Mastering the evolution of identity and access management throughout the student journey
The processes by which students learn have seen substantial innovation in the past several decades. Internet technology that transformed campuses across the world in the ‘80s and ‘90s was the start of a breakneck technological transformation that has yet to slow. From smartphones and cloud services to smaller, more niche advancements, colleges and universities are under immense pressure to keep their solutions relevant and connected.
The size of the average institution’s IT infrastructure is both a symptom and a cause of this expectation. Students make use of countless digital solutions to perform even basic tasks, many of which incorporate sensitive personal information (SPI). Email, registration data, financial aid information, and class-specific cloud fileboxes are just four simple examples. Of course, that’s before considering digital systems that require login and serve important functions without hosting SPI, such as online learning modules. In terms of sheer exposure, the average student may engage with more digital tools and environments than almost any other person who relies on computers to carry out assigned work. The security and privacy concerns this raises is obviously significant.
While the continual addition and improvement of digital systems is undoubtedly a net good, there’s also little question that managing identity across many different tools and applications can quickly become a serious challenge. Since colleges and universities often add and upgrade systems on an ad-hoc basis, crucial issues such as privacy, security, and identity management can be neglected. This becomes especially prevalent if you consider the fact that a student population forced to interact with many different systems and applications is unlikely to practice good password hygiene, and will often resort to insecure or reused passwords.
New Demands on Institutions
This isn’t to say the digital ecosystems institutions have built over years are fundamentally ineffective. That university IT teams can keep such intricate ad-hoc collections running smoothly on a day-to-day basis is a testament to their skill and expertise. However, by trying to address security, identity, and provisioning, IT professionals find themselves facing a “quicksand problem”. Every new layer of security and stopgap solution brings with it complexity, which ultimately results in user frustration, poor password hygiene, and added work for the IT security team. IT professionals at Flinders University in Australia struggled with thousands of password reset requests, for example, until they switched to a smarter identity access management (IAM) solution with Okta Identity Cloud.
Today’s college students are among the first to grow up with smartphones and tablets, so expectations in terms of activation and ease of access are high. Any identity solution that’s implemented should meet the needs of tech-savvy users that demand a sleek and user-friendly experience.
The Student Journey
With the right tools in place, colleges and universities can link systems in a way that is simple, planned, and predictable. Let’s explore how to securely connect the average college student to the technologies they need throughout their journey from application to eventual alumnus.
Before students even register for classes, an initial interaction creates ripples that will last throughout their time with your institution, and beyond. Right now, the username and passwords they build will let them create accounts within your system, access login-only content, and submit applications. Later, they’ll use it for everything from scholarship applications, to checking test scores, and having online conversations with classmates and professors.
Okta Lifecycle Management flags the account as a non-student applicant, automatically provisioning it with access to the tools a user needs to take the next step. Okta’s Universal Directory, meanwhile, ensures manual administration needs for this account are all handled in the same place, just like all the other accounts under its banner.
Here’s where Enterprise SSO becomes a larger part of the student’s experience. The more systems students access under a single username and password, the easier numerous critical tasks, including registration, online assignments, and financial aid payments (among countless others) become. With the evergrowing number of devices students carry to campus, Adaptive MFA also provides significant value. IT staff can rest easy knowing users’ accounts are secure behind device-layer authentication.
Provisioning a student for various roles and needs becomes easier, with most tasks moving from manual to automated. Managing a single password inherently reduces the number of requests made, while those that do come through can largely be handled with self-service features. A single point of entry also eases password enforcement, paving the way for stronger policies and fewer security events.
Ongoing study and work-study
Besides accessing new systems that come with changing classes, additions to the IT stack since entrance are also added automatically as needed. A new scholarship application system is easy to provision to all qualified accounts, as one example, just as the old one is easy to retire.
Work-study provides another interesting look at Okta’s higherlearning offerings. With Enterprise SSO, students get a single point of access for all the tools they need for classwork and paid work. Whether they need to view pay stubs or submit an assignment to a class-specific portal, logging in is as easy as using the same username and password, then confirming identify via a qualified device. Professors and other staff can use the same institution-branded login portal, which gives IT a single view into all users, regardless of specific positions within an organization.
The hybrid IT approach deployed by many universities—a natural outcome of an ad-hoc infrastructure build—does not diminish Okta’s benefits in terms of login or lifecycle management. Because Okta’s solutions are built to integrate with thousands of third-party solutions, as well as home-grown tools the institution relies on, new applications can easily be added, regardless of source. As an example, students and professors needing provisioning/access to Office 365 can login through the same page they use to access a university-built solution.
This is a significant change from older methods, where many tasks were handled manually. In the past, Office 365 password resets may have been referred to Microsoft, while access to internal systems might bounce between different governors within the IT hierarchy. Similarly, Universal Directory ensures profile management falls under a single, organized set of umbrellas, making the days of “chasing down” various accounts for manual action a thing of the past.
Alumni are connected to a university in a more oblique manner, and their interactions and status within the IT environment reflect that change. They can log in via their Facebook, Google, LinkedIn, or Microsoft account, then take part in the usual alumni activities, such as making donations, viewing transcripts, and engaging with others on school social networks.
Since this removes the need to handle password resets from an ever-growing list of alumni, personnel are free to handle more crucial tasks. The potential for “leapfrog” security events—in which attackers use weak passwords from people loosely connected to the organization to gain information and greater access—is also reduced, since alumni login credentials are shielded behind strong enforcement measures from their authentication source.
