May 11, 2023

Higher Education Implementation Suite

Identity Works LLC has been in the field for decades working across all verticals, but we often find ourselves working with colleges and universities. Over the years, we have solved many of the complex challenges with multi-personas and access policies that exist in higher education. We frequently hear “our setup is unique, we have this homegrown system written in Perl, COBOL, Python, PL/SQL, <insert language here> and it does all of this “magic” to provision access, put users in groups in Grouper, handle matching and merging of identities, create guests, etc.” Homegrown systems were great when nothing else existed in the market, especially in higher education where you have hundreds of thousands of users. Support for in-house-developed solutions can become difficult and costly as institutional knowledge is lost when staff eventually leave. Maintaining the systems that run the scripts and safeguarding the data becomes a challenge. 

In an RFP we will see items called out such as: 

  • Real-time provisioning 

  • Complex role management/grace periods 

  • Integrations for Grouper, DUO, Kerberos, etc.  

  • Delegated Administration 

  • Advanced Reporting & Auditing 

  • Sponsored Accounts 

The list above seems like a tall ask, but with products in the market today like SailPoint IdentityIQ, Identity Works has helped schools adapt these homegrown processes into an off the shelf product. Our Higher Education Implementation Suite includes solutions that will address your needs. 

Most off the shelf Identity products rely on batch-based tasks that read data from various systems to provision or update access. Our Push Identity plugin provides a configurable plugin for which you can associate a particular service account with the ability to send real-time updates into IIQ and invoke configurable Identity refresh options all via a simple RESTful web service. 

When it comes to assigning roles, higher education can have complex requirements particularly around exceptions, i.e. a student is considered active in some cases except if they have x/y/z leave codes. 

We know a lot of institutions in higher education that use Grouper, Duo, and Kerberos so we’ve built connectors and plugins that handle these integrations. Our DUO plugin allows support staff to view DUO logs, create bypass codes, send Push/Voice messages for ID Proofing, assist with lost or stolen phones, all without the need to use the DUO admin console. Kerberos is frequently a tricky integration, but using our command like shell connector you can invoke any kadmin commands necessary to manage the lifecycle of an account. 

With our UI Enhancer Plugin you can implement a friendly to use UI with robust searching, auditing, delegated administration, and other functionality all without the need to build a custom user interface. This plugin overlays the OOTB IdentityIQ UI and can be easily tailored to your needs with custom configuration. 

The primary drivers behind replacing a homegrown solution also tie into auditing and compliance, this functionality is often difficult to build and manage. Our History Plugin not only adds a timeline-based view of audit history on each user, but also audits attribute level changes. Being able to look back and see at what time a particular student went from active to inactive and what results followed based on that change is invaluable data. We’ve also built a custom JDBC reporting data source that you can drop into your installation which allows you to create custom SQL reports all off the IdentityIQ database. 

Every school we’ve worked with also has the need to support users who don’t originate in an authoritative source, constituents such as vendors, collaborators, guests, volunteers, etc. To solve this issue, we have leveraged custom plugins that can take care of the onboarding and management of these users, approval workflows, as well as supporting bulk requests for large groups. This allows you to have a central authoritative source without the need to purchase something or build something custom. 

To learn more about our service offerings, our work with higher education or about the plugins mentioned above please contact us.