South Australia’s Flinders University has deployed Okta’s cloud-based identity management system to provide single sign-on for staff and student access to more than 70 university applications and to streamline on-boarding of students.
Jan-Marie Davies, solutions architect, identity and access, at Flinders, told Computerworld: “A real driver for implementing Okta was making our environment more customer focussed and friendly and that is what single sign-on does.
“With single sign on and automated provisioning we are removing a lot of the manual vulnerabilities and centralising management of the user life-cycle. When students end their course they are deprovisioned in Okta and that removes their access to all the applications.”
Another feature reducing the workload on university admin staff is a self-service password reset feature. “A user can set a secondary email address or a mobile number in case they lock themselves out of their account,” Davies said. “They can get back into their account without intervention by a help desk”. Previously, password reset requests accounted for several thousand help desk calls annually.
In addition to providing single sign-on to multiple applications, the shift has enabled users to better manage access to their applications.
“The whole student and staff experience has been dramatically improved with Okta,” Davies said. “It has changed the workflow for users. They sign into their Okta dashboard and can arrange their tabs to suit their workflow. They can have tabs for study, for administration, for their personal social media apps and launch them all from Okta.”
Integration with applications is achieved primarily through the Simple Authentication Markup Language (SAML).
“We use SAML to integrate third party applications and fire a message protocol called a SAML assertion to send the users’ details to the application for a secure log in,” Davies said.
Flinders has now automated its student onboarding process. Users are provisioned in Okta from Flinders’ HR systems via active directory. “That allowed us to activate Okta really quickly and get that benefit of single sign on to users really quickly without decoupling all the logic that defines what an identity actually is,” Davies said.
Incoming students are then give a Flinders Authentication name to activate their account. “We have a customer built app that uses the Okta API to determine the users state in Okta: whether their account has been provisioned, whether they are a returning user, and depending on that state will return a link to the user relative to what they need to action next,” Davies said.
Flinders now has some 30,000 students in different states using Okta along with about 7000 staff and 3000 what it calls sponsored identities.
“We have a lot of people who don't fit into a traditional student administration system and we really wanted to centralise the way we manage those,” Davies said.
“There’s a mix of different external roles: IT vendors who need access, contractors, etc; visiting high school students here for a week; and placement coordinators in medical facilities.”
Prior to implementing Okta, Davies said Flinders had used NetIQ. “We evaluated a wide range of products and Okta stood out,” she said. “We have had no hiccups with it and the uptime has been great.”
Davies said the university was not concerned about going with an AWS-based service.
“Security was one of our most important criteria for selecting a vendor,” she said. “I can say that we are happy that Okta is at the forefront of research and development in security.”