IA has 90 employees. Only 13% work in support. This comes out to be 11 full-time techs. How will IA be able to support districts with onboarding during the process with such a small quantity of support? Will we be able to utilize their support or will we rely on the KETS help desk?

Can we make apps available in the IdentityPortal by school or even specific student groups within a school (e.g., by specific course/section, EL students/staff only, 3rd grade only)? Many of our apps are purchased by a handful of schools or even a small number of licenses within a school instead of district-wide.

Will there be an option for email accounts to be available past their last employment/enrollment date? For example, 30 days for staff and 120 days for seniors.

For accounts that have an end date, when would these accounts be deleted versus inactivated?

How fast will password sync occur when user makes the change in Rapid Identity?

What does RapidIdentity look like?

Does RapidIdentity have a LaunchPad like ClassLink LaunchPad or Clever Portal?

Does RapidIdentity have a rostering solution like ClassLink rostering?

How fast will provisioning occur once someone has been put into the "source of truth? How often will provisioning occur? Every 15 minutes? Every hour? Once a day?

If RapidIdentity is the IDP, will we be able to customize the fields we need filled? We know we can do this with Infinite Campus.

One of the big jobs we have to do early in each school year is updating the pictures of students in IC and other applications like our LMS. Will there be a way to connect CUES to school picture companies like Lifetouch to automate picture updates?

How does this work with Entra?

Can we choose to stay with Clever for app management? And keep Clever badges?

Since a self-service password reset is part of the product, is there an option to send password expiration emails to users if their password is within x days of expiration?

What platforms is the passwordless student login compatible with? I'm thinking about a student putting their email on a smartphone.

What things do I need to do to start preparing for this project?

How should "service accounts" be handled? Are these accounts sponsored (without an expiration or with)? Or should we use Azure/Google/AD to create accounts and manage them outside of RI?

We have many service accounts for various technology processes. FAQ says these won't be handled in "Phase 1". Will there be a way to maintain these accounts?

How will RI impact vendor VPN access? Will we leverage sponsored account with VPN group access?

Does Rapid Identity have a way to connect to an NAC (network access control - IE Extreme NAC / rgNET / Fortinet NAC ) for identity? This would be used for Guest registration for personal devices but allow the Lightspeed content filter to properly identify the end-user.

How about Homeschool students that want to attend an ATC site? These students may or may not be listed in IC.

How does this affect accounts for users that are not listed in Munis since they are not paid?

I currently have an issue where 15 or so of my students who are enrolled in my SIS are part of an educational academy in another district. This requires them to have that district’s email domain. Currently, I have a script that I run nightly that will overwrite the email addresses for those students so they are able to access everything they need in the academy. Are there any processes currently in place to handle this type of situation, or is this something I will need to continue to manage as I currently am?

How to handle Homeschool students who are going to the Area Technology Center. Some homeschooled students are inactive in IC, and some are not.

We auto-provision student accounts. We have a library of passwords that is age based for complexity level. Once the password is assigned to a user it cannot be assigned to another user. The district maintains a database of student passwords to distribute to students, to troubleshoot issues a student may be experiencing as well as investigate student use. We do not allow students to change their password. Does Rapid Identity have a similar capability?