Fun with GIS 316: Stress Test for ArcGIS School Org Admins

‘T’was the night before class proj.
In the ArcGIS Org,
Not a mapper was stirring.
This was hardly ‘the Borg.’

Apologies, Clement Clarke Moore. Some admins of ArcGIS Online School Bundle Organizations (“Orgs”) do not deserve presents this holiday season. Like ill-prepared cars in northern winters, some Orgs are going nowhere; like inattentive drivers, some admins haven’t done the most basic steps for safe and effective operation. We see many examples of weak Org management (at best, this is inefficient; at worst, debilitating, even untrustworthy). Does your Org feature any of these? Consider this a “holiday stress test,” with maybe a bit of fireside reading after.

1. Org has only one admin. Arguably the worst sin of all in a school Org, this translates into an admin saying “Mine. All mine. Not the school’s; mine.” Only an admin can make another admin; it’s easy to do, and easy to put off. Every week, we are confronted with people trying to resurrect a school license where the once-upon-a-time admin is gone or out of commission, before s/he had spent the 60 seconds needed to create a second admin. Admins are in charge of everything in the Org. (If you’re the only admin, you are responsible for everything that happens – or doesn’t happen – in the school Org.) See p.18 of https://esriurl.com/agoorgsforschools.
2. Org has only one “primary” admin. Not as bad as #1, but close. The primary admins (plural … school Orgs can and should have more than one) are the only persons in the Org whom Esri knows about. They receive critical announcements, notices of password resets, credit issues, and so on. See p.18 of https://esriurl.com/agoorgsforschools.
3. Org admin has not set credit limits. This is like not having a speedometer or tachometer in a car … not cataclysmic, until it is. This can bring activity in the Org to a screeching halt for days at an inopportune time, when a user – whether by accident or ignorance or mischief – burns through hundreds, or thousands, or even hundreds of thousands of credits. When an Org goes into deficit, certain actions are halted for everyone, until the deficit is taken care of. “Oops” is not a word that GIS teams like to hear in the business world, where 1000 credits costs $100. We sometimes hear, in the final week of a marking period, “He just chose to enrich these ZIP codes with this data, but instead of his desired 4 ZIP Codes chose the whole country, and had these 35 attributes added to all 40,000, and he just didn’t look at the credit estimator, and burned thru all our credits.” This takes seconds for admins to constrain, and a minute to teach about. Help students (and, umm, adults too) learn to be responsible users of “The Commons.” See p.27 of https://esriurl.com/agoorgsforschools.
4. Org admin has let students share content publicly from an account bearing their name. Yeesh … where to begin? Only in special circumstances should students be sharing with the whole Org, much less outside the Org. Admins should limit sharing to protect privacy and reduce clutter, for the school or district, and for all ArcGIS Online users. Admins can simply prevent all public sharing, period, which is effective, but a blunt instrument. Better is using a custom role.
5. Org admin has not built and assigned custom roles. Built-in roles are designed for generic adult users; schools do not have generic adult users. They should have some “generic” permissions limited, and other “generic” limitations lifted. (Credit limits? 100 is enough for most K12 students for a year. Transfer item ownership? Key in schools.) See pp.12-13 of https://esriurl.com/agoorgsforschools.
6. Org admin set up usernames that use personally identifiable information (PII) about students. Please, please, PLEASE don’t do this. Esri does not want, seek, or knowingly accept student PII. The easiest way to keep the personal data of minors safe is by simply not using it. That prevents all kinds of questions, concerns over data breaches, and so on. Help Esri help you keep your students’ personal data safe. Just don’t use PII in creating usernames. See pp.19-21 of https://esriurl.com/agoorgsforschools.
7. Org admin hasn’t engaged single sign-on. Most districts and many schools today have a single sign-on operation. This takes help from the tech staff to set up, but it should happen because it is by far the easiest and fastest way to enable most students to have access to common resources. (See #1 above.) Teachers managing students with traditional login/password burn many minutes just to handle “I can’t …” and “I forgot …” See p.20 of https://esriurl.com/agoorgsforschools.
8. Org admin hasn’t prevented outsiders from logging in. Some Org admins are really trusting souls, happy to let outsiders be a part of operation of the Org. Many don’t think about preventing outsiders from viewing the Org, or even logging in with something as simple as a social login. Make your Org more of a “walled garden” that is truly safe for minors. Use great discretion and care when opening up any portion of the Org to the outside world.
9. Org admin hasn’t set up an optimized default user. Everyone given a username in the Org has some initial characteristics, which may or may not be optimized. Set a good default status. See p.22 of https://esriurl.com/agoorgsforschools.
10. Org admin has not posted visibly an email address going to the admin or tech staff. Best practice is to have an email alias (such as “gisadmins@<ourschool.org>”) going to the Primary Admins (see #2 above), and this alias prominently visible on the front page (if not all pages) of the Org. Users need to be able to ask questions of or comment to those who manage the Org.

How do you score? Check out your Org(s). Then submit your score(s) ... anonymously ... and see those for others, via this link.