Authentication
Overview
The CompassLink service runs inside your school and allows your users to authenticate using your existing LDAP infrastructure (such as Active Directory or Open Directory). This removes the need for separate password management and accounts for Compass.
When users log in to Compass, their credentials are encrypted, passed across to the CompassLink service running at your school, and validated against the school's infrastructure.
If the password matches with Active Directory, users will be able to successfully log into Compass.
Compass does not access the school's Active Directory to ensure security settings and passwords remain secure and to allow schools to determine their own levels of security and credential management.
Users permissions are determined by their group memberships which are queried at log in time, if a user has their groups changed to alter Compass permissions the user will need to log out and log back in to Compass.
If someone is unable to log in they will need to get in touch with the school technician or the individual who manages Active Directory at school as this will allow confirmation on whether the username and password match with the credentials in Active Directory.
Enabling the Service
To enable the service manually, navigate to the Tools Menu (Cog icon) - click Administration Tools - click Client Manager.
Identify the Client ID that you want to enable, and then click the corresponding pencil icon on the right hand side.
Find the 'LDAP Servers' section - ensure a green tick icon and the word 'Enabled' are displaying. If not, click on the tick icon to switch it to Enabled.
LDAP Infrastructure
The LDAP infrastructure, such as Active Directory or Open Directory, is usually managed by the school technician.
Compass uses the same Username and Password that are used at school and in the directory service.
If a users credentials match the LDAP infrastructure, they will successfully log into their Compass Portal.
Related Articles
CompassLink
Overview Compass integrates with your school infrastructure using the CompassLink service. The CompassLink service communicates between LDAP infrastructure such as Active Directory or Open Directory, and School Information Systems such as Cases21, ...PPOD
Overview Once a student's data has been added to PPOD, it will be synchronised across to Compass via the CompassLink service. The CompassLink service runs inside your school and will automatically synchronise school data from PPOD to Compass. This ...Two Factor Authentication
Overview To enhance the security of access to Compass at your school, you can enable Two Factor Authentication. This will require your users to confirm their identity via email or SMS when logging in to your school's portal. Please note: If your ...Security
Overview The safety and security of data within Compass is of the utmost importance. There are security measures in place to ensure that your user community is safeguarded against potential threats. Via the 'Security Settings' page, schools have ...PaperCut Integration
Overview Compass now integrates directly with PaperCut using CompassLink. The previous method of integrating via the SUSSI Service is no longer supported. While most schools use CompassLink already for authentication with Compass, this article will ...