Technical description of the cloud solution at Arlandagymnasiet

Google Sites
Arlandagymnasiet uses Google Sites to build their web site and communicate with their students.
See: http://elev.arlandagymnasiet.se/
Start page: www.arlandagymnasiet.se

Google Active Directory Sync
Arlandagymnasiet uses Google Active Directory Sync to automatically create, change and remove users and groups in Google Apps (Education). A user account for a student or teacher is created in the administrative school system, IST Extens, to then be created, changed and revoked automatically.
 
Secure login to Google Apps
The users use their Microsoft AD account + YubiKey to logon to Google Apps. It works through Svensk e-identitet, acting as the cloud based Identity Provider using the open identity protocol SAML supported by Google Apps.

» More information about Google Apps and SAML

YubiKey Zero Administration (YZA)
To eliminate the administration of two-factor authentication login, the YZA (YubiKey Zero Administration) is used. It allows the user to connect any YubiKey to an Active Directory (AD) account. The first time the user logs on to Google Apps with an AD account + YubiKey, the connection is saved in a database. If the user loses their YubiKey, they can (with help from a teacher in a specific AD group) remove the connection between the YubiKey and AD account. The user can then connect a new YubiKey to his or her account.

Benefits of the complete solution
With help from Google, YubiKey and Svensk e-identitet, Arlandagymnasiet has been able to cut costs on IT infrastructure, secure user identities and eliminate the administration of authentication tokens.