Best Practices for User Accounts

To safeguard your data, it is important to think about how to keep Destiny secure. First, make sure your district's information security policies apply to Destiny.

Destiny supports various forms of single sign-on (SSO) for users, including LDAP, SAML, LTI, Google, and Clever. This provides more security, as credentials and authorization are done through the SSO service.

Note: For SSO or LDAP authentication, the Password field in the patron record must be blank. This is because if Destiny finds a password in the patron record, it does not look for an SSO service or LDAP server. When a user logs in, Destiny verifies the username and then looks to the SSO service or LDAP server to verify their password. Destiny just reads the password; it doesn’t add it to the database. If the password is valid, the user is logged into Destiny.

Follett also recommends the following best practices for user accounts:

• Do not share district and site user accounts (usernames and passwords) among users.
  
  

  Note: One exception is if you use the Shared Account for Follett eBooks for your students (this is set up in Follett Digital Setup and is not a patron record).

• Ensure accounts use real usernames that are assigned to individual users.

• Do not use "password" or your customer number as your password.

• Update Destiny passwords based on district policies.

  Note: The Destiny Administrator can set up enhanced password policies (District Options > Edit Password Policies). Policies include requiring a strong password, setting a password expiration date, and locking users out based on a number of unsuccessful login attempts.