Recently we released the first phase of our planned improvements to RM Unify MIS Sync. Via our Groupcall partners' Xporter tool we can now receive additional staff-role data from Arbor MIS and sync it to those staff members' Google Workspace accounts.
Sure thing. When a staff user is provisioned into RM Unify they are given either the Teaching Staff or Non-Teaching Staff role and, where a domain is federated to Google, the user is put into the corresponding role-based group and OU to aid user management. However, it is now possible for us to extract further values from Arbor's additional staff role field and to sync them to a new RM Unify-controlled Google attribute, "Staff Roles" (see below).
These attributes can assist in more granular management of the accounts in Google and can, for example, be used in conjunction with Google's dynamic groups* to control access (permissions) to resources in your Google domain, such as a shared Google Drive, documents, or Collaborative Inboxes.
Please note: in this early adopter stage it is just establishments with Arbor as their MIS and those which are federated to Google that we are looking for. Once the testing is complete and rolled out to all Arbor and Google customers, we will look to expand coverage for the remaining MISs we support, and for Microsoft 365. We'll let you know timescales for the wider release - watch this space 👀.
*Google dynamic groups are available with the Education Standard and Education Plus licences. Every user required to be a member of the dynamic group will need to be assigned one of these licences.
Let's say that you have a shared Google Drive folder containing documents intended only for members of the SLT in your establishment:
Request the enabling of RM Unify additional staff roles by emailing rmunify@rm.com
A request to extract this additional data will be emailed to the contact in school who originally authorised the Groupcall Xporter sync
RM will also enable the sync of this new data from RM Unify to Google for your users
Once you grant consent to Groupcall, the additional data will sync to Google, and the staff user accounts will update with the new Staff Roles
Follow Google's support documentation to create a dynamic group, where the condition list will display the new Staff Roles attribute for you to select
Once the dynamic group has been created you can select it when assigning the required permissions to your Google Drive folder
Staff users added to Arbor, who are given the additional staff role/s defined in the dynamic group will be assigned the desired permissions on the Google Drive folder. And just as importantly, when the user is deleted from MIS (leaves the school or goes off roll), or the additional staff role is simply removed, the user will lose access to that folder.
Using Google dynamic groups in conjunction with RM Unify can help you:
manage access to sensitive school data
meet your GDPR obligations through automated access control
support adherence to data security principles such as least privileged access
As mentioned earlier in the post, please contact the team at rmunify@rm.com if this sounds useful to you and your establishment. We look forward to hearing from you! All the best, Jason