District IT runs lean. The ticket queue does not.
A prebuilt runbook pack for school districts: staff account lifecycle, seasonal onboarding surges, shared devices, and the access records your audits ask for. Every action approval-gated and written to a tamper-evident chain.
Seasonal surges, fixed headcount
Every August brings hundreds of staff onboarding and access changes in two weeks. The pack's provisioning and group runbooks turn each one into a request, an approval, and an audit row instead of a swivel-chair checklist.
Password resets eat the help desk
Password resets and lockouts are 20 to 50 percent of service-desk tickets (Gartner). Teachers should not wait in a queue for them, and a two-person IT team should not spend its week on them.
Audits ask who had access, and when
State audits and board reviews come down to access records. Every runbook decision lands on an append-only SHA-256 chain you can export and re-verify, so the answer is a CSV, not an email archaeology project.
What's in the pack
12 runbooksPassword Reset
Automate password resets in Okta or Microsoft Entra ID directly from Slack and Microsoft Teams. Approval-required by default, with full audit trail.
MFA Re-enrollment
Automate Okta and Microsoft Entra ID MFA factor reset and re-enrollment from Slack and Teams, with approval-gated execution and audit-friendly logging.
Account Unlock
Automate Microsoft Entra ID and Okta account unlocks from Slack and Teams. Identity verification, approval-gated unlock, failed-login counter reset.
New Hire Provisioning
Automate new-employee account creation across Okta, Microsoft 365, and Jira with single-approval workflow. License assignment, group membership, and welcome kit delivery.
Employee Offboarding
Automate end-to-end employee offboarding across Okta, Microsoft 365, Jira, and Intune. Suspend accounts, revoke OAuth tokens, transfer files, revoke licenses, archive mailbox.
Group Membership Management
Automate Microsoft Entra security group, M365 group, and distribution list membership changes from Slack and Teams. Name-resolved, approval-gated, idempotent.
M365 License Assignment
Automate Microsoft 365 license assignment from Slack and Teams. Pool-availability check, approval-gated assignment, optional Intune or Jamf endpoint policy push.
Guest Wi-Fi Access
Issue temporary, expiring guest Wi-Fi credentials on request, delivered back in chat, with a low-risk auto policy and audit.
Device Enrollment Assignment
Assign a managed device to a user and apply the correct Intune enrollment profile so the hardware is ready on day one, audited.
Dormant Account Review
Find accounts inactive beyond a configurable threshold and propose disabling them in one approval-gated review, fully audited.
Guest Account Cleanup
Review external B2B guest accounts by activity and invite age, then remove the stale ones in one approval-gated pass, audited.
Unused License Reclamation
Cross-reference license assignments against activity to surface reclaimable seats, then revoke the approved ones, fully audited.
Evidence your auditors can re-verify
Every approval decision lands on an append-only SHA-256 chain. Export it as CSV and re-verify it offline, without trusting AscendCore.
Evidence for: FERPA 34 CFR 99.32 (recordkeeping on access to education records). Every account action on systems that hold student records is appended to the tamper-evident chain with actor, target, and timestamp.
Evidence for: FERPA 34 CFR 99.31 (conditions for access). A named human approves or denies every directory, group, and license change before it runs, so access changes are deliberate decisions, not silent drift.
Evidence for: state student data privacy statutes that require districts to control and document who can reach student information systems. The exportable chain answers the access-history question directly.
Evidence for: CIS Controls v8, Controls 5 and 6 (account management, access control management), the baseline most K-12 security assessments draw from.
A runbook pack is not a compliance program, and AscendCore does not certify FERPA or state-law compliance. These mappings show which obligations the approval gates and audit chain produce evidence toward. Your district's compliance owner makes the determination.
See the flow before you talk to anyone
The demo dashboard runs the same approval queue, audit chain, and governance surface your team would use. No signup wall.
