Identity and access management (IAM) demands tend to be amplified in the education industry. Education systems have specific IAM needs unique to their special environment.
- Consider some of the challenges school districts and higher ed institutions face:
- Provisioning changes for most users year after year
- Users of various roles
- Users with multiple roles
- Users of all ages and technical skill
- Users needing access from anywhere, on any device
- Multiple sources of identity management
Where Does Education IAM Overlap With Other Industries?
A number of businesses have comparable challenges: one parent organization comprised of multiple organizations, a variety of user roles, users who have multiple roles, department leads who must manage users within the department, and a need for flexibility to work from anywhere on any device (BYOD).
Similarly, education has one parent organization, whether a university or school district, with multiple schools; a variety of roles, such as faculty, students, parents, and alumni; users with multiple roles; faculty who need to manage their own sets of students; and a need to empower the faculty and students to access tools outside of school on their own devices.
And then, there are the big, obvious needs of security, single sign-on, process automation, compliance, and extending access to the cloud.
What IAM Challenges Make the Education Industry Unique?
IAM Sources of Truth
Unlike businesses, who tend to have one source of truth for identity management (usually a directory such as Active Directory or LDAP, and sometimes the HCM), school districts and universities rely on multiple sources. For example, they may rely on the Student Information System for faculty and staff, but the admissions system for students, and the donation system for donors. They also have even more systems to rely on or to merge, such as the systems for the library, sports teams, and alumni organizations.
Although businesses also have users with multiple roles, this situation is more frequent and complex in the education industry. For example, a faculty member is often also an alumni and sometimes a parent; a staff member can also be a student.
Roles change constantly, making manual provisioning a nightmare. Each year a student comes in with a different status. Each semester or quarter, their instructors and classes change. Each graduating class becomes alumni.
“In a school environment, you have a large percentage of users leaving every single year. All of a sudden you just lose 3,000 users, and then add another 3,000 a few months later. It doesn’t happen in any other organization,” says Patrick Scanlan, Supervisor in Technology and Data Services at San Jose Unified School District.
The identity system also needs to support temporary guests, like substitute teachers or students who are taking online courses.
Granting access to the users in all of the above situations, and at the right permissions level, affects the user’s ability to perform and the security of sensitive data.
By Age and Technical Skill
Granted, no matter the organization, users will vary by age and technical expertise. Consider a school district though: its users range from elementary school students to older faculty members and parents. The identity system must be simple enough to provide a good user experience for a 5-year-old and a 50-year-old—while still being complex enough to meet challenging provisioning requirements.
“Because we’re a school district, we have a daily issue with many users about managing or even remembering usernames and passwords,” says Scanlan.
How Are Leading Educational Institutions Meeting Daunting IAM Needs?
The complex and unique IAM needs of an education organization make a comprehensive solution hard to find.
OneLogin has a solid track record in the educational segment with features designed to deliver an IAM solution that works for more than just enterprises. Watch the OneLogin Professional Services Team explain how they’ve helped schools and universities automate processes.