Securing the Admin App (v2.x)


Starting with Admin App v2.0.0, ASP.NET Identity provides web-based authentication and multiple roles for the administration of ODS / API instances.

The Super-Administrator role is used to register multiple users with separate roles and privileges along with all ODS / API instances and its functions. The Administrator role is allowed to access only specific ODS / API instances and its functions. This user authentication model pairs well with multi-instance support within Admin App v2.0.0 and beyond.

Admin App Roles

With the move to ASP.NET Identity, Admin App now allows two roles for the administration of ODS / API instances:

1. Super-Administrator (default role for the first user)

A Super-Administrator is intended for an IT Administrator at a collaborative who is responsible for setting up instances for individual LEAs. 

Super-Administrator Permissions

  • Add a user
  • Assign a role to an added user
  • Register and delete ODS / API instances
  • Change and assign an ODS / API instance to an added user
  • Change user settings for other users
  • Delete a user
  • Plus, all permissions of the Administrator role

2. Administrator

An Administrator can access one or more ODS / API instances assigned by the Super-Administrator. This means that users in the Administrator role can only administer ODS / API instances specifically assigned.

Administrator Permissions

  • Manage applications
  • API key/secret creation
  • View descriptors
  • Bulk data uploads
  • Learning standards synchronization

General Configuration

First-Time Administrative User Setup

When first entering Admin App after installation, you must first register an initial Super-Administrator user. Click "Register as a new user" on login page for user registration.

The initial registered user automatically assigned with the “Super-Administrator” role. Provide an email, password, and confirm password value for login.

First-Time Admin App system setup

After user registration, the session will be directed to "Additional Setup Required" page for completing required steps. Click "Continue" to trigger the first-time setup process.

Once that is done, the user will be navigated to home page for the "Super Administrator" role with Global and ODS Instances icons.

Clicking on the Global icon will navigate to the Global page, where a user can administer Vendors, Claim Sets, and Users.

Details on ODS / API instance registration can be found here: Multi-Instance Connections (v2.0.1).

Additional User Setup

The Super-Administrator can manage additional users on Global→Users tab.

Valid email address and a temporary password are needed for creating an additional user.

Added user can be assigned with Super Administrator or Administrator role by "Edit User Role" action.

An added user can be assigned with ODS / API instances by "Manage ODS Instances" action.

User details can be edited with "Edit User" action.

A user can be deleted with "Delete user" action.

Added user will login with credentials provided by a Super-Administrator for the first time. After successful login, the user will be prompted to change their password.

If an added user is an  "Administrator" then the Home page will be presented with the "ODS INSTANCES" icon. 

Clicking on "ODS INSTANCES" icon will take user to list of assigned ODS API instances page.

No assigned ODS API instances:

With assigned ODS API instances: