ConexED supports automated account provisioning via LDAP and manual user provisioning typically via flat files. As ConexED has done with other clients using PeopleSoft, they will work with a school’s team members to establish account provisioning.
ConexED integrates as a Single Sign On (SS0) via Shibboleth/SAML2 or Central Authentication System (CAS). ConexED also uses our Canvas LTI as an open-auth system to authenticate user accounts.
ConexED allows for simple authentication for non-university users (e.g. prospective students, members of the community who use library services) via social media credentials (Facebook, LinkedIn, Google) or by registering for an account with ConexED.
ConexED takes student information protection very seriously. No one will have access to, nor will any information be disclosed from, a student educational record without the written consent of the student. The only exceptions: “school official with legitimate educational interests,” to authorized representatives of the federal and state governments for audit and evaluation of federal and state supported programs, or other provisions outlined by the FERPA document.
ConexED encrypts and secures all files hosted on Amazon Web Services’ (AWS) S3 Service. All ConexED server certificates are signed by a recognized Certificate authority (DigiCert) and use 256-bit SSL encryption for all web communication. All communication amongst the database, application, and authentication servers is also conducted via secure connections.
All of ConexED products are hosted and provided via the Amazon Web Services platform. No data hosted within the United States ever crosses international borders. At no time are international and national data co-mingled.
Meeting archive data (videos, audio and chat text) are stored as encrypted files on Amazon’s S3 servers using 256-bit Advanced Encryption Standard (AES-256). All meeting archive data is created and transferred to the S3 servers using SSL within a secure Virtual Private Cloud within the Amazon cloud. All web services, REST APIs and database applications are hosted via HTTPS. ConexED SSL configuration has an A rating from Qualy SSL Labs.
User data is stored on Amazon’s RDS (Relational Database Service). Connections to the RDS from our web app are over SSL and are on a private subnet. Remote connections to the DB outside of the VPC are impossible without access to the bastion server via SSL and a private key. Only ConexED’s CTO (Michael Gorham) has access to said private key which is rotated on a monthly basis. The bastion server is fire-walled with only TCP port 22 open which is normally turned off as connections directly to the DB are rarely needed.
In the event of a breach or leak of data, ConexED will inform the designated contact personnel within 3 hours. Within 24 hours of becoming aware of a report or incident, all initial contacts will be treated with the maximum possible privacy; specific information on any leak of identity theft risks will be reported to the school. Consistent with ConexED’s obligation to redress violations, every effort will be made to maintain the privacy of those initiating a report of a breach or leak of data.