You are here

Identity Management FAQ

The Colorado Department of Education Identity Management system (IDM) provides Local Education Agencies (LEAs) with a means of administering and maintaining user access to integrated CDE data systems. IDM also helps ensure adequate protection of student-level data that is received, collected, developed, and used by the Colorado Department of Education, in compliance with the Family Educational Rights and Privacy Act (FERPA).


How does CDE Identity Management benefit me?

LEAs have the tools and technology to administer and maintain their user access. Users can go directly to their organization's LAM-users when they need access to a data system. Users sign on once (SSO) to obtain access to the data systems integrated with the IdM system. It is an automated process for registering and approving a new user, as well as for password resets.

Return to Top

What is Single Sign-On (SSO)?

When you log in using the CDE Single Sign-On (SSO) process, you will be able to access all of the CDE applications you are approved for that have been integrated into the CDE Identity Management system.

Districts and administrative units have the ability to create and administer users and access privileges to CDE’s applications through CDE Identity Management.

Return to Top

What is the responsibility of a District Superintendent?

The District Superintendent is responsible for creating a user or a group of users known as the Local Access Manager (LAM) group. The District Superintendent is responsible for maintaining the LAM group, approving, and administering all access requests according to the delegated administration to CDE systems for Local Access Managers (LAMs).

Return to Top

What is the responsibility of a Local Access Manager (LAM)?

LAMs are responsible for approving and administering access to CDE systems for all users within their organization. This includes assisting users with their account issues, such as password resets and the lifecyle of user accounts within their organization.

Return to Top

Which applications are integrated with the Identity Management System?

When you change your password, it will be changed in all CDE applications included in the CDE Identity Management System. This includes all applications listed on the Identity Management home page.

In the future, all CDE applications will be integrated into the CDE Identity Management System.

Return to Top

Which username should I use to login?

Your username is your email address.

Return to Top

What is the CDE password policy?

CDE established a password policy to make sure users have a secure strong password that is less susceptible to someone guessing it. The system will not let you set up a password that does not adhere to the CDE password policy.

Two key strategies to accomplish this are to require users to set complex passwords and to require users to change their passwords periodically (every 90 days).

We recommend you avoid using dictionary words, any part of your name or username, personal information about yourself that can be obtained by an Internet search, etc. The easiest way to construct a strong password is to create a phrase and use the first letter of each word, and then incorporate mixed case, numbers and or special characters. In addition, your password belongs only to you and must never be shared.

The CDE Identity Management system Password Policy requires that passwords:

  • must be at least 8 characters long.
  • must contain characters from 3 out of the following 5 categories
    • Uppercase alphabetic characters (A-Z)
    • Lowercase alphabetic characters (a-z)
    • Numerals (0-9)
    • Non-alphanumeric characters (for example: !, $, #, or %)
    • Unicode characters
  • must not contain any of user ID, first name or last name
  • must not be one of 24 previous passwords.

Return to Top

What happens if my account has been locked?

After 10 login attempts your account will be locked. This is a security mechanism to prevent your account from being compromised by a program or hacker repeatedly trying different combinations of passwords.Your account will unlock after 30 minute. If you require further assistance, please contact your Local Access Manager (LAM) using the "LAM Service Request web page to have your account unlocked.

Return to Top

What if I forgot my password?

First try the Change/Reset Password. You will be prompted to enter your user name which should correspond with your valid email address. You will also need to enter a challenge text from the picture. Click Send reset email button. You will receive an email containing a link to reset your password. The link is valid for 24 hours.

If you have any problems with resetting your password, please contact your Local Access Manager (LAM) for assistance using the LAM Service Request web page.

Return to Top

How do I create an account for the CDE Identity Management System?

If you are a District Superintendent, please contact CDE at 303-866-6833. Otherwise, contact your district Local Access Manager (LAM) user(s) e.g. from Assistance Request Form page.

Return to Top

I get an error page "You have not been granted access to this CDE Application." What do I do?

Please follow the below steps to add the group privileges to an account (in this answer part we use Statewide Standard Course Code System (SSCC) as an example).

  1. After you are logged in as the Local Access Manager using "Access Management" link, click Users - Manage and search for a user.
  2. You should see a list of users, select the user you want by clicking on their name.
  3. Use the drop down at the top center to select group membership.
  4. At the bottom of the group membership page select the "Assign" button.
  5. Look through the groups (you might have to use the next link to find the one you want or you can filter them by entering e.g. *SSCC* on the "Filter By" field). Look for the groups which has e.g. SSCC in it. After the SSCC it will contain your district number and after that it will contain a "-2 District Administrator" or "-99 District Read-Only User". The "-2 District Administrator" indicates that they will be able to read, add, update, and delete course codes. The "-99 District Read-Only User" means they would only be able to read the codes. Only select one group and assign it to the user. Do not assign both as it will cause problems.
  6. Assign the group you selected (first click checkbox and then "Assign Group").
  7. The user is now assigned to the Statewide Standard Course Code (SSCC) system.
  8. Go to the Identity Management home page and select the "Statewide Standard Course Code System (SSCC)" link on the left side.
  9. Enter your credentials, "User ID" is your email address and password.
  10. You should see a screen showing you are signed in and the school year.

Return to Top

Where I can find the Identity Management role mappings for Data Pipeline and other applications

View application role mappings here (XLS).

Return to Top