Accelerus Login Options

Accelerus requires each user to login, with a user name and password, whether into the database or an offline file.

By default, the login system in Accelerus assigns the teacher's code, as set up in the Accelerus database, as their user name.

Their Accelerus password, by default, when a teacher is added to the Accelerus database, or when a database has been converted from MarkBook, is also their teacher code.

However, login settings found in the System Items tab of the School Settings window allow schools using Microsoft Active Directory to link Accelerus logins with teachers' Windows logins. Therefore, teachers do not have to use or remember an additional user name and password for Accelerus. Instead, their school Windows login is used to verify their identity.

Set SystemLoginSettings

To enable Active Directory when teachers are using Accelerus, whether working in the Accelerus database or in offline files:

•	Before you activate these settings, the person who is logged into Accelerus should be the same user as is logged into the computer.

•	Go to Tools > School Settings.

•	Click the System Items tab.

•	In the Login Settings for Database and Offline Files section:

➢	Check the box to enable Active Directory integration in the School Settings window, if required.

Accelerus will immediately check who is logged onto the computer and will assign their domain credentials to their teacher record. A message will appear, informing you of this.

Set SystemLoginConfirm

If the logged on user to the computer is not the teacher who is logged into Accelerus, when you have finished setting the Login Settings, you must ensure that the correct domain user names are added to the two teachers concerned.

➢	Click OK to the message.

➢	Choose from the two option buttons, depending on the level of integration required.

➢	In the case of the second option, select any of the further options required, if any.

•	Save the School Settings window by clicking the Save icon or pressing Ctrl S.

•	If teachers already have their offline files, the activation of the Active Directory settings will only take effect in the offline files after the teacher next synchronises. Until then, teachers will still use their current Accelerus teacher code and password settings.

•

Problems may occur when teachers are using Accelerus at multiple schools which all have Active Directory only logins without prompting. The teacher would need to have separate login users for their laptop. However, if a school continues to allow an Accelerus password, through the use of the second Active Directory option, there should be no problem.

Once you have checked the box to enable Active Directory integration in the School Settings window, you must choose from the two available options.

The first option button, Login using current Active Directory user credentials without prompting, is the tightest security option.

This option means the teacher is to be authenticated by Windows exclusively and, once logged into Windows, no further password of any kind is required in order for the teacher to work in Accelerus.

When this is selected, Accelerus automatically checks who is logged into the computer and if the logged in domain and user name matches the domain and user name of any teacher in the Accelerus database or the teacher who owns the offline file. If it does, on clicking such a data source in the Accelerus Login window, the teacher is immediately logged in. They are not prompted to enter a user name or password at all.

Set SystemLoginFirstOption

If a school decides to activate this option, so that only Active Directory credentials are accepted, there are some disadvantages:

•	The database must have every teacher's Active Directory domain user name set up in it.

•	Where teachers use offline files, they will not be able to collect their offline files from the Accelerus Login window. At that point, Accelerus does not know what authentication the database is using. Therefore, the offline files must be:

➢	Exported for teachers from Accelerus by the Accelerus administrator, or

➢	Teachers must login to the Accelerus database and collect them via the Welcome Screen.

•	Users can only login to the database and an offline file as themselves, eg where a school has staff room computers, teachers must log out of the network so another teacher can login and be able to use Accelerus.

•	All users must belong to the school's Active Directory.

The intention of the second option, Prompt for Active Directory user name and password, is that teachers do not have to remember two passwords but still need to login to Accelerus separately from their Windows login.

This means, for example, where there is a shared staff room computer, teachers do not need to log out of Windows totally in order to be able to login to Accelerus as a different teacher.

Set SystemLoginSettings

With this option, you may:

•	Not select any of the further options that are available.

In this case, teachers will be prompted to enter either their Windows login name and password, or their Accelerus login details.

UI LoginBothPasswords

•	Select one of the additional authentication methods:

➢	The option Try current domain/username before prompting will check the current user who is logged into the computer and if their Windows login credentials match with those in Accelerus, they will be logged into Accelerus immediately, without prompting them to reenter any login details.

However, if the login details do not match those in the selected data source, ie the offline file, or anyone found in the Accelerus database, the teacher is prompted for login credentials.

Whether the data source accepts Accelerus login details, in addition to the Active Directory login details, will depend on whether the last of the three checkboxes is ticked or not.

This option has advantages in that in most cases a teacher will not have to reenter their login details. However, where the database does not have the teacher's domain user name and password, or the computer has never been attached to the school's domain, eg a home computer, teachers will be prompted to login and they may enter their Accelerus login details.

➢	Checking the Store a hash of the AD credentials in the offline file option means that, when offline files are created or synchronised, Accelerus stores an encrypted copy of the teacher's Active Directory user name and password in the offline file.

Set SystemLoginHashOption

This option may be useful where teachers at the school regularly need to access student results outside of the school or do not have their own laptops.

Storing the teacher's Active Directory user name and password in an encrypted format in the offline file means that the offline file can be opened on any computer that has never been part of the domain.

This is a potential security issue because the Active Directory password should only be stored in the actual Active Directory.

However, security concerns are mitigated by the use of a bcrypt algorithm that provides one of the highest levels of security.

•	The last checkbox, Disable Accelerus teacher code/password login, means that teachers, where prompted, will have to login using their Active Directory credentials.

If the login box appears, it will only allow the teacher to enter their Windows user name and password to login.

UI LoginWindowsPasswordOnly

Where this last checkbox is ticked, the Accelerus administrator must immediately open their own teacher record and set their own domain user name therein or will not be able to login again.

In order for teachers to be able to login to Accelerus using their Active Directory credentials, all teacher records must contain the teacher's domain user name.

When the Enable Active Directory Integration checkbox is ticked in the School Settings window, an additional field appears in every teacher's window - Domain User Name - as seen below.

The Domain User Name must be the full domain user name, eg SchoolDomain\jemm, as shown below.

Teachers' domain user names may be added manually to teacher records, or may be imported via a teacher CSV file.

If being imported, a column headed Domain User Name needs to be inserted in the CSV file used to import teachers, and the domain user name for each teacher entered therein.

It is not necessary to reimport all teachers' details if your teachers are already in the Accelerus database and you wish to move to Active Directory integration. You may import a CSV file to update the teacher records with their domain user name in bulk. All it requires are two columns:Teacher Code and Domain User Name.

Ent TeacherDomainUserName