Scaling and surviving
After Hurricane Sandy wreaked havoc in the northeastern United States, Ursinus College took a proactive approach to business continuity by ensuring that work at the college could carry on, no matter what happened outside. It took its infrastructure to the cloud, making apps accessible from virtually anywhere, and protecting data from physical threats.
Provisioning with ease
Moving to the cloud presented new provisioning challenges, since manually onboarding and offboarding individual apps is slow, expensive, and prone to human error. By adopting Okta’s Single Sign-On, Lifecycle Management, and Universal Directory, Ursinus College was able to build an IT infrastructure that was more efficient, agile, secure, and reliable than their existing identity solution, Microsoft AD FS.
Rolling it out (without the bumps)
Ursinus worked closely with Okta’s Professional Services team and Okta partner PhillyCom, Inc. throughout the transition. Together, they implemented Okta in less than 8 weeks, and enrolled over 98% of the population in just three days. And they even pulled it all off during the school year.
Evolving at their own pace
Like most educational institutions, Ursinus College is shifting to the cloud, but it still has a lot of legacy technology. The Okta Identity Cloud enables this transition as it supports both on-prem and cloud technologies without disruption.
Although we looked at putting AD FS in the cloud, it wasn't an ideal situation because it felt like it was all or nothing. With Okta, we've been able to bring in new systems we didn't have in AD FS.James Shuttlesworth, Director of Network Systems and Infrastructure at Ursinus College
Finding a sustainable, scalable identity solution
Drive 25 miles from downtown Philadelphia to a small town called Collegeville, and you’ll find a prestigious national liberal arts college that takes an uncommon approach to education. Students begin their educational journey by taking a course called The Common Intellectual Experience, before branching out into a personalized education with an interdisciplinary approach and lots of opportunity for experiential learning. It’s a college built on a long history of progressive thought, and that approach doesn’t begin and end with education.
Typically, educational institutions are slow to embrace technological change, but when Ursinus College started looking for ways to ensure the stability of its IT infrastructure, it decided it was time to modernize its IT systems and move to the cloud. Ursinus started its journey about three years ago, with AD FS as its SAML authentication solution. Most of the time, the solution worked quite well, but when it didn’t, most of the campus was affected.
“We experienced several situations where the scalability of the AD FS environment was a problem,” says James Shuttlesworth, director of network systems and infrastructure at Ursinus College. “We had issues where the certificate expired and caused a disruption. There were situations where the server suffered a hardware fault and because the environment doesn't scale terribly effectively, it resulted in outages.”
With AD FS acting as the bridge between Ursinus’ HR software and all its other apps, single points of failure spread to so many other systems that it became “massively disruptive”.
The college also needed to minimize the possibility of any disaster-related disruptions. The campus is in an area that was severely affected by Hurricane Sandy, so disaster relief is always top of mind when IT is considering new technology solutions. More than anything, they want to ensure off-campus continuity and avoid having their technology compromised in the event of a disruption. Moving to the cloud was the obvious answer, but first they needed to find a cloud-friendly solution.
“AD FS really did not lend itself effectively to that kind of solution,” says Shuttlesworth. “Not technically impossible, but it was very difficult. We didn't feel like that was something that we wanted to go with. Putting AD FS in the cloud also wasn't an ideal situation because it felt very much like it was all or nothing.”
Ursinus also had to manually provision all of their apps, which created even more IT friction. “We did a flow chart of all the various processes to onboard students into all of our administrative systems and it was was extensive,” says Shuttlesworth. “It was two PowerPoint slides with barely legible text. It involved about 20-25 people to provision one student.”
In short, nothing about the situation was sustainable. Ursinus College needed a more reliable and comprehensive approach to identity that would scale with its needs, work with both on-prem and cloud-based technology, and keep it up and running in the event of an emergency.
A seamless transition
Enter the Okta Identity Cloud. After a recommendation from Okta partner PhillyCom, Inc. a leading consulting and technology integration company based in Collegeville, PA, Ursinus decided to modernize its IT structure and reduce friction with a suite of Okta products that included Single Sign-On (SSO), Lifecycle Management (LM), and Universal Directory (UD). Not only does Okta provide a highly available solution with 99.9% uptime over the past 12 months, it’s flexible enough to work well with both on-prem and cloud-based technology, thanks to its robust and accessible APIs and integrations.
