Some of Intellischool's embeddable resources support parent/caregiver functionality. For example, the Analytics microapp enables parents / caregivers to visualise data about their child(ren). And the Parent Teacher Interviews microapp would be rather useless without being able to authenticate parents or caregivers!
All microapps that support parent / caregiver logins do so through the use of Learning Information Services roles
(specifically referenced in LTI) and the role_scope_mentor
claim in LtiResourceLinkRequest
tokens.
Tip: If you haven't already, check out the Learning Tools Interoperability section of our API documentation to understand the framework.
Supported resources
The following resources support parent / caregiver logins:
- Analytics
- Course / Subject Selection
- Forms
- Launchpad
- Parent-Teacher Interviews
Examples
1. IDaP already has an established relationship with one or more students
This example is the simplest to deal with, as the IDaP already has relationship data in place. This is usually the case when a tenant uses Albitros or Wylba as their primary SIS.
In addition to all the compulsory claims in your LTI Launch token, you will need to set the parent / caregiver's roles
as follows:
{
// Make sure you include all the compulsory claims
"https://purl.imsglobal.org/lti/claim/roles": [
"http://purl.imsglobal.org/vocab/lis/v2/institution/person#Other",
"http://purl.imsglobal.org/vocab/lis/v2/membership#Mentor",
"http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalMentor"
]
}
Let's break this down a little bit:
- The
person#Other
role tells the IDaP that this person is known to the "institution" (i.e. tenant) but isn't a member of your typical roles like a staff member or student would be; - The
membership#Mentor
role tells the IDaP that this person has the right to view a given set of students' data; and - The
Mentor#ExternalMentor
context role tells the IDaP that this person is an "external mentor".
The combination of the three role specifications above implies that the person being authenticated is a parent or caregiver, and because the IDaP is already aware of the relationships between this person and any students, your token doesn't need to specify the role_scope_mentor
claim.
2. IDaP is not aware of the relationship between parent / caregiver and student(s)
This example assumes that the IDaP is not aware of parent / caregiver to student relationships. If a tenant doesn't use Albitros or Wylba as their primary SIS, and they aren't using the Integration Hub to sync this data from another source, you must include the role_scope_mentor
claim in your LTI Launch token.
As per the first example, you will need to include all the compulsory claims in your LTI Launch token, in addition to the roles and role_scope_mentor
claims:
{
// Make sure you include all the compulsory claims
"https://purl.imsglobal.org/lti/claim/roles": [
"http://purl.imsglobal.org/vocab/lis/v2/institution/person#Other",
"http://purl.imsglobal.org/vocab/lis/v2/membership#Mentor",
"http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalMentor"
],
"https://purl.imsglobal.org/lti/claim/role_scope_mentor": [
"AB123473",
"bbca8f9a-de59-4fdb-9e07-3fabb88a35f2",
"student@school.edu"
]
}
Student identifiers
Your token may specify students in the role_scope_mentor
claim as (in order of preference):
- IDaP entity or student UUID (fastest);
- Student e-mail address; or
- External identifier as stored in the
ext_id
field of the entity object.
Where there is more than one student in the list, your token may supply the student identifiers in multiple different formats.
If a student cannot be identified using the identifier provided, or if there were multiple matches, that identifier will be ignored.
Using alternative student identifiers
If you need to use an alternative student identifier, you can configure a custom mapping in the LTI configuration for the platform using Albitros, Dextyr, Wylba or the Developer/Partner Portal.
This value must be stored in the IDaP in the identifiers
field in the relevant entity object.
Troubleshooting
Check the common error codes
Our API documentation provides a list of common LTI error codes and guidance on how to fix the issue.
No students are shown after signing in
If the tenant is using Albitros SIS or Wylba SIS, make sure that the parent / caregiver is a member of a family entity, and that there are not any custodial records preventing them from accessing records online.
If you are supplying the student relationships in the role_scope_mentor
claim, make sure that the identifiers can be resolved to an actual student. Identifiers must be one of the three types nominated in this documentation.
If you are using a custom identifier mapping, make sure it is configured correctly in the LTI configuration for the Platform that is generating the LTI Launch request, and that the identifier being used has been stored in the identifiers
field in the associated entity
object.
HTTP 403 "Forbidden" error after signing in
The most likely cause for this error is a misconfigured LTI role map override. Check that the tenant does not have any role overrides set in their LTI configuration that are preventing parent / caregiver roles from being mapped properly.
Comments
0 comments
Please sign in to leave a comment.