OneLogin Customer Identity and Access Management helped bring our vision to life for a trusted identity provider that ensures we can confidently serve the unique needs of school districts.
Pearson is the world’s learning company with more than 24,000 employees operating in 70 countries on a mission to help people make progress in their lives through learning. Pearson combines world-class educational content and assessment, powered by services and technology, to enable more effective teaching and personalized learning at scale.
For more than 175 years, Pearson was a publishing company mostly known for its international textbook business. In recent years, Pearson has reinvented itself as a global learning services company to improve the lives of millions of people worldwide. Digital transformation is vital to this ambitious strategy, and PearsonAccess is the company’s next-generation, web-based technology platform for end-to-end administration of large-scale assessments.
In 2018, Pearson began a strategic initiative to build a new customer-facing cloud platform that would enhance its existing suite of solutions for K12 schools in the U.S. to enroll and manage testing for their students. PearsonAccess, built on Amazon Web Services (AWS), allows state administrators, district coordinators, and school teachers to manage and register students for their required tests. The platform complements a full portfolio of solutions that Pearson provides to help schools and students take assessments.
Identity and access management was a critical component in the project. The launch plans required that the platform could support hundreds of thousands of users initially, and millions of users eventually, as Pearson deployed to new school districts. Reliability, performance, and enterprise scale for authentication and authorization were critical to the successful rollout and maintenance of the platform.
It was also critically important for Pearson to support the multitude of authentication preferences and security policies of the school districts it serves. This presented a complex, administrative challenge, as every school has its own preference and system for how it manages identities, such as through Active Directory, a Single Sign-on (SSO) platform, or custom solutions. According to Wayne Moore, Director of Software Development at Pearson, it was also critical that the Pearson team could centrally manage all those identities for performance testing to access auditing and handle other essential user management tasks on behalf of its customers.
Moreover, many schools wanted to personalize the experience as they used PearsonAccess. Moore explains, “School districts and schools want control over the look and feel of their login experience via PearsonAccess, specifically by customizing the login screen to match their branding.”
As they began bidding for contracts to serve school districts, the Pearson team knew it also needed a solution that could be implemented successfully inside a tight time frame. “We needed an enterprise solution geared toward our needs, and a partner that could grow with us. And we needed to deploy this solution in time to support spring testing,” Moore says.
We appreciate the collaboration between OneLogin and Amazon Web Services as we accelerate our application development in the cloud. Integrating and deploying OneLogin’s Cloud Identity Management Platform alongside our foundational AWS services helps innovate faster and deliver better customer experiences as we build new learning solutions. Working with OneLogin and AWS Marketplace for our cloud purchase was seamless as well,”
RYAN OLSEN, Director Cloud Engineering at Pearson Education
The Pearson team developed a rigorous selection process for their Customer Identity and Access Management (CIAM) project. The team evaluated a variety of IAM solutions, including building an in-house solution and leveraging a third-party solution inside the AWS Partner Network.
Pearson quickly ruled out developing its own solution. “CIAM is a very specialized area, and we need dedicated professionals to keep pace with the changes in security standards and protocols,” Moore says.
When evaluating third-party IAM vendors, Pearson looked for a long-term solution that could reliably meet the scope and scale of the project and evolve with its business. “We needed to be confident that a solution could reliably support our goal of one million users on the platform. With a lot of greenfield, or new development on the horizon, we also need to be able to grow on an IAM platform. That includes everything from the types of identity management systems we can authenticate and how we administer to how we deliver a customizable experience for customers,” Moore explains.
The team ultimately ran proofs of concept to technically evaluate vendors, among them the OneLogin Customer Identity and Access Management (CIAM) solution. “We received both technical excellence and a strong relationship with OneLogin,” Moore relates.
According to Moore, numerous OneLogin CIAM features stand out, including support for security policies, fine-grained user access control (even for just-in-time users), and the ability to automate changes to user attributes, roles, and groups through mappings.
Moore was also impressed with OneLogin’s administrative console and capabilities, with built in functionality to stand up accounts instantly, establish API credentials for teams that are part of the platform ecosystem, and easily export and import users. OneLogin also complemented and integrated with other solutions, such as Amazon Cognito, that the Pearson team was already using for application development.
“OneLogin offers enterprise-grade reliability at the scale we need now and in the future when we have millions of users. OneLogin also integrates and enhances the capabilities of our AWS technology stack for application development, providing a robust and complementary offering in the areas of identity management, authentication, and user migration. Through OneLogin’s integrations with AWS services, it was also invaluable being able to import users into OneLogin CIAM,” Moore explains.
Pearson was able to deploy OneLogin CIAM in December 2020 in support of signing new customers onto the platform before spring testing. The Trusted Identity Provider (TidP) feature in OneLogin supports Security Assertion Markup Language (SAML), OpenID Connect, and OAuth, enabling Pearson to configure multiple identity providers to securely sign users into OneLogin and OneLogin-protected applications.
“With OneLogin CIAM, we can provide students, teachers, and administrators with seamless access to our platform,” says Moore. For instance, if students are already logged into their school system with SSO, they use the same interface to see and take tests.
In addition to making it possible for Pearson to deliver a consumer-like experience to its customers, OneLogin gives Pearson confidence to grow its business. “OneLogin enables us as we pursue our strategy onboarding millions of users. It provides the enterprise-grade security features we need and the support for the authentication methods our customers prefer. In addition to benefiting from OneLogin’s technology, we appreciate partnering with a company that is continually evolving its own platform,” concludes Moore.