“Okta’s ability to activate and provision users throughout many systems was compelling,” says Shuttlesworth. “We felt that it was more built out than some of the other identity options we looked at. Because the API is fairly robust and accessible, we’re able to build out the ability to get users out of our administrative systems using demographic information.”
Okta’s ability to activate and provision users throughout many systems was compelling. We felt that it was more built out than some of the other identity options we looked at.
But before Ursinus signed up, the team needed to ensure they’d have the support they needed to get the ball rolling.
“We have a very small staff, so trying to do massive forklift projects where we totally shift from one thing to another is not really something that we have the resources to do. We usually phase in projects like Okta over the course of several years, while backing out of the old systems as resources of time and energy make it all possible.”
Since a multi-year rollout wasn’t an option, Ursinus needed a partner that would support the IT team and facilitate the transition to the new solution. Okta’s Professional Services team and Okta partner PhillyCom, Inc. was onboard to help.
After an implementation period of less than 7 weeks, Ursinus College started deployment. Normally, rollouts happen when student activity is low (over the summer or fall breaks) but because the IT team wanted to do it as part of the student deposit cycle, Okta was deployed in the middle of the semester.
“Generally, it was received positively,” says Shuttlesworth. “The enrollment process went really well. More than 98% of the population was enrolled within three days of the rollout. It was extremely fast, and we were able to get it done because of Okta’s Professional Services team. They were really great at getting everything done in time.”
Now, Ursinus has Okta connected to AD FS, which makes it possible for Ursinus to move at its own speed, gradually transitioning apps out of AD FS and into Okta. Okta is currently integrated with CANVAS (the college’s learning management system), Office 365, OCLC (an inter-library loan program for borrowing books), and XenApp (specialty software that allows students to access apps remotely).
As Ursinus continues to integrate additional applications, having Oka in place ensures a more seamless sign-on experience for its students, faculty and staff. Since Okta is connected to AD FS, students can browse through the AD FS system using the Okta dashboard.
Lifecycle management without the pain
In order to reduce the burden of manual processes involved in onboarding students and staff with multiple applications, Ursinus College rolled out Okta Lifecycle Management to automate provisioning. Before Okta, onboarding was a multi-step processes involving 20 to 25 people and “days and days of effort” just to provision a single student into all of the college’s administrative systems.
Not only has the IT team has seen huge time-saving benefits, they’ve also improved the enrollment experience for new students. “Now, when we receive a student’s deposit, they get access to Okta within hours,” says Shuttlesworth. “They get access to the student portal, the student learning management system, and their Office 365 email account, which is what really matters to the students. The prospect of getting our users provisioned with some of the systems much more quickly was really what sold the project to the senior administration.”
Now, when we receive a student’s deposit, they get access to Okta within hours.
Securing the future
Next, Ursinus College plans to explore the possibility of strengthening its security with Okta Adaptive Multi-factor Authentication for staff and some faculty members.
“Phishing is always an overwhelming concern,” says Shuttlesworth. “Multi-factor definitely would play a role in protecting us against that.” He’s specifically interested in the Multi-Factor Authentication blacklisting functionality—which would give Ursinus College the ability to require MFA for users connecting from specific regions or from a poor gateway.
“That kind of granular security is something I've wanted and haven't seen,” says Shuttlesworth. “I did really like seeing that functionality because, honestly, we can classify most of the security breaches and attacks we see that way. Having additional authentication would be a really handy thing to be able to do.”
At Okta, we’re looking forward to a continued partnership that lets us make a difference in the experience of Ursinus’ students, faculty, staff—and IT department.
About Ursinus College
One of the nation’s “Colleges that Change Lives,” Ursinus College is a residential undergraduate liberal arts college with 1,600 students that is widely recognized for its first-year Common Intellectual Experience. Founded in 1869, Ursinus provides a rigorous curriculum that re-envisions a liberal education and presents students with an inquiry-driven academic experience. The tree-lined, 170-acre campus is located 25 miles northwest of Philadelphia in Collegeville, Pa