Addressing the Hidden Challenges of Education IT
At every step of a student’s journey, the process of navigating and utilizing the university’s applications and systems is simplified, secured, and (where relevant) scaled down. No matter how many systems they access in their higher-learning years, no matter how many roles they assume or tasks they take on, their front-end experience is the same: a single, branded login point, with the same credentials used everywhere, and a secondary device providing a necessary added layer of security.
For IT personnel, the benefits are easy to see:
While identity and access management can seem quick and simple when looking at the work involved in provisioning a single user, time quickly adds up when you’re dealing with thousands of users. An Okta survey found that the average company could see time-savings equal to $1,643,553 by implementing a more effective identity solution. This includes $811,267 in time-savings related specifically to provisioning. According to respondents, the biggest challenges to productivity were continual password resets and provisioning requests.
Consider San Jose State University (SJSU) and Usinis College (UC), two higher-learning institutions that benefited from Okta’s solutions:
- San Jose State University manages roughly 37,000 students, faculty, and staff using more than 100 web apps, many of which tie into proprietary systems with unique sign-in requirements. Switching to the Okta Identity Cloud allowed SJSU a greater degree of security, since SSO reduced instances of password-sharing and insecure behavior. Okta Lifecycle Management, meanwhile, gave them the power of automatic provisioning, no matter where a given student is within the lifecycle.
Read more about SJSU’s transformative Okta experience.
- Ursinis College, having suffered severe disruption to their computer systems after a natural disaster, turned to Okta to ensure Mother Nature could never inflict that level of damage again. UC was able to add features like SSO and Universal Directory to a cloud-based environment, upping capability while simultaneously eliminating the single points of failure that caused them so much trouble to begin with.
Read more about UC’s smart reaction to a devastating event.
Colleges and universities that fail to get a proverbial thumb on their footprints may also find challenges deepening as systems grow. Any solution that fails to anticipate and incorporate future systems and additions is a short-term one at best. What’s really needed is an integrated solution that simplifies sign-on and security across the entire student lifecycle, both as it functions today and as it’s set to evolve.
As the leading provider of identity for the enterprise, Okta offers a number of tools that meet these needs of modern higher-learning institutions. Welcome to the Okta Identity Cloud: a powerful, scalable, highly integratable set of solutions built to make life easier for IT and end users alike. In particular, the following tools lend themselves to a higher-learning IT environment:
- Enterprise Single Sign-On (SSO): With Enterprise SSO, every cloud-based and on-premises solution your students, faculty, and staff must interact with can be accessed with the same username and password, all through the same institution-branded sign-in page—a change that enhances user experience, inhibits security- and privacy-impacting behaviors, and vastly reduces the amount of time IT spends on password resets.
- Adaptive Multi-Factor Authentication (MFA): The days of carrying one electronic device to college are long gone. Adaptive MFA takes advantage of the average user’s connected lifestyle by utilizing multiple devices— smartphones, tablets, or laptops, for instance—as a form of identity authentication. Once the user enters his or her SSO password, they are prompted by a second factor, such as a one-time password (OTP) sent to a mobile device.
- Lifecycle Management: Account management can become a significant burden across a learning institution’s expanding systems, and the problem only grows deeper as the number of required web apps and related online properties expands as well. Lifecycle Management automates all lifecycles within an organization, and offers pre-integrated provisioning and simple access governance. Okta’s Universal Directory integrates with the institution’s current apps and directories, and provides visibility into everyone in an institution’s directory. This includes legacy on-premises systems, which Universal Directory can help migrate to the cloud.
- API Access Management: Identity is important—but when creating a new app or service, not all developers have it front of mind. Okta’s API Access Management allows institutions to leverage Okta’s APIs for the authorization layer, so that user data is protected. Better security and a seamless customer experience help ensure that both students and faculty are protected, and developers are free to focus on creating the best products possible.
An Easier Path to the Future
All of this matters today because it makes identity and access management much easier on both sides of the IT counter. Students enjoy the combination of security and simplicity, while IT attains an all-in-one solution that automates mundane manual tasks.
Moreover, as an institution continues to evolve its chosen set of solutions, it is critical to have tools that can evolve and mature along with it. When students, faculty, or staff clamor for your institution’s response to the next big thing, being able to implement it in a way that fits your strategy is only half the battle. Knowing your chosen identity and access management tool will be up to the challenge, and being able to offer both ironclad security and ease of use is just as important.
You can never be sure what your organization’s footprint will look like in the next five or ten years, nor can you anticipate exactly what functions and features students will demand. You can ensure access, administration, and privacy enforcement are made easier, however—a guarantee that can impact recruitment efforts, retention, and even graduation rates. With Okta, educational institutions can crefate a class-leading user experience for students and reduce strain on IT staff in the process.
Want to improve the student experience while reducing identity risk and IT workload? Contact our sales team today.
Okta is the leader in managing and securing identities for thousands of customers and millions of people. We take a comprehensive approach to security that spans our hiring practices, the architecture and development of the software that powers Okta, and the data center strategies and operations that enable the company to deliver a world-class service. In addition to product innovation and an award-winning customer support approach, Okta’s solution is backed by a world-class cybersecurity team that works around the clock to provide the most secure platform for their users and the information they are entrusted. We employ state of the art encryption key management to secure customer data. Protection of customer data is audited in accordance with GDPR, FedRAMP and NIST 800-53, HIPAA, and ISO 27001 requirements. The company protects user information for global organizations such as ENGIE, Eurostar, Scottish Gas Networks, and News Corp, as well as some of the most highly regulated, complex companies, including American Express, U.S. Department of Justice, and Nasdaq.
To Learn more please visit www.okta.com/education