Student-centered technology challenges
Flinders University faces budget pressures, evolving security requirements, and an ongoing drive to provide innovative, student-centered education experience. IT must streamline and secure technology access and develop responsive IT services for its diverse population of students, staff, and alumni.
A greenfield security project
A new security team takes an identity-first strategy, centralizing identity management first and then implementing security controls based on user profiles. After evaluating identity solutions, the team chooses Okta for its strategy alignment and its leading technology.
Thousands of users. A smooth implementation.
The Flinders team deploys Okta Single Sign-On and Lifecycle Management, integrating Office 365 along with other cloud and on-prem, legacy applications. After a 10-week implementation, the team rolls the solution out to 48,000 users over a two-week period.
Cutting costs while boosting security and access
With Okta, Flinders streamlines the process of onboarding 6,000 new users each year and dramatically reduces password reset requests. By centralizing identity, the team reduces risk across the organization and is able to quickly identify if an account has been compromised.
Embracing secure, student-led tech—and the cloud
Because Okta makes application integration easy, Flinders now follows a truly student-centered technology strategy. The University is currently rolling out Okta Multi-Factor Authentication to the wider university community and begin a major transition away from legacy systems to the cloud.
Students have a seamless experience now. There’s really no comment from them, and that is the best feedback we can possibly have in identity.Jan-Marie Davies, Solution Architect, Flinders University
Student-centered technology challenges
Ranked in the top 2% of universities worldwide, Flinders University in South Australia is known for providing innovative, student-centered education. In the modern age, that means developing agile, responsive IT services for students, staff, and affiliates.
Given the diversity and turnover inherent in a university environment, that’s no small task. In addition to its 100,000 alumni around the world, Flinders IT serves 27,000 students 2,800 full-time staff, and about 4,000 “casual” teaching academics. At the start of each school year, the team onboards about 6,000 new users—a mix of students, staff, and affiliates.
Over the years, the university provided a growing number of technologies and applications to students and staff. All those technologies became hard to manage, and the challenges showed up in the user experience.
“The commencement process for students was quite difficult,” says Aaron Finnis, chief information security officer. “We had a system called ‘Five Steps to Flinders.’ I think we nicknamed it internally ’87 Steps to Flinders. It was quite onerous.” For young students just out of high school, the process could be overwhelming.
A greenfield security project centered on identity
When Finnis joined in 2012, he was charged with building a security practice for Flinders from the ground up. Students and staff relied on an array of services, and IT managed about 250 administrative systems across the university, with a mix of systems storing local passwords and utilising legacy directories.
“We had a lot of problems with connections to LDAP and old directories,” says Jan-Marie Davies, solution architect for identity and access management at Flinders. “We were passing information sometimes not in the most secure fashion.”
University services were increasingly cloud hosted, but IT couldn’t integrate new applications quickly with their identity management solutions. “We didn’t have a single support team for identity,” says Finnis. “Everything was quite disjointed, from a technology perspective.”
To reduce identity sprawl and guard against compromised accounts, the team took an identity-first strategy: “Identify users better, focus on identity first, and then implement security controls from that model.” With strong, centralized management of user identities, Finnis reasoned, the team could apply security policies easily across university services.
“Managing access to our digital environment is something that is fundamental to the operation of our institution,” he says. The team had clear priorities for improving online services at Flinders:
- Introduce multi-factor authentication, for an additional layer of protection
- Streamline application access, to unify the identity infrastructure and offer a simplified online experience
- Decrease the number of password recovery requests while increasing password security
- Easily integrate with existing on-prem systems and new cloud services
- Efficiently onboard and offboard large numbers of users, while unifying fragmented user profiles
- Increase visibility into university IT systems, to improve security monitoring practices
Finnis evaluated several identity management vendors in his search for a partner that could align with Flinders’ identity-first strategy, and Okta stood out. “It worked exactly as advertised,” he says. “We could see that it would bring some additional user experience improvements, as well.”
Thousands of users. A smooth implementation.
To begin, the Flinders team deployed Okta Single Sign-On and Lifecycle Management, integrating Office 365 and other new and existing applications with Okta to provide streamlined access and account management for students and staff.
“We moved everybody to Okta first, so we were mastering passwords with Okta straight-up,” says Finnis. After a 10-week implementation period, the team rolled the solution out to 38,000 users over a two-week period. “At the end of that two-week period we went live with 10 applications” he says.
Flinders went live with a new activation process at that point, as well. The team built an application that calls the Okta API to determine a user’s activation status. New users get a customized activation link that they can click and register from. Then, they can access their account and enroll in classes.
New student onboarding is much less onerous, as a result. “Now all identities—staff, faculty, and students can activate their accounts in under 60 seconds,” says Davies.
