Jefferson College Cuts Help Desk Requests with Identity Management System

identity management

Photo: Shutterstock.com

A new identity management system at Jefferson College in Missouri gives students and staff access to their Google Apps, Blackboard and other accounts through a single sign-on Web portal, and lets them reset their own passwords, resulting in a significant reduction in help desk requests. And the college implemented the entire system in only five weeks, rather than the typical six to 12 months.

The college previously used a proprietary Web portal to serve its intranet. The portal handled user authentication for access to campus systems, such as finance, HR, payroll and student information systems, but it no longer met the college's needs and provided a single point of failure. When the developer released a major new version of the software, the college was faced with a "forklift upgrade" whether it stayed with the same vendor or implemented something new, according to Tracy James, senior director of information technology at the college.

Finding a New Identity Management System

James and his team decided to switch to a new Web portal called myCampus from CampusEAI, but it required a separate identity management system for user authentication, something that James wanted to separate from the portal anyway.

"We wanted a single system that was separate and standalone, not dependent on any other system to authenticate and provision our user accounts," said James. "But primarily we wanted a system that gave us redundancy, one we could place in our virtual environment, where we could run in high availability mode with two systems running simultaneously, so if one goes down or fails, the other one takes over."

Since this was Jefferson College's first foray into identity management, James and his staff also wanted a system that was backed by a strong support team.

James appointed several people to evaluate IdM vendors and narrow it down to a short list. The team soon discovered that a lot of the identity management systems on the market were subscription-based or hosted off-site –- neither of which Jefferson wanted –- and they were beyond the college's budget.

"All identity management is expensive," said James, "but we couldn't really get the flexibility with the subscription-based or hosted solutions."

Deployment Partners

According to James, Fischer Identity quickly rose to the top of the list for three reasons: 1) because Jefferson College could install it in a virtual environment to eliminate performance issues; 2) because it could run in high availability mode with redundancy; and 3) because Fischer was willing to train the college's IT staff on the complete management of the system, so they would have full control of it.

In February 2013, James and his team started working with Fischer and informed them that they needed to go live with the new Web portal on June 1, and the identity management system had to be in place by then.

"We knew that February to May was a short time frame," said James. "Six to 12 months is typical for an identity management rollout because it touches every system. There's a lot of work behind the scenes." The implementation process required a significant amount of information gathering before the actual deployment could take place, and the entire system would need to run in a test environment before they could move it to the production environment.

Fischer came back to the college with a radical proposal: The company would change its rollout model to meet Jefferson's tight timeline, something it had never done before. Fischer dedicated a team of five or six people to the project exclusively, and James in turn committed his staff to the project as a top priority. The entire implementation took five weeks from start to finish.

"We collaborated daily online via WebEx, and it was a lot of work," said James. "It was exciting because it was a neat project and we were able to accomplish so much daily between my staff and Fischer. It was an ideal partnership."

The reciprocity of the partnership was critical to the success of the project. If Fischer needed information from Jefferson, the staff would respond within an hour, and vice versa.

Identity Management in Action

Jeffersons' identity management system provides policy-based provisioning, password reset and synchronization and other integration with the college's Banner student information system, Microsoft Active Directory, OpenLDAP, Google Apps and Blackboard.

"We ended up with a robust identity management system that operates in high availability, in a virtual environment, which was one of our goals, and it provisions our accounts based on roles," said James.

When a student enrolls at Jefferson, the college creates an account for him or her in Banner with a student role, and that Banner account is the sole source of authority over the student's access to the portal. The college uses Gmail for campus e-mail, so students are given a Gmail account, and if they use online learning through Blackboard, that account is created automatically. The passwords are synchronized between all of the accounts, so once students log in to the portal, they can just click a link for Gmail or Blackboard and they're automatically logged in through a secure link.

Because Jefferson implemented Fischer Identity's self-service password reset component, if students or staff members forget their portal password, they can reset it themselves. "And that is welcomed by all of our students and staff because they're used to that," said James. "When they set up their own personal Gmail or Yahoo accounts, they are able to reset their own password. And that service also greatly reduces our help desk requests for password resets. That was a really big win for all of our users."

Featured