Privileged roles in the NCEdCloud IAM Service provide enhanced access to administrative and management functions for employees supporting their PSU. These roles include:

  1. LEA Administrator Role
    • Grants the ability to approve requests for other staff in the PSU.
    • Provides access to administrative tools and web form requests for integrating Target Applications and other Opt-In features.
  2. LEA Data Auditor Role
    • Allows viewing of user-profiles and access to data files for all employees and students in the PSU. Primarily assigned to Data Coordinators/Managers.
  3. LEA Help Desk Role
    • Enables the ability to look up employee or student accounts and reset passwords.
  4. LEA Student Help Desk Role
    • Similar to the LEA Help Desk role but restricted to student accounts only.
  5. School Help Desk Role
    • Provides password reset support for users within a specific school.
  6. School Student Help Desk Role
    • Limits access to student accounts for users at a specific school.

“School-Only” Roles

  • School-based personnel (e.g., IT Facilitators or guidance counselors) can request roles to support specific schools.
  • These roles are limited to one school, but staff supporting multiple schools can request additional roles for each location.
  • Requesters must provide a 6-digit Campus Code (3-digit LEA Code + 3-digit School Code) when applying.

Requesting a Privileged Role

To request a privileged role, follow these steps:

  1. Log into the NCEdCloud IAM Service.
  2. Click the dropdown arrow beside Applications and select Requests.
  3. In the Requests view:
    • Click Entitlements/Catalog on the left.
    • Select the desired role (e.g., LEA Administrator, School Help Desk).
    • Click the Request button at the bottom.
  4. Provide the following details:
    • 3-digit LEA Code for PSU-wide roles.
    • 6-digit Campus Code for school-level roles.
  5. The request will be sent to the PSU’s LEA Administrator(s) for approval.

Multi-Factor Authentication (MFA) Requirement

  • Why MFA?
    Multi-factor authentication is mandatory for all users with privileged roles to enhance the security of statewide IT systems and safeguard access to student and employee data.
  • Implementation of MFA for these roles began statewide in 2019.

For additional information, visit the NCEdCloud MFA webpage.

FAQs About Privileged Roles

1. How are privileged roles approved?

  • The first LEA Administrator role request for a PSU (e.g., for new Charter Schools) must be vetted by NCDPI.
  • After approval, the LEA Administrator can manage and approve future requests for privileged roles.

2. What elevated privileges does the LEA Administrator role include?

  • The LEA Administrator role encompasses all privileges of LEA Data Auditor, LEA Help Desk, and LEA Student Help Desk roles. Separate requests for these roles are unnecessary.

3. How can privileged roles be revoked?
Privileged roles can be revoked in two ways:

  • Self-Revocation: Users can log into the IAM Service, navigate to Requests → My Entitlements, uncheck the desired role, and click Request.
  • Administrator Request: LEA Administrators can open a ticket with Identity Automation to request role removal.

Note: While LEA Administrators cannot directly revoke roles for other employees, they can disable an account immediately if required.

4. What training resources are available for LEA Administrators?

  • Training videos and resources are available under the Applications tab → Training → LEA Administrator Training.

For further support, visit the Support Community for Identity Automation or contact support via email at [email protected].