Difference between revisions of "Test"

From PARS
Jump to navigationJump to search
 
(75 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
PINs can be enabled in PARS for two factor authentication; the user must login using their SIMS or Active Directory details, then also enter a PIN. The PIN can either be a four digit number received by email and SMS, or a six digit TOTP generated by an authenticator app. <br> <br>
  
 +
PINs can be disabled for login attempts from given IP address ranges. This allows you to use single factor authentication for logins within the school network and two factor authentication for all other logins. <br>
  
This page is used to send messages via email or SMS, and to generate letters. This page can also be used to record the details of phone calls and meetings. All of this information is saved on the student's contact log. <br> <br>
+
''Note that some configuration must be performed in PARS before it is able to send emails or SMS messages. See the '''[[Contacting_parents#Configuration|Contacting Parents]]''' page for further information about the configuration required.'' <br> <br>
  
This page is accessed via: <br>
+
==Enable PINs==
'''Main menu > Contact Management > External contact''' <br> <br>
 
  
=How to=
+
The PIN settings for PARS are stored in the web.config file for the PARS site, on the PARS IIS server. The web.config file is found in the PARS installaion folder which is usually located: <br>
 +
C:\inetpub\wwwroot\PARS\web.config <br> <br>
  
==Batch send messages / batch generate letters==
+
The web.config file is in xml format and can be edited using Notepad or a similar text editor. To enable PINs in PARS, find the setting called "PINS" and change the value to "On" e.g. <br>
 +
<setting name="PINS" serializeAs="String">
 +
      <value>On</value>
 +
</setting>
 +
<br>
  
* Click the generate batch button at the top left.
+
==Disable PINs internally==
  
===Stage 1===
+
If you would like to disable PINs for a certain range of IP addresses, find the setting called "PIN_Exclude_IPs". Enter each IP address or range of IP addresses into the value, separated by semi colons. <br> <br>
  
Deselect any student you do not wish to contact because of court orders, unusual arrangements, etc. Select the type of person you are going to contact. There are four options:
+
You can specify a range of IP addresses using a subnet mask. The subnet mask must not be in 'classless' format e.g. 192.169.1.0/24 is not acceptable; you should use 192.169.1.0/255.255.255.0 instead. <br> <br>
* Students - contact the students themselves. Emails will be sent to their 'work' email addresses (as set in SIMS)
 
* Priority 1 contact with Parental responsibility - contact people who are both priority 1 and have parental responsibility
 
* Priority 1 contact regardless of Parental responsibility - contact people who are priority 1
 
* All contacts with Parental responsibility - contact people who have responsibility <br> <br>
 
  
'''(a)There is an alternate set of options depending upon preferences''' <br> <br>
+
The value field in the web.config file must not include line breaks. <br> <br>
  
===Stage 2===
+
'''Correct'''
 +
<setting name="PIN_Exclude_IPs" serializeAs="String">
 +
      <value>192.168.0.0/255.255.0.0</value>     
 +
</setting>
  
This tab will check that, for each student, there is a person in SIMS who can be contacted based on the options selected on the previous tab. <br> <br>
+
'''Incorrect'''
 +
<setting name="PIN_Exclude_IPs" serializeAs="String">
 +
      <value>192.168.0.0/16</value>    
 +
</setting>
  
Students who do not have a valid contact will be highlighted in red. If there are no named contacts to the right of the student's name then there are no contacts who have a suitable priority level and/or parental responsibility in SIMS. Alternatively if a named contact does appear, then they do have suitable priority and parental responsibility, but do not have a valid method for contact e.g. they have no email address. <br> <br>
+
'''Incorrect''' 
 +
<setting name="PIN_Exclude_IPs" serializeAs="String">
 +
      <value>192.168.0.0/255.255.0.0
 +
      </value>    
 +
</setting>
  
===Stage 3===
+
You may enter multiple IP address ranges or single IP addresses by separating with a semi colon e.g.
 +
<setting name="PIN_Exclude_IPs" serializeAs="String">
 +
      <value>192.168.0.0/255.255.0.0;172.16.0.0/255.240.0.0</value>     
 +
</setting>
 +
<br>
  
This tab is used to select the message that will be sent. Click the relevant button (Email, SMS or Letter) to manually create or edit your message. If you have message saved in the message bank, dropdowns will appear allowing you to select these messages. <br> <br>
+
==PINs by TOTP==
  
If your letter includes General Attendance merge fields, a Range button will appear on the top toolbar. This button is used to select the date range from which the attendance data will be gathered. <br> <br>
+
[[Image:TOTP_kep.png|thumb]]
  
When sending a letter there is an option to Upload a copy of the letter to the student's linked documents in SIMS. When using this option you will need to enter some fields for the document which will be recorded in SIMS. <br> <br>
+
The default method for delivering PINs to users is to send an email and a password containing their temporary PIN. PARS will use the user's mobile telephone number and work email address from SIMS. <br> <br>
  
'''(2) This is where stored messages "go missing" if you have accessed external contact via the wrong route''' <br>
+
The alternative is for users to download an authentication app. Users can request a key from the PARS login page which will be sent to them via email and SIMS. Once they have entered this key into their authentication app, they will be able to generate PINs using the authentication app without the need to receive emails and SMS messages. <br> <br>
'''(3) Should say more about using merge fields in message composer? What about headers and footers?''' <br> <br>
 
