OSP LDAP/SSO Configuration & Integration

The OSP LDAP integration allows customers to leverage an existing LDAP implementation at their location to manage remote accounts used by either the OSP Parent or OSP Portal applications or both depending on customer requirements and capabilities.

i) Overview

Lightweight Directory Access Protocol (LDAP) Overview: The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. The LDAP integration supports the following security protocols:

Simple Authentication
Security Layer (SASL)
Secure Socket Layer (SSL)

ii) Configuration Options

OSP provides LDAP integration in four different configurations:

OSP Parent - LDAP Login Optional:

In this process of Login the user has the ability to login to the Parent site using its LDAP credential or can create an account in the application directly to access the site.

OSP Portal - LDAP Login Optional:

In this process of Login the user has the ability to login to the Portal site using its LDAP credential or can request an independent account be created in the OSP Portal application directly to access the site.

OSP Parent - LDAP Login Only:

In this type of Login the user can only login to the site using LDAP credentials. An application generated account is not possible in this configuration.

OSP Portal - LDAP Login Only:

In this type of Login the user can only login to the site using LDAP credentials. An application generated account is not possible in this configuration.

iii) Groups and Descriptions

OSP Group Name	LDAP Group Name	Group Description
Bookkeeper	OSP-Bookkeeper	Handles all activity setup, fund account setup, and reviews OSP statements. Has ability to reset a teacher’s password through the Setup \| Teacher Setup password feature. Can run reports for activities and student purchases at their school. Has oversight over an OTR receipt or deposit. Cannot generate an OTR receipt nor OTR deposit. Can refund orders.
OSPAdmin	OSP-OSPAdmin	Sets up OSP users for their school district. Creates district wide activities. Run district-wide reports. Can set up activities and view statements at each school. Can refund orders.
OTR	OSP-OTR	Allows a user to generate an OTR receipt, make a daily OTR deposit, view student information, and run reports on the school’s orders. Can void an OTR receipt, but cannot generate a return for any order.
Principal	OSP-Principal	Can view statements and generate reports for their school. Cannot add activities nor add/update fund account information.
Teacher	OSP-Teacher	This user role allows teacher to log in and view reports and query order information. They cannot add activities nor view statement and fund account information. This access is automatically created when the teacher is assigned as an activity’s sponsor/teacher.
OSC Admin	OSP-OSC Admin	Is the only user who can setup a district, enable reason codes for voiding a receipt & deposit. They setup the Payment Method Options and can disable & hide Student Information Fields. They create and maintain Fee Groups and Roster Groups and are the only OSC user type who can set up Agency/3^rd Party Fees.
OSC User	OSP-OSC User	Fee Groups and Roster Groups may be created and maintained by individual users. If the District Administrator chooses not to add fees, they will need to be added by the OSC User at the school level. They can add and edit student information as well as generate parent letters. They post receipts and deposits for student payments.
OSC Collector	OSP-OSC Collector	A Collector and generate receipts only. They cannot post fees nor deposits. This role is only used by a few districts.
OSC Poster	OSP-OSC Poster	A Poster can post deposits only. They cannot collect fees and generate receipts. This role is only used by a few districts.
OSC Reporting	OSP-OSC Reporting	With the Reporting role, this user can review OSC reports only. The purpose of this role is intended for auditor access.