A person identifying himself as recently hired faculty member calls an academic department to ask his email and course management system access to be enabled early. Logging into the account management system to add new information, the assistant notices the department head coming in and explains the situation. The head quickly grabs the phone and hangs up, saying, “We haven’t hired any new faculty this year.”
The preceding scenario illustrates how some of the elements that go into security and identity management affect a campus’s ability to deal with security processes and policies challenges.
Identification, authentication, authorization, and accountability are essential functions in a higher education environment in providing the required services.
Complex User Base in Higher Education World
Just as businesses and corporations struggle with managing a diverse set of users and systems, colleges/universities manage an even more complex user base that includes faculty, students, staff, teaching assistants, alumni, and other contractors.
IAM Challenges in Higher Education Institutions
- Manual Identity Tasks - With legacy and homegrown IAM systems, many identity-related tasks, such as deprovisioning and provisioning, account claim and creation, password changes, are highly manual, time-consuming, and laborious. As a result, there is a risk of human error, as well as orphan accounts being left open.
Modern IAM solutions solve these problems by automating repetitive tasks. This is especially helpful at the beginning of a new session when such tasks can be overwhelming for IT staff.
- Manual Ad-Hoc Access Requests - Visiting students, visiting or contingent faculties are a fact of college life and they need to use college resources, which means they require access. The burden to provide these accesses falls again on IT staff.
Modern IAM solution automates user creation through policy driven workflows, an easy to configure workflow engine turns ad-hoc requests into light work for effortlessly managing non-traditional user access, administer approvals for digital and physical resources, provide time-controlled access certification, and delegate approvals to individual function owners.
- Multiple Affiliations - In an enterprise, users tend to hold a single role, with a single set of access privileges. However, in the realm of higher education, it’s common for users to have multiple affiliations (roles). Students might work as staff, faculty might be enrolled in classes, and graduate students can also be alumni.
Modern IAM solutions can recognize multiple affiliations per user, so a user can have one account for multiple roles, which eases the strain on help-desk staff and simplifies matters for the end-user.
- Massive Scale of Transient Users - Large waves of transient users can cause massive delays in on boarding and often lead to performance issues.
The right IAM solution can automate the complex life cycle management of a large and unpredictable user base - without the need for ad-hoc scripting, external resources, or staff increase. This means automating IAM tasks, such as on boarding, creating accounts, providing user IDs and passwords, granting access to resources, account changes, and off boarding. In addition, self-service password resets and delegated user management capabilities further saves time, money, and frustration.
- Increase in The Numbers of Contingent Faculty - Colleges and universities have realized it’s cheaper to hire contingent faculty than full-time, salaried professors. It creates several challenges for the IT departments to manage the identities of these external contingent workers.
Some modern IAM solutions offer out-of-the-box functionality and workflows designed specifically for managing external users. With these solutions, it is possible to manage the entire identity life cycle of all external users in the same automated way as full-time staff and students, without having to add them to authoritative systems.
- Modular and siloed solutions - Student, faculty and alumni identities are often stored in multiple AD or LDAP domains. Without one centralized place to manage these identities, a lot of IT redundancies exist. most use a combination of on-prem identity and access management systems including Shibboleth, ADFS, Oracle, and IBM, as well as manual processes to manage access to these resources. Instead of one center of excellence from which to manage users and apps, there are several. This is an expensive, and inefficient use of IT resources.
- Lack of Privileged Access Management - Most educational institutions lack a proper privileged access management system. Because of interchanging roles in education sector, Role Based Access Control (RBAC) does not fit right most of the times.
A more capable IAM solution can manage Privileged accounts, like administrative accounts in schools, which provide access to specific users that hold liability for critical systems and student’s sensitive information.
- Compliance Requirements - Universities and colleges must comply with increasingly stringent regulations, such as FERPA, FOIA, HIPAA and PPRA. These regulations mandate stronger security measures and more visibility to protect the privacy of students’ education records, make available copies of all records requested by the student and protect the rights of minority students.
IAM solution ensures security via various means - they leverage data regulations, compliance's, and efficient authentication measures.
How Aujas IAM Solutions Can Solve this Complex Equation
Aujas has a proven experience in the higher education space and its IAM solutions integrates easily into hybrid and heterogeneous environments. Aujas’ IAM solutions can easily be configured to meet every institution’s unique needs and have a pricing model for all sizes and user populations. Aujas’s solutions are designed for rapid development and can be implemented in phases, depending upon the requirements.
Contact us today to learn how Aujas can help addressing college or university’s unique challenges and an IAM solution designed to meet the needs of higher education institutions.