What is MPASSid?
MPASSid is a national identification service used in continual learning. It is provided to comprehensive schools and secondary education by the Ministry of Education and Culture. The service enables single sign-on access to all digital services used in teaching and learning. A user ID given by the education provider, the local authority, is used to sign in and there is no need to sign in again when transferring between services.
MPASSid makes the use of digital services secure, easy and most importantly fast, leaving more time for teaching and learning.
MPASSid saves the education provider’s time and money because service providers no longer need to perform a case-specific integration into the local authority’s systems. When the service provider has performed the easy implementation of MPASSid, its services are immediately available in municipalities that are members of the MPASSid network.
MPASSid is GDPR compliant and standardises the transmission of data from the education provider’s personal data register to electronic services. The MPASSid service performs the integration between the user registers of educational institutions and the different identification services. It provides service providers and the education provider’s other partners with a uniform and secure method for identifying end users – teachers and pupils.
MPASSid supports several identification techniques, including Wilma, G Suite, LDAP and MS AD Azure. The education provider can itself choose which identification technique is most suitable for it.
MPASSid is operated by CSC – IT Center for Science Ltd. The service maintained by the operator transmits the profile of the identified user to the service provider. The data in the profile is based on a register kept by the education provider.
The nationally standardised user profile transmitted of each identified user contains the following information:
- National unique identifier
- First names
- Municipality code
- Name of municipality
- School code
- Name of school
- Year (for pupils)
From an organisational point of view, MPASSid is based on a trust network in which service providers and teaching and education providers are members. The members of the trust network commit to shared rules on the handling of the user data, defined in the agreement. This way, we guarantee that the handling of personal data is conducted according to the EU’s General Data Protection Regulation GDPR and requires as little work on agreements as possible.
In the demo environment, you can test what it would be like to use MPASSid at your school. Identification with the help of MPASSid is a fairly unnoticeable procedure as such. The demo environment will therefore demonstrate how the signing in to the digital pupil desktop is carried out. This desktop is only a part of the demo and not a part of the MPASSid service in production.
You will first be directed to the selection of identification sources. Sign in to the demo environment through the Meidän koulu identification.
The identifiers used in the Meidän koulu identification are:
- User id: pvirtane
- Password: pvirtanepwd
The Velmu desktop used in the demo has been developed by Haltu Oy. However, MPASSid can be linked to any desktop service that is capable of utilising the open interfaces of MPASSid.
The pupil can choose the electronic services he or she needs for learning and display them of the desktop. Services compatible with MPASSid will work together seamlessly and a new login is not required for transferring between services.
The agreement on membership in the MPASSid trust network in a nutshell
Below you will find a summary of the content of the MPASSid agreement. Please also read the actual agreement.
Parties. The operator’s representative and the representative of the service provider or education provider joining the network sign a membership agreement.
Object of agreement. By signing the agreement, the service provider or the education provider becomes a member of the MPASSid trust network and obtains access to the MPASSid identification service. The operator has been commissioned to provide the identification service to the member by the Ministry of Education and Culture, the owner of MPASSid. The agreement does not affect the content of the member’s other contractual relationships. The member is fully responsible for the lawfulness of its own activities.
Member’s position and tasks. The MPASSid trust network has two types of members: home organisations (in practice, education providers) and service providers.
- maintains the register serving as the data source from which the end users’ personal data is retrieved.
- the MPASSid identification service cannot be used to transmit other personal data than that necessary for the provision of education.
- acts as the controller of the transmitted personal data.
- the service provider provides the service to which the data is transmitted.
- acts as the handler of the transmitted personal data
It the member is an education provider, it may act both as a home organisation and as a service provider. Other members may act only as service providers. The member is itself responsible for complying with the legislation on data security.
Operator’s position and tasks.
- The operator provides the MPASSid identification service to the members according to what has been commissioned by the Ministry of Education and Culture.
- Except for the periods required for necessary maintenance, the service is available to the members and its level of accessibility and usability are kept as high as possible.
- The operator is responsible for the security of the identification service. To ensure security, the operator maintains a log system.
- The operator acts as the controller of the personal data in the identification service and undertakes to fully comply with the obligations and responsibilities based on data security legislation.
Validity of the agreement, amendments to it and its termination. A member may terminate the agreement by giving one month’s notice. If the member is a service provider, the period of notice for the operator is three months. If the member is a home organisation, the period of notice for the operator is six months or until the beginning of the following school term, whichever is longer. In the case of a material breach of agreement, both parties can terminate the agreement immediately if the other party does not rectify its actions within a reasonable time period (however, always at least 30 days).
The agreement can only be amended by a decision made by the trust network’s steering group and a qualified majority is required. Members will be informed about all amendments. If a member does not accept the amendment, it may terminate the agreement within 30 days of being informed about it. The termination will then take effect at the same time as the amendment.
Liability for compensation and limitations of liability. The parties are not responsible to each other for damages related to the identification service or its use. The operator is not responsible for the lawfulness of the processing of personal data by the members or any damages resulting from it.
Join the trust network
MPASSid is easy and straightforward to adopt! With the service, you will significantly reduce the number of expensive and time-consuming integrations. Pupils and teachers will also like the service. Forgotten passwords should not hinder the smooth utilisation of digital services and materials. With the MPASSid service, pupils and teachers always sign in to all services using one and the same user id and password.
Product Owner of the service
Jarkko Moilanen, Ministry of Education and Culture
LinkedIn: Jarkko Moilanen
Tel.: +358 40 535 9066
Technical Project Manager
Manne Miettinen, CSC – IT Center for Science Ltd.