Jefferson College Cuts Help Desk Requests with Identity Management System
Photo: Shutterstock.com
A new identity management system at
Jefferson College in Missouri gives students and staff access to their Google
Apps, Blackboard and other accounts through a single sign-on Web portal, and
lets them reset their own passwords, resulting in a significant reduction in
help desk requests. And the college implemented the entire system in only five
weeks, rather than the typical six to 12 months.
The college previously used a proprietary Web portal to serve its intranet. The
portal handled user authentication for access to campus systems, such as
finance, HR, payroll and student information systems, but it no longer met the
college's needs and provided a single point of failure. When the developer
released a major new version of the software, the college was faced with a
"forklift upgrade" whether it stayed with the same vendor or implemented
something new, according to Tracy James, senior director of information
technology at the college.
Finding a New Identity Management System
James and his team decided to switch to a new Web portal called myCampus from
CampusEAI, but it required a separate
identity management system for user authentication, something that James wanted
to separate from the portal anyway.
"We wanted a single system that was separate and standalone, not dependent on
any other system to authenticate and provision our user accounts," said James.
"But primarily we wanted a system that gave us redundancy, one we could place in
our virtual environment, where we could run in high availability mode with two
systems running simultaneously, so if one goes down or fails, the other one
takes over."
Since this was Jefferson College's first foray into identity management,
James and his staff also wanted a system that was backed by a strong support
team.
James appointed several people to evaluate IdM vendors and narrow it down to
a short list. The team soon discovered that a lot of the identity management
systems on the market were subscription-based or hosted off-site –- neither of
which Jefferson wanted –- and they were beyond the college's budget.
"All identity management is expensive," said James, "but we couldn't really
get the flexibility with the subscription-based or hosted solutions."
Deployment Partners
According to James, Fischer
Identity quickly rose to the top of the list for three reasons: 1) because
Jefferson College could install it in a virtual environment to eliminate
performance issues; 2) because it could run in high availability mode with
redundancy; and 3) because Fischer was willing to train the college's IT
staff on the complete management of the system, so they would have full
control of it.
In February 2013, James and his team started working with Fischer and
informed them that they needed to go live with the new Web portal on June 1, and
the identity management system had to be in place by then.
"We knew that February to May was a short time frame," said James. "Six to 12
months is typical for an identity management rollout because it touches every
system. There's a lot of work behind the scenes." The implementation process
required a significant amount of information gathering before the actual
deployment could take place, and the entire system would need to run in a test
environment before they could move it to the production environment.
Fischer came back to the college with a radical proposal: The company would change its rollout model to meet Jefferson's tight timeline, something it
had never done before. Fischer dedicated a team of five or six people to the
project exclusively, and James in turn committed his staff to the project as a
top priority. The entire implementation took five weeks from start to finish.
"We collaborated daily online via WebEx, and it was a lot of work," said
James. "It was exciting because it was a neat project and we were able to
accomplish so much daily between my staff and Fischer. It was an ideal
partnership."
The reciprocity of the partnership was critical to the success of the
project. If Fischer needed information from Jefferson, the staff would respond within an hour, and vice versa.
Identity Management in Action
Jeffersons' identity management system provides policy-based provisioning,
password reset and synchronization and other integration with the college's
Banner student information system, Microsoft Active Directory, OpenLDAP, Google
Apps and Blackboard.
"We ended up with a robust identity management system that operates in high
availability, in a virtual environment, which was one of our goals, and it
provisions our accounts based on roles," said James.
When a student enrolls at Jefferson, the college creates an account for him or her
in Banner with a student role, and that Banner account is the sole source of
authority over the student's access to the portal. The college uses Gmail for
campus e-mail, so students are given a Gmail account, and if they use online
learning through Blackboard, that account is created automatically. The
passwords are synchronized between all of the accounts, so once students log in to
the portal, they can just click a link for Gmail or Blackboard and they're
automatically logged in through a secure link.
Because Jefferson implemented Fischer Identity's self-service password reset
component, if students or staff members forget their portal password, they can
reset it themselves. "And that is welcomed by all of our students and staff
because they're used to that," said James. "When they set up their own personal
Gmail or Yahoo accounts, they are able to reset their own password. And that
service also greatly reduces our help desk requests for password resets. That
was a really big win for all of our users."