  
==Send single message==
+
To enable PINs in PARS, find the setting called "PINS" and change the value to "On" e.g. <br>
 +
<setting name="PINSBYTOTP" serializeAs="String">
 +
      <value>On</value>
 +
</setting>
  
Messages can be sent to students or contacts individually. Each person will have their available contact details listed. Click on the Email or SMS buttons to send a message to that person's mobile phone or email address. <br> <br>
+
Once TOTP PINs have been enabled, users will be able to collect a key for use in their authenticator app. To receive a key the user first needs to attempt to log in to PARS. They will then be prompted to enter a PIN and will also see a cog button. Clicking the cog button will sent a key to the user via email and SMS. <br> <br>
  
You will then see a window to compose your message. You can access the message bank by clicking Insert > Template, or access merge fields by clicking Insert > Field. <br> <br>
+
==Troubleshooting==
  
==Record meetings or phone calls==
+
If you are experiencing trouble in disabling PINs for internal IP address ranges then enter "*log*" as the first item in the list of excluded IP address ranges e.g. <br>
 +
<setting name="PIN_Exclude_IPs" serializeAs="String">
 +
      <value>*log*;192.168.0.0/255.255.0.0</value>     
 +
</setting>
  
==View contact log==
+
PARS will then log information in the Application Log of the IIS server on which PARS is installed. These logs will show which IP address was used during a login attempt and whether it matches any of the ranges that have been excluded. <br> <br>
 
 
=Relevant settings=
 
 
 
==SMTP preferences==
 
 
 
==Contact management preferences==
 
 
 
==Contact management permissions==
 
 
 
=What I am stuck on=
 
 
 
* How to talk about arriving on this page via behaviour, detentions, etc.
 

Latest revision as of 11:42, 20 July 2018

PINs can be enabled in PARS for two factor authentication; the user must login using their SIMS or Active Directory details, then also enter a PIN. The PIN can either be a four digit number received by email and SMS, or a six digit TOTP generated by an authenticator app.

PINs can be disabled for login attempts from given IP address ranges. This allows you to use single factor authentication for logins within the school network and two factor authentication for all other logins.

Note that some configuration must be performed in PARS before it is able to send emails or SMS messages. See the Contacting Parents page for further information about the configuration required.

Enable PINs

The PIN settings for PARS are stored in the web.config file for the PARS site, on the PARS IIS server. The web.config file is found in the PARS installaion folder which is usually located:
C:\inetpub\wwwroot\PARS\web.config

The web.config file is in xml format and can be edited using Notepad or a similar text editor. To enable PINs in PARS, find the setting called "PINS" and change the value to "On" e.g. 

<setting name="PINS" serializeAs="String">
      <value>On</value>
</setting>


Disable PINs internally

If you would like to disable PINs for a certain range of IP addresses, find the setting called "PIN_Exclude_IPs". Enter each IP address or range of IP addresses into the value, separated by semi colons.

You can specify a range of IP addresses using a subnet mask. The subnet mask must not be in 'classless' format e.g. 192.169.1.0/24 is not acceptable; you should use 192.169.1.0/255.255.255.0 instead.

The value field in the web.config file must not include line breaks.

Correct 

<setting name="PIN_Exclude_IPs" serializeAs="String">
      <value>192.168.0.0/255.255.0.0</value>      
</setting>

Incorrect 

<setting name="PIN_Exclude_IPs" serializeAs="String">
      <value>192.168.0.0/16</value>      
</setting>

Incorrect 

<setting name="PIN_Exclude_IPs" serializeAs="String">
      <value>192.168.0.0/255.255.0.0
      </value>      
</setting>

You may enter multiple IP address ranges or single IP addresses by separating with a semi colon e.g. 

<setting name="PIN_Exclude_IPs" serializeAs="String">
      <value>192.168.0.0/255.255.0.0;172.16.0.0/255.240.0.0</value>      
</setting>


PINs by TOTP

TOTP kep.png

The default method for delivering PINs to users is to send an email and a password containing their temporary PIN. PARS will use the user's mobile telephone number and work email address from SIMS.

The alternative is for users to download an authentication app. Users can request a key from the PARS login page which will be sent to them via email and SIMS. Once they have entered this key into their authentication app, they will be able to generate PINs using the authentication app without the need to receive emails and SMS messages.

To enable PINs in PARS, find the setting called "PINS" and change the value to "On" e.g. 

<setting name="PINSBYTOTP" serializeAs="String">
      <value>On</value>
</setting>

Once TOTP PINs have been enabled, users will be able to collect a key for use in their authenticator app. To receive a key the user first needs to attempt to log in to PARS. They will then be prompted to enter a PIN and will also see a cog button. Clicking the cog button will sent a key to the user via email and SMS.

Troubleshooting

If you are experiencing trouble in disabling PINs for internal IP address ranges then enter "*log*" as the first item in the list of excluded IP address ranges e.g. 

<setting name="PIN_Exclude_IPs" serializeAs="String">
      <value>*log*;192.168.0.0/255.255.0.0</value>      
</setting>

PARS will then log information in the Application Log of the IIS server on which PARS is installed. These logs will show which IP address was used during a login attempt and whether it matches any of the ranges that have been excluded.

Retrieved from ‘https://www.tascsoftware.co.uk/wiki/PARS/index.php?title=Test&oldid=41718