The Colorado Department of Education

Colorado Department of Education Identity Management

Frequently Asked Questions

  1. How does CDE Identity Management benefit me?
  2. What is Single Sign-On (SSO)?
  3. What is the responsibility of a District Superintendent?
  4. What is the responsibility of a Local Access Manager (LAM)?
  5. Which applications are affected by the change password process?
  6. Which username should I use to login?
  7. What is a complex password?
  8. What happens if my account has been locked?
  9. What if I forgot my password?
  10. How do I create an account for the CDE Identity Management System?
  11. I get an error page "You have not been granted access to this CDE Application." - what to do?
  12. Where I can find Data Pipeline Identity Management collection/group mappings?

The Colorado Department of Education Identity Management system (IDM) provides Local Education Agencies (LEAs) with a means of administering and maintaining user access to integrated CDE data systems. IDM also helps ensure adequate protection of student-level data that is received, collected, developed, and used by the Colorado Department of Education, in compliance with the Family Educational Rights and Privacy Act (FERPA).

Return to the questions.

1. How does CDE Identity Management benefit me?

LEAs have the tools and technology to administer and maintain their user access.
Users can go directly to their organization's LAM-users when they need access to a data system.
Users sign on once (SSO) to obtain access to the data systems integrated with the IdM system.
It is an automated process for registering and approving a new user, as well as for password resets.

Return to the questions.

2. What is Single Sign-On (SSO)?

When you log in using the CDE Single Sign-On (SSO) process, you will be able to access all of the CDE applications you are approved for that have been integrated into the CDE Identity Management system.

Districts and administrative units have the ability to create and administer users and access privileges to CDE’s applications through CDE Identity Management.

Return to the questions.

3. What is the responsibility of a District Superintendent?

The District Superintendent is responsible for creating a user or a group of users known as the Local Access Manager (LAM) group. The District Superintendent is responsible for maintaining the LAM group, approving, and administering all access requests according to the delegated administration to CDE systems for Local Access Managers (LAMs).

Return to the questions.

4. What is the responsibility of a Local Access Manager (LAM)?

LAMs are responsible for approving and administering access to CDE systems for all users within their organization. This includes assisting users with their account issues, such as password resets and the lifecyle of user accounts within their organization.

Return to the questions.

5. Which applications are integrated with the Identity Management System?

When you change your password, it will be changed in all CDE applications included in the CDE Identity Management System. This includes:
- Colorado Adult Education System for Accountability and Reporting (CAESAR)
- Colorado Education Data Analysis & Reporting System (CEDAR)
- Colorado Growth Model (GM)
- Statewide Standard Course Codes System (SSCC)
- Grant Payment System (GPS)
- IDEA Budget and Expenditures System
- Facility Schools Student Data System
In the future, all CDE applications will be integrated into the CDE Identity Management System.

Return to the questions.

6. Which username should I use to login?

Your username is your email address.

Return to the questions.

7. What is the CDE password policy?

CDE established a password policy to make sure users have a secure strong password that is less susceptible to someone guessing it. The system will not let you set up a password that does not adhere to the CDE password policy.

Two key strategies to accomplish this are to require users to set complex passwords and to require users to change their passwords periodically (every 90 days).

We recommend you avoid using dictionary words, any part of your name or username, personal information about yourself that can be obtained by an Internet search, etc. The easiest way to construct a strong password is to create a phrase and use the first letter of each word, and then incorporate mixed case, numbers and or special characters. In addition, your password belongs only to you and must never be shared.

The CDE Identity Management system requires the following Password Policy.

Password Minimum Length 8
Minimum Number of Uppercase Characters 1
Minimum Number of Lowercase Characters 1
Minimum Number of Non Alphanumeric Special Characters

. . . . Example special characters include: ! $ # @

1
Minimum Number of Numeric Characters 1

Return to the questions.

8. What happens if my account has been locked?

After 10 login attempts your account will be locked. This is a security mechanism to prevent your account from being compromised by a program or hacker repeatedly trying different combinations of passwords. You can unlock your own account by selecting the "I Forgot My Password web page". If your require further assistance, please contact your Local Access Manager (LAM) using the "LAM Service Request web page to have your account unlocked.

Return to the questions.

9. What if I forgot my password?

First try the "I Forgot My Password web page". You will be prompted to enter your user name which should correspond with your valid email address. Assuming it is a valid email address, you will receive a temporary password by email. For security reasons, the next time you login with the temporary password, you will be required to change your password.

If you have any problems with your temporary password, please contact your Local Access Manager (LAM) using the "LAM Service Request web page.

Return to the questions.

10. How do I create an account for the CDE Identity Management System?

If you are a District Superintendent, please contact CDE at 303-866-6833, otherwise, contact your district Local Access Manager (LAM) user(s) e.g. from Assistance Request Form page.

Return to the questions.

11. I get an error page "You have not been granted access to this CDE Application." - what to do?

Please follow the below steps to add the group privileges to an account (in this answer part we use Statewide Standard Course Code System (SSCC) as an example).
1) After you are logged in as the Local Access Manager using "Access Management" link, click Users - Manage and search for a user.
2) You should see a list of users, select the user you want by clicking on their name.
3) Use the drop down at the top center to select group membership.
4) At the bottom of the group membership page select the "Assign" button.
5) Look through the groups (you might have to use the next link to find the one you want or you can filter them by entering e.g. *SSCC* on the "Filter By" field). Look for the groups which has e.g. SSCC in it. After the SSCC it will contain your district number and after that it will contain a "-2 District Administrator" or "-99 District Read-Only User". The "-2 District Administrator" indicates that they will be able to read, add, update, and delete course codes. The "-99 District Read-Only User" means they would only be able to read the codes. Only select one group and assign it to the user. Do not assign both as it will cause problems.
6) Assign the group you selected (first click checkbox and then "Assign Group").
7) The user is now assigned to the Statewide Standard Course Code (SSCC) system.
8) Go to the Colorado Department of Education Identity Management and select the "Statewide Standard Course Code System (SSCC)" link on the left side.
9) Enter your credentials, "User ID" is your email address and password.
10) You should see a screen showing you are signed in and the school year.

Return to the questions.

12. Where I can find Data Pipeline Identity Management collection/group mappings?

For Data Pipeline application group mappings see this spreadsheet.

Return to the questions.