myPass is a software application that is managed by Alberta Education and made available to Students, Parent/Guardian(s) and Authorized Users. The purpose of this document is to provide an overview of the security controls implemented within myPass and how PASIprep and Alberta Education’s Web Guard System support myPass security.
There are two user groups that access myPass:
|Ministry Users||This mode allows a PASIprep user with PASIprep Level 21 Permission - Access Student via myPass to access a student via myPass without the need to have an explicit myPass Connections with the student. This mode can only be accessed by first finding the student in PASIprep and then using PASIprep functionality to view the student in myPass.|
|Public Users||This mode allows any user with an Education Account to access myPass. The myPass user will only be able to view students that they have a myPass Connection with.|
A Ministry user can access virtually all of the pages that public users will see, and are only restricted from using the online payment system, viewing student messages, or adding student connections. Any actual 'admin' function, such as creating messages for students, is completed via the appropriate PASIprep screens, based on the user having the appropriate page permissions.
If the PASIprep user is able to view the Student Profile for the student and they have the PASIprep Level 21 Permission - Access Student via myPass, then the PASIprep user will be able to access the student in myPass.
Note: If the student's ASN is secondary or their ASN is deactivated, the PASIprep user is not permitted to view them in myPass even if they have access to them in PASIprep.
In order for an Education Account to have access to view a student’s information, the account must be formally connected to the student (via a myPass Connections). A myPass Connections record is created for this.
A myPass Connection Connection Status = Active is required for the Education Account to gain access to the student's information via myPass.
Every time a person tries to access myPass, the request is intercepted by Web Guard and the user is asked to log in using their Education Account if they have not logged in yet. Once a user logs in successfully into myPass, PASI does the email synchronization and cleanup. refer to Login to myPass for further details around this functionality.
Web Guard does provide the option for a person to create a new Education Account if they do not have one yet. The person’s email address is validated and then their Education Account is available to be used.
The following are the addition details:
The following diagram illustrates the different myPass connections an Education account can establish to access the student information in PASI:
The following are authentication patterns available to each user type to establish a successful myPass connection:
|myPass Connection Type||Email Match||Signup Access Code Match|
|Students (13 years or older)3)||Yes||YES|
|Authorized Users||YES 4)|
Please note: If a user exceeded the maximum number of attempts permitted to establish their connection, their Education Account has to serve a lock-out period. 5)
|Business Objects||myPass Functionality|
|Business Process Models|
|PASI Core and Internal Services|
|Documents||Data Access rules|
|PASIprep Functionality||PASIprep Permissions|