You are here

WISEsecure Tasks for District Security Administrators (DSAs)

What Is WISEsecure?

lock icon

WISEsecure is a DPI WISEhome secure application. The WISEsecure application allows District Security Administrators and Application Administrators to securely assign or remove user access to WISEhome applications, data reporting tools, along with other applications and tools stored in WISEhome (e.g., School Directory/PI-1207, SNSP...).

Users can access certain WISEhome applications based upon their designated User Roles.  More information about DPI's applications and user roles association with each application can be found on the WISEsecure Roles webpage.

Three User Roles within WISEsecure

  • DPI Admin: only for DPI staff
  • Districts Security Administrator (DSA): assigned to LEA staff
  • Application Administrator (App Admin): assigned to LEA staff by the DSA
    • NOTE: A single user can/may hold both the user roles of DSA and App Admin at the same time, or it can also be a different person for WISEsecure each role. 

This page includes step-by-step instructions for DSAs to follow to perform these DSA-specific tasks in WISEsecure.

WISEsecure Task Guide for DSAs

Click the links below to navigate to different section of this page:

Information About the District Security Administrator (DSA) Role

District Security Administrator can either be the District Administrator (Superintendent) or an individual the District Administrator has appointed.

The District Administrator is responsible for either taking on the responsibility of District Security Administrator (DSA) or delegating that authority to another individual. 

NOTE: The DSA and/or the Application Administrator(s) chosen by the district would be similar to a person assigning roles and managing access to the district student information system

The District Security Administrator (DSA) is the gatekeeper in the district for managing access to District WISEsecure Security Administrators lookup application for all Application Administrators and access to all WISEhome Applications. We recommend the District Security Administrator (DSA) role be streamlined (e.g., only one or two DSAs identified) and that the assigned District Security Administrator (DSA) has a broad knowledge of district functions and applications.

The District Administrator has several responsibilities for student data privacy and confidentiality in their district. To start, the District Administrator, or their designee, will be setup as the District Security Administrator (DSA). The DSA is responsible for setting up application administrators, annually reviewing access, and is also responsible for the District's data privacy policies required under §118.125(2). Refer to the Student Data Privacy Resources page for more information.

DSA Role - Tasks

In WISEsecure, district security administrators (DSAs) can perform a variety of important security tasks. DSAs can:

  • assign other users as application administrators,
  • designate which email address domains can be used to sign into WISEhome,
  • review what applications each user has access to, and
  • revoke application access for users who no longer need access or who leave an organization.
  • DSAs can also grant normal application security and user roles.

The District Administrator Authorization Form

artifact

The District Security Administrator (DSA) will be given access to the District WISEsecure Security Administrators lookup application by DPI Application Security Administration after the District Administrator Authorization Form is submitted by the District Administrator and approved by DPI. Once the District Security Administrator (DSA) access is granted to District WISEsecure Security Administrators lookup application, the District Security Administrator (DSA) will log in to WISEhome and assign or remove Application Administrators for each WISEhome Application. District WISEsecure Security Administrators lookup application will generate and send an email to the Application Users assigned or removed, notifying them of their access.

DSAs can access every feature in WISEsecure. To request to be assigned as a DSA for your organization:

  1. Create a WAMS ID associated with your district email address. To do so, go to WAMS self-registration.
  2. Once you have a WAMS ID, complete the District Administrator Authorization Form to submit a request to be assigned as a DSA.
    • If the District Administrator chooses to delegate the District Security Administrator (DSA) role, the District Administrator must have the delegate's WAMS ID before the District Administrator Authorization Form request is made.
    • To make a District Security Administrator (DSA) request, the District Administrator fills out the online District Administrator Authorization Form to indicate they understand student data privacy and confidentiality as well as the responsibilities of a DSA, and passes along the knowledge to the delegates.
    • District Administrator will update the form, review responsibility, sign, designate or remove District Security Administrator(s) (DSA), and submit the form for approval. The form will then be routed to DPI to review request for approval.

Refer to the following user guides for instructions on how to use WISEsecure as a DSA:

Quick Training Video for Completing the DSA Set-Up Form for School Administrators

Running time: 4 min. 3 sec.

 

 

Assign User Roles for an Application and Review User Access Permissions

To learn how to assign user roles for a WISE application, and how to Review  User Access Permissions, visit the Assign Access to WISEhome Applications webpage.

 

Assign a User as an Application Administrator

To learn how to assign the specific user role of Application Administrator, visit the Assign Access to WISEhome Applications webpage.

 

Designate Approved Sign-in Email Domains

Users can log into WISEhome with an email address that has an approved email domain. The email domain is the part of an email address that comes after the @. For example, DPI employees have the email domain @dpi.wi.gov. As a DSA, you specify which email domains are allowed to be used to sign into WISEhome at your organization. To do so:

1. Go to the Email Domain Restriction page in WISEsecure.

Email Domain Restriction page

2. To add a new approved email domain, enter the domain in the Email Domain field, including the @ sign, and click Add.

3. If there are email domains you no longer want to allow as sign-in emails, click Remove next to the email domain to remove it from the approved list.

4. In the User Lookup From list, you can determine how users are able to log into WISEhome. Select WISE ID to allow users to sign in using email addresses using Google Cloud Directory Sync. Select WAMS to allow users to log in using a WAMS ID. You can select both options if you want both to be available.

 

 

Offboard Users

When a user leaves your organization or otherwise no longer needs access to WISEhome applications, you can quickly remove their user roles on the Offboard Users page. To do so:

1. On the Offboard Users page, search for a user by Email, First Name, or Last Name.

Search for offboarding users

2. Select the user from the list of results, then click Review User Access to open the Offboard User (Remove Access) form.

Offboard User form

3. On the Offboard User (Remove Access) form, double-check to make sure you want to remove the user's access to all WISEhome applications. If so, click Revoke All Access.