Digitaler Arbeitsplatz für Lehrkräfte (DAP) Header EN

Baden-Württemberg, one of Germany’s federal states, is launching the Digital Workspace for Teachers (Digitaler Arbeitsplatz für Lehrkräfte, DAP) based on Dataport’s dPhoenixSuite. As part of this suite, Nubus with UCS ensures smooth integration between the state’s external Identity and Access Management (IdAM) system and various applications.

Baden-Württemberg’s digital education platform, SCHULE@BW, pulls together all the state’s digital resources for state-funded schools in one central hub. Based on the Schulcampus Rheinland-Pfalz framework, this Open Source solution sets the stage for one of its standout features: the Digital Workspace for Teachers, powered by Dataport’s dPhoenixSuite.

At the heart of it all is Nubus as IAM of Univention Corporate Server (UCS), which handles everything from identity management to secure authentication and seamless access to all DAP modules. In this article, you’ll get the full story on how Baden-Württemberg’s Digital Workspace for Teachers came to life and the solutions driving its success.

Ambitious Goals, Real Challenges

Baden-Württemberg set an ambitious goal: to bring a digital platform to around 4,000 schools, supporting up to 130,000 teachers and over 1.4 million students. It’s no small feat—because it’s not just about digitizing classrooms; it’s about making the entire school experience easier, safer, and more efficient.

Back in 2020/2021, the state started by introducing Threema Work Education, a GDPR-compliant messaging app, for teachers. Fast forward to 2024, and over 60,000 teachers are using it as part of their daily routine. But a simple messenger app doesn’t make a fully connected Digital workspace. That’s where SCHULE@BW comes in.

The goal of this digital education platform? Take the burden of administrative tasks off schools and teachers, provide centralized tools for both teaching and learning, and set the bar high for security, data protection, and digital sovereignty. And it needs to be user-friendly enough for teachers and students to use without a second thought. Plus, it has to be flexible enough to meet the unique needs of each school and adapt as those needs change over time.

Of course, there’s another big challenge (which is also a blessing): Baden-Württemberg already has a school management software in place that stores all the basic user data. Those records are imported into an Identity and Access Management (IdAM) system, which handles digital identities for the platform. The tricky part? Making sure this existing setup can still work seamlessly with the new Digital Workspace—and that’s where things get really interesting.

Building the Digital Workspace for Teachers: How It All Began

After a thorough evaluation, Baden-Württemberg chose Dataport’s dPhoenixSuite as the foundation for the Digital Workspace for Teachers. This browser-based platform offered exactly what the state needed: a secure, easy-to-manage environment that could integrate seamlessly into the existing infrastructure and scale as needed. In November 2022, a pilot project kicked off, involving 550 teachers from 38 schools across the state.

The goal of the test was clear: find out if the Digital Workspace could really handle the day-to-day demands of school life. Teachers started off by tackling the usual tasks—sending emails, attaching files, and managing distribution lists. But the testing didn’t stop there. They moved on to more complex scenarios: creating shared folders in the cloud, collaborating on meeting minutes in real-time, or even co-planning and editing class assignments.

The feedback from the pilot, which ran through spring 2023, was overwhelmingly positive. Teachers loved the collaborative approach and the ability to manage everything digitally and in real time. Based on these results, the Ministry decided to continue the partnership with Dataport and dPhoenixSuite, and to roll out the Digital Workspace to even more teachers across the state.

User Interface and Exemplary Functions of the Digital Workplace for Teachers

SCIM: The Link Between IdAM and UCS

Nubus with UCS serves as the central hub where all the threads of different applications within the DAP come together. Essentially, Nubus connects the applications and ensures that identities from the external IdAM flow smoothly into the dPhoenixSuite and its tools. This means that teachers can log in once and, through Single Sign-On, access all services and applications offered within the Digital Workspace (such as email, calendar, contacts, tasks, storage, images, Office tools, etc.)—all securely managed from a central point.

A key component of the integration between the external Identity and Access Management (IdAM) system and the Digital Workspace for Teachers is the SCIM interface. SCIM (System for Cross-domain Identity Management) is a standard protocol designed to automate the exchange of user identity information between different systems—in this case, between IdAM and Nubus/UCS. Developed by Dataport, the SCIM interface ensures that all data coming from SCHULE@BW is processed in a consistent and standardized manner.

The SCIM protocol is designed to be lightweight and only transmits essential information, such as first and last name, primary organization (i.e., the teacher’s main school), and secondary organizations (for teachers working at multiple schools). One crucial function: SCIM returns the official work email address for each teacher as soon as a new user is created.

If SCHULE@BW updates data—such as a name that forms the basis of an email address—this information is transmitted to the SCIM interface. SCIM then forwards the data to the UDM REST API of UCS, which distributes the updates via connectors (such as the OX Connector) to all linked applications like Open-Xchange—without making any changes itself. Important to note: the data flow is unidirectional. Updates only originate from SCHULE@BW and are processed through SCIM; UCS doesn’t make any independent modifications to the data. Even read access is handled via the UDM REST API and the SCIM interface, keeping the system easy to manage.

To extend this functionality, Nubus with UCS has integrated additional provisioning logic using UDM hooks. This setup allows the system to automatically update or modify entries in the Nubus directory after receiving data via the REST API. For example, an automated mechanism now places used email addresses on a blocklist for a defined period to prevent new or other identities from being assigned the same email address, while keeping the original identity’s data secure during that time.

Thanks to the flexible use of the UDM interface, typical user lifecycle events can also be managed directly within the Digital Workspace—independent of the IdAM and easily adaptable to meet future requirements as they arise.

Intercom Service: Seamless Transitions Between Apps

The Univention Intercom Service (ICS) app acts as a bridge for various applications like Nextcloud and the OX App Suite. It ensures that teachers can effortlessly switch between these tools right from their browser—no need to log in multiple times or juggle different passwords. This means they can, for example, draft an email and attach files directly from Nextcloud.

With ICS, everything stays in the browser—users don’t have to download files to their local devices or hop between programs. ICS manages all the session handling behind the scenes, storing the necessary authentication details in a Redis database to keep access smooth and hassle-free.

Outlook and Conclusion

With the Digital Workspace for Teachers, Baden-Württemberg is setting new standards for digital education. The dPhoenixSuite, supported by Nubus with UCS, demonstrates how a flexible and scalable solution can tackle the challenges of such a large-scale system. Nubus acts as the ultimate team player, ensuring all applications work seamlessly together and keeping the platform stable—even as the number of users continues to grow.

One major advantage of this system is its ability to scale rapidly. New accounts can be provisioned with ease, and additional servers can be added with a few clicks—an essential feature when covering an entire federal state like Baden-Württemberg. With strict data protection standards in place, the project is also well-prepared for the future. Nubus remains at the heart of it all, enabling secure, scalable, and efficient management and authentication across this complex ecosystem.

Use UCS Core Edition for Free!
Download now

Leave a Reply

Your email address will not be published. Required fields are marked *