myPass Overview

myPass is a software application that is managed by Alberta Education and made available to Students, Parent/Guardian(s) and Authorized Users. The purpose of this document is to provide an overview of the security controls implemented within myPass and how PASIprep and Alberta Education’s Web Guard System support myPass security.

There are two user groups that access myPass:

Ministry Users This mode allows a PASIprep user with PASIprep Level 21 Permission - Access Student via myPass to access a student via myPass without the need to have an explicit myPass Connections with the student. This mode can only be accessed by first finding the student in PASIprep and then using PASIprep functionality to view the student in myPass.
Public Users This mode allows any user with an Education Account to access myPass. The myPass user will only be able to view students that they have a myPass Connection with.

Ministry Users

A Ministry user can access virtually all of the pages that public users will see, and are only restricted from using the online payment system, viewing student messages, or adding student connections. Any actual 'admin' function, such as creating messages for students, is completed via the appropriate PASIprep screens, based on the user having the appropriate page permissions.

Which Students Can Be Accessed

If the PASIprep user is able to view the Student Profile for the student and they have the PASIprep Level 21 Permission - Access Student via myPass, then the PASIprep user will be able to access the student in myPass.

Note: If the student's ASN is secondary or their ASN is deactivated, the PASIprep user is not permitted to view them in myPass even if they have access to them in PASIprep.

Public Users

In order for an Education Account to have access to view a student’s information, the account must be formally connected to the student (via a myPass Connections). A myPass Connections record is created for this.

Which Students Can Be Accessed

A myPass Connection Connection Status = Active is required for the Education Account to gain access to the student's information via myPass.

Education Accounts

myPass is secured by using Education Account that are managed by Alberta Education’s Web Guard System.

Every time a person tries to access myPass, the request is intercepted by Web Guard and the user is asked to log in using their Education Account if they have not logged in yet. Once a user logs in successfully into myPass, PASI does the email synchronization and cleanup. refer to Login to myPass for further details around this functionality.

Web Guard does provide the option for a person to create a new Education Account if they do not have one yet. The person’s email address is validated and then their Education Account is available to be used.

The following are the addition details:

The following diagram illustrates the different myPass connections an Education account can establish to access the student information in PASI:

mypass_student_access_diagram.vsd

Authentication Patterns

A user (Student, Parent/Guardian, or an Authorized User) is able to signup on myPass to gain access to the student's information.

The following are authentication patterns available to each user type to establish a successful myPass connection:

myPass Connection Type Email Match Signup Access Code Match
Students (13 years or older)3) Yes YES
Parent/GuardiansYes No
Authorized UsersYES 4)

Please note: If a user exceeded the maximum number of attempts permitted to establish their connection, their Education Account has to serve a lock-out period. 5)

Business Objects myPass Functionality
Business Process Models
Terminology
Core Processes
PASI Core and Internal Services


Documents Data Access rules
PASIprep Functionality PASIprep Permissions
3)
Student under 13 years of age are not permitted to gain myPass access.
4)
Authorized users myPass connection can only be established if both the Email and the Signup Access code are a match.