IT departments at K-12 districts, colleges, and universities have a challenge: keeping students secure while also making it easy for them to use school apps and resources to register, pay, sign up for classes, etc. Of course, it’s not just students. The same is true for staff, alumni, and external users.
But we’re talking about two often competing directives. Because security requires that people use secure passwords for their many applications, but remembering all those passwords makes life hard for users. In fact, an academic study showed that 78 percent of people have trouble remembering their passwords. That’s why 70 percent of people reuse passwords, which obviously isn’t great for security.
What other methods do people use to deal with passwords? They:
- Write them on Post-its®
- Text or message the password to themselves
- Keep them in a spreadsheet
- Email themselves that pesky password
Or they simply forget the password and request a reset. Over and over again, adding up to lost time and money as your IT staff spends hours and hours just resetting user passwords.
The cost of password resets adds up. A single password reset can cost up to $70. Forrester found that large organizations spend up to $1 million each year in staffing and infrastructure expenses to handle password resets.
There has to be a better way.
And there is. It’s called single sign-on (SSO).
SSO is as close as you can get to ridding yourself of passwords altogether. With SSO, instead of using separate passwords for each application, students use just one password to access all of their school apps and resources.
SSO uses SAML (Security Assertion Markup Language) authentication to enable students, staff, and alumni to log in just once, with one password. That means:
- Yes to accessing cloud apps.
- Yes to accessing on-prem legacy apps.
- And, yes to single-password access whether or not Active Directory is your system of record.
Automatic password resets
Users have a much easier time remembering one (even complex) password than many passwords. Of course, it’s still important to have good requirements and it’s important that you prompt users to change their password regularly.
Getting down to one password per user can save your helpdesk a ton of time. But students, and especially occasional users like parents or alumni, will still forget that single password. The beauty of single sign-on is that, when they do forget it, your helpdesk staff doesn’t have to be the middle guy in password resets.
With cloud-based SSO, users can reset their passwords by themselves.
OneLogin single sign-on provides access to all the apps a student needs through a single portal the user logs into via a single password. OneLogin includes a Cloud Directory that acts as your secure directory. It has an intuitive web-based interface that allows you to manage users, authentication policies, etc.
OneLogin is easy to plug into complex directory infrastructures with multiple forests and domains via its Active Directory (AD) and LDAP connectors. And the real-time user synchronization means that when users are created, updated, or disabled in Active Directory, the changes are instantly pushed to OneLogin, which in turn will propagate user updates into the respective cloud apps.
With OneLogin, you define password policies with specific requirements and reset times. If a user’s password expires in AD, they’re prompted to change the password the next time they log into OneLogin. They can also reset their password at any time—including when they forget it.
When a user changes their password via OneLogin, it keeps the password synchronized with AD and any cloud applications where password provisioning is active. OneLogin SSO takes you out of the password reset equation. Students and staff can manage their own passwords while still being required to comply with your password rules. And you can even add multi-factor authentication and risk-based authentication to further secure and streamline user authentication.
With OneLogin SSO, you can balance those two competing directives: keep students and staff secure while also keeping them happy by giving them an exceptionally easy user experience.