Supporting Students and Staff at Scale
Architecting a Complex Higher Ed System
A leader in eLearning, this non-profit customer is one of the largest universities in the U.S. The majority of its more than 190,000 students are enrolled online. Supporting this kind of student body requires a centralized IT department that numbers in the hundreds. In the last few years the customer has hired a new CIO, CISO, CTO, and director of IAM, and was eager to formalize and modernize its newly established IAM program.
Like most universities, this customer is naturally risk-averse with a deliberate and consensus mandated approach to strategic investment. But the sheer size of its student population means it needs to keep growing and innovating its infrastructure. One IAM challenge is managing multiple, overlapping identities — including students, faculty, adjunct faculty, staff, part-time staff, temporary workers, and contractors. Each of these groups has a different “identity truth”, and individuals can have multiple affiliations (staff and faculty can be students, and vice versa.) The university was using different applications to manage the different groups: Workday for staff, Salesforce for students, and a separate system for refugee populations speaking different languages. It used Ellucian Colleague (a common higher-ed ERP app) as its identity system; ServiceNow for processing requests; and a home-grown system for creating active directory accounts. The result was a complicated maze of stitched-together programs.
Identity strategy and target maturity varies greatly by industry/regulation and one reason for Integral Partners’ high customer satisfaction rate is the thorough, customized discovery process our advisors use. This helps ensure we capture the state of each customer’s existing systems and needs, as well as each project’s systemic requirements. In this case, the sheer volume of students presented an immense challenge: the university needed to design around the idea that it could have millions of active accounts at any one time. It needed broad flexibility to accept and change the status of identities in many different ways, and accommodate, rather than eliminate, exceptions. And it wanted a system design that would funnel the customer experience for identity services (access requests, certification reviews, etc.) through its existing investment in ServiceNow.
Our advisors held dozens of meetings with the project’s stakeholders—including executives, human resources, the registrar’s office, project owners, architects, ServiceNow specialists, finance, Learning Management Systems (LMS) technologists, physical security, library staff, the DevOps team, web portal owners, compliance, the data warehouse/BI team, and IT support teams. This process helped to socialize the importance of a mature IAM program across the business. It also gave advisors clarity into the problems to be solved, insight into the system and its components, and empathy for helping teams resolve conflicting needs.
The customer also asked us to perform an application inventory, which can help organizations better determine the right IGA solution. We analyzed the top 10 percent (40+) of the organization’s identity-related applications to understand how they were assigning and provisioning roles and to determine which of these applications would be critical in the first phase of implementation.
The Integral Partners team delivered a detailed diagram of the customer’s system architecture, a strategic roadmap with suggested prioritization, best-fit solution recommendations, and a codified list of services to be covered by future tooling. Just as Amazon doesn’t use the same application to manage its staff as it does its customers, Integral Partners advisors demonstrated how two applications — Sailpoint’s IdentityNow (students) and IdentityIQ services (workforce) — would best manage the lifecycle requirements and active directory needs of the university’s diverse populations. At the crux of this solution is a streamlined, intelligent architecture our advisors created for how all the applications — Colleague, Banner, SalesForce, IdentityNow, ServiceNow, and more — work together.
The customer integrated this recommended architecture in its strategic planning to determine the best prioritization for a large portfolio of urgent projects. As the organization decided which projects were top priority, Integral Partners advised on the trade-offs and best practices to achieve the best possible outcome as the work moves forward.
Over the course of the advisory engagement the Integral Partners team earned the customer’s trust with detailed recommendations, sensitivity to its staffing challenges, deep higher education and IAM expertise, and relationships with stakeholders across the organization.
- Consolidated tooling with streamlined architecture
- Automation leading to faster, more reliable credentialing and termination
- Easier role-based services with a more targeted approach
- Discovery of systemic issues that needed attention
- Staff understanding of (and reference documentation for) system functionality
Strategy and Roadmap