The recent revolution in learning and productivity technology makes the jobs of research, teaching, and administration, far more effective. Any educational institution would look unrecognizable without the apps that enable it to deliver on its mission. However, bringing on a new application can carry with it the hidden burden of administering access. Without a modern approach to identity management, IT quickly drowns in manual account provisioning workflows, and user frustration mounts as delays grow. In this paper we discuss how a new category of IAM (Identity as a Service) can address the challenge of automating the student lifecycle end to end, so you can delight students and keep your IT team focused on the most valuable work.
In a recent survey, 38% of higher education IT execs reported that managing the student lifecycle is a top identity and access management (IAM) challenge for them today. The college student population is, by definition, transient. Prospective students begin their journey and relationship with your institution as applicants, where they need easy access to the university’s application itself and resources for assessing your campus as an option for their studies. Once a prospective student is accepted to a college and becomes an active student, her needs completely change. In very short order, these newly active students need access to apps like university email, the learning management system (Blackboard, Canvas, Brightspace, etc.), and the document storage app, among others. Upon graduating, students’ app profiles completely change again as they become alumni. They need access to things like the alumni network, career resources, and the college’s giving program.
Traditionally, colleges and universities have taken one of two approaches to lifecycle management. The first approach is manual workflow. While it can be done, manual lifecycle management comes at a non-trivial price. It becomes IT’s job to manage each change from a student information or HR system to downstream apps. Dedicating manpower to this is expensive and can lead to errors. One college we spoke with that had a manual process for lifecycle management said that 25 different people were involved in provisioning a single student’s accounts.
Institutions that have invested in homegrown or on-prem automation solutions have their own challenges, including:
• Connectors and Maintenance: Colleges and universities will inevitably add new applications (or switch app vendors) over time. On average, it costs $15,000-$25,000 to build a connector for a new app, with connectors to on-prem identity systems costing between $50,000 and $100,000. Once connected, IT’s work is far from complete. These connectors have to be maintained, which is time consuming and costs roughly 15% of the initial set-up cost annually. Because each new application is a new provisioning process, the student lifecycle can become a barrier for IT to innovating and adopting new technology.
• Scalability and Reliability: Scalability is also a big challenge for colleges and universities. Student populations are unique in that they’re involved with their college indefinitely. Colleges and universities add new freshman classes each year, and they have a graduating class. But, graduating students are not deactivated like a former employee would be. Rather, graduating students become alums. This means that every year, colleges and universities have more and more identities to manage. Colleges need the ability to seamlessly manage these identities as their alumni population grows. Reliability is also essential. In our survey, nearly 50% of higher ed IT execs said that reliability is a top identity concern for them today. Students need to be able to access apps to get their work done. They can’t be bothered with maintenance or upgrades to connectors.
A new approach to IAM that has come to maturity over the past decade, delivered entirely as a service, presents compelling benefits for institutions that want to achieve IT efficiencies through automation.
These solutions bring with them a number of benefits when compared to the challenges posed by legacy alternatives including rich, pre-integrated apps for mastering and provisioning. They also enable you to control student identities across lifecycle states via automation through rules, policies, workflows, and APIs (for complete customization).
Automated lifecycle management solutions fully integrate with Active Directory (AD) and LDAP. Colleges and universities often have multiple directories. They may store student information in one directory and alumni in another, or they may have student information in an on-prem directory and alumni information in the cloud. With a cloud identity solution, it doesn’t matter how many directories colleges have or where they are located. Cloud identity enables colleges to have one unified view of all their users across all their directories. How? Because cloud identity provides a centralized repository that aggregates rich user data from any system of record, standardizes it, and pushes it to applications.
Student Information Systems (SIS) are often the master source of student data for colleges and universities. SIS’s can include student profile information, admissions info, financial aid, student registration info, billing information, and more. With cloud identity, this doesn’t have to change. Real-time provisioning can be triggered by a university’s HR system—whether that’s a SIS, Workday, or something else.
Okta is the market leader in Identity and Access Management. Okta’s service was born and built in the cloud, which enables Okta to connect to everything, innovate faster and scale to meet the needs of any size organization. Okta has built and maintains a very broad and deep network of application integrations. And, Okta is application agnostic, meaning it isn’t tethered to any specific apps. Instead, Okta is free to provide the same level of care to each and every app in the Okta Identity Cloud. Okta’s service is inherently secure and reliable, and it has achieved the highest certifications for cloud security.
Okta uniquely provides colleges and universities with the tools they need to manage the student lifecycle. With Okta, colleges can have sophisticated control of student identities across all lifecycle states. They can create group rules so that students quickly have access to the apps they need. Okta also has built-in workflows for IT process automation such as access requests, deprovisioning, and more.
Okta has over 80 pre-integrated apps for provisioning and deprovisioning, including Box, Office 365, G Suite, Cornerstone, Adobe, Workday, and Dropbox. It also has extensible integrations to critical higher education apps like Ellucian, Blackboard, and Canvas, among others. And, IT can extend provisioning to any custom apps using SCIM. Colleges can also use Okta’s APIs to make any application (like a SIS) a profile master. Okta’s service is highly available, reliable and secure. It never shuts its service down for maintenance or upgrades.