Quincy Jones, Trey Parker, John Mayer, Melissa Etheridge — with alumni like that, Berklee College of Music has reason to be proud, and to secure their data and identity while offering alumni access to services that forge an even stronger bond with the community.
Information Security Officer, Berklee College of Music
Known as the world's foremost institute for the study of jazz and contemporary music, Berklee has 55,000 alumni around the world, and 6,000 staff, faculty and students at its main campus in Boston, as well as Valencia, Spain and online.
To foster a better user experience and improve adoption, Berklee Digital Strategy and Communication department wanted to improve integration of several key applications, instead of requiring users to log into each application individually. They wanted a contemporary single sign-on (SSO) solution to improve the flow between applications for their faculty, staff and students.
“In addition, we wanted to provide more services to our alumni community, with an online transcript solution, and providing a single sign-on solution was one way to do this, while allowing everyone to access more services,“ says Gaël Frouin, Information Security Officer at Berklee College of Music.
“The two main drivers were the ability to quickly include logins through a Google directory, because our alumni have Google email accounts, and to enable rapid integration, without requiring them to change all their passwords. We also looked for flexibility in the user experience -- one user experience with features that would allow them a direct connection to our internal directory, to change their own password, and allow us to customize the interface,” recalls Frouin.
Focusing on three main applications, a team from Digital Strategy & Communications, Information Security and System Administration defined the technical and user requirements, platform management and directory integration with existing services. They consulted with the various application owners to ensure standards support.
Initially the team looked at both identity as a service (IDaaS) providers and open source solutions such as Shibboleth and SimpleSAMLphp, but chose IDaaS for easier integration with SSO, as well as relieving the burden of infrastructure maintenance. “We knew that many applications were going to support SAML for SSO, so that protocol became a high priority for new apps,” states Frouin.
Berklee conducted comprehensive proof-of-concepts with several IDaaS solutions. “OneLogin was fairly easy to implement. Compared with the other solutions, we found the OneLogin user experience and user interface to be more flexible. And a compelling price was an important factor in our choice,” says Frouin.
The main applications Berklee initially integrated with SSO include WebEx for web conferencing, institutional websites, Symplicity career management resources, Parchment for transcripts for alumni and current students, and Lynda.com corporate learning and training service. And there are more on the way.
“Using Google as a directory for our alumni was important, with OneLogin and Active Directory for our internal users - faculty and students. We had most of our alumni in the Google directory, in their own domain, and we wanted to be able to integrate them in various applications really quickly. So we wanted to leverage the information we had in Google, and OneLogin enabled us to do that. We now have moved away from Google as a directory and migrated our alumni to local accounts, allowing us to integrate the application through SAML authentication and perform alumni provisioning through OneLogin, “ observes Frouin.
“To correlate login attempts from various locations, and send alerts in case of suspicious activity, Berklee leverages the integration between OneLogin and CloudLock to protect and manage our cloud infrastructure. This setup allows us to identify suspicious activity and sensitive data exposure, and remediate against them,” adds Frouin.
Berklee is reaping the benefits of selecting OneLogin in four main areas, according to Frouin -- user adoption, flexibility, ease of integration, and alumni community services:
User adoption: “We are happy with the service, globally it’s working well for us, with good use and adoption. The main thing that has changed is that we have the same login everywhere and people are all getting familiar with this login for their apps.”
Flexibility for IT and users: “I think that’s really the flexibility of the platform, the type of accounts you could have, the application is configurable -- it’s fairly wide. The way we configure OneLogin, internal users can login with either their username or their email, which alleviates some issues in certain applications.”
Ease of integration: “The integration has been fairly easy, both with internal users and the rollout of new services to alumni.”
Alumni community services: “Alumni only had an email before. Through OneLogin, we gave them access to additional applications --the transcripts, our main website, a notification center, and career manager-- helping strengthen their ties to the Berklee community.”
OneLogin brings speed and integrity to the modern enterprise with an award-winning single sign-on and identity-management platform. Our portfolio of solutions secure connections across all users, all devices and every application, helping enterprises drive new levels of business integrity and operational velocity across their entire application portfolios.