The AWE(some) Identity Provider

Darllenwch y dudalen hon yn Gymraeg

Hwb LogoIf you’re a teacher or learner in Wales, you’ll probably be familiar with Hwb. If not Hwb is the online platform which provides access to a wide range of bilingual online tools and resources to support teaching and learning. Hwb is also one of Welsh Government’s biggest digital transformation programmes and over the past few months work has been undertaken to bring the running of this service fully in-house to Welsh Government.

But what does that mean?

Well, it means that we are now able to make changes and develop the platform quickly in response to feedback from our users and changes to our evolving curriculum. In practice, it meant a step into the unknown, as there had never been a transition undertaken on this scale before and in the extremely challenging timescales that we were working to.

As part of this work we’ve introduced a new log-in service, ‘the all-Wales Education Identity Provider’ (AWE IdP) to create, maintain, and manage user accounts for Hwb. The service will enable teachers and learners to use a single sign-on to an increasing number of online digital tools and resources, such as Microsoft Office 365 and Google for Education, by using their Hwb usernames.

There were three main stages in the change:

Step one – a clean break

During the school half-term break in May 2018 we effectively broke the link from the local user database and moved to a fully cloud hosted national user database solution (in technical terms, a move from the ‘on-premise’ Active Directory to the new cloud hosted Azure Active Directory). Users experienced a short (but also terrifyingly long!) period of around 20 minutes where they were intermittently unable to login to the Hwb platform, which was the only downtime experienced. Over the next 3 days, the platform experienced over 30k successful logins, which exceeded our estimates, and confirmed that the service was working as expected.

Step two – over to you

Screen shot of Hwb sign in pageWe received feedback highlighting that the management of user accounts was causing problems for school administrators. As part of the new developments, we were keen to address this issue by introducing a new secure User Management Portal.

Through the new User Management Portal, school administrators are now able to simply and quickly change passwords and carry out tasks such as recording learner consent for GDPR. We experienced around 5k successful password resets in the first week of operation. Again, exceeding our expectations, and re-affirming things were working.

Step three – think sync

We understand the benefits of maintaining a single record for learners throughout their time in the Welsh school system, and were keen to minimise any administration burden on the schools, so we established direct links between the national user database and Management Information Systems within schools.