To streamline identity management, the team integrated the university’s on-prem student information system and its Moodle learning management system with Okta. Today, the process of granting or removing access happens automatically, according to the user’s role at the university. “We pass user attributes to those systems to personalize the experience,” says Davies.
Flinders IT team has it better as well, she says. “The administration panel in Okta makes some technical challenges very simple to manage. The system logging is very good, the integration configuration, the directory flow is very easy to use. My team loves it.”
“Okta has helped us create an identity cycle that is both simple and seamless,” says Finnis. “Access is provisioned as needed. Users get access to the systems they need via an intuitive interface with the control to manage their own accounts. Finally, when the relationship ends, the access is automatically removed. It’s a smooth and positive experience for users and IT staff alike.”
Better password management. Better security.
Today, the Flinders IT team spends a lot less time dealing with administrative tasks and forgotten passwords. “We used to do nearly 3,000 password resets a year,” says Finnis. “We’ve reduced that to around 400, and we’re still working on it.” That reduction in load represents $22,000 in annual savings for the IT department.
Eighty percent of Flinders users now enroll in self-service password reset option by default. “Having passwords managed in Okta centralizes and reduces risk in other applications,” says Davies. “Okta’s played an integral part in securing passwords and managing identities centrally.”
With IT on its way to integrating all of the university’s applications, “Okta is our eyes and ears for all of our users,” says Finnis. “It’s the single layer that connects users to their services.” That single point of authentication gives IT the ability to monitor activity, such as device usage, time of day, and non-typical behavior. Armed with that information, Flinders IT staff can identify compromised accounts and take quick action to protect users.
The team correlates Okta’s authentication data with other network security information, to build a comprehensive security profile across the university’s IT infrastructure. “It’s almost like having an additional person on the security team,” says Finnis. That kind of visibility was impossible with the distributed services and technologies that Flinders had before the Okta implementation.
Free to embrace student-led tech
Today, Flinders users can access more than 150 applications from the Okta portal. Thanks to the 5,500 pre-integrated applications in the Okta Integration Network, the university can easily add the cutting-edge technologies that students demand, while avoiding software development costs.
“With our legacy identity management system, we'd be looking at a cost of approximately $40,000 to build a connector to a single cloud-based application,” says Finnis. “That represents months of development work and testing prior to deployment.”
Today, rolling new technology out to users is quick and painless, says Davies. “We can integrate an app in under an hour.”
That ease of implementation allows Flinders IT to take an unusual stance on what many security professionals might consider “rogue” applications, brought in by users. “We know our users can go out and purchase services themselves,” says Finnis. “From a security perspective, we actually encourage that behavior. If our users can inform our investment decisions, that’s fantastic.”
Trello offers a recent example. “We had user cohorts starting to use Trello everywhere. It was quite prolific,” he says. “Rather than saying, ‘Don’t use Trello because we don’t support it,’ we ended up buying the enterprise version and integrating it with Okta, so we could instantly give that single sign-on experience to our users.”
When assessing new applications, the Flinders team first asks whether or not they’re in the Okta Integration Network, says Finnis. “If the answer is no, the follow up question is, ‘When are you going to be on the Network?’” he says.
“Rolling out new applications using SAML is a breeze with Okta,” says Davies. “We have a checklist for onboarding applications, and they must at a minimum support SAML. We also help vendors who are not on the Integration Network to get on, so they can roll out to other Okta users.”
Easy access to the latest technology helps Flinders stay solidly in the forefront of student-led innovation. It also helps faculty and staff do their jobs. “I’m most excited in education about specializing in following the student journey and provisioning what that student needs at that particular point in time,” says Davies. “We’re working closely with other universities to develop a way to engage with students at the times they actually need it. Okta and identity are integral to that process.”
A solid foundation for a wholesale move to the cloud
Initially, the Flinders team implemented Okta Multi-Factor Authentication only for IT administrators. Today, they’re rolling it out progressively to the wider university, adding another comprehensive layer to their identity-first security strategy. “We’re very excited about that,” says Davies.
With that foundation in place, the team plans to move Flinders’ “big-three” legacy, on-prem administrative systems—human resources, finance, and the student management system to the cloud. Thanks to Okta, says Finnis, “we’re confident that we can do that seamlessly and quickly.”
About Flinders University
Flinders University is a globally focused, locally engaged institution that exemplifies teaching, learning and research excellence. Offering a world-class education in a stimulating, friendly environment, Flinders caters to more than 27,000 students from more than 90 countries. The university prides itself on its record of community engagement, as well as its long-standing commitment to enhancing educational opportunities for everyone.