The company combines world-class educational content and assessment, powered by services and technology, to enable more effective teaching and personalized learning at scale.
For most of its more than 175 years, Pearson was a publishing company best known for its international textbook business. In recent years, it has been on a quest to reinvent itself as a global learning services company to improve the lives of millions of people worldwide. Digital transformation is the linchpin in this ambitious strategy, and PearsonAccess is the company’s next-generation, web-based technology platform for end-to-end administration of large-scale assessments.
In 2018, Pearson began a strategic initiative to build a new, customer-facing cloud platform that would enhance its existing suite of solutions for K-12 schools in the US to enroll and manage testing for their students. Pearson Access, built on Amazon Web Services (AWS), allows state administrators, district coordinators and school teachers to manage and register students for their required tests. The platform complements a full portfolio of solutions that Pearson provides to help schools and students take assessments.
Identity and access management was a critical component in the project. The launch plans required that the platform could support hundreds of thousands of users initially and millions of users as Pearson deployed to new school districts. Reliability, performance, and enterprise scale for authentication and authorization were critical to the successful rollout and maintenance of the platform.
Also of critical importance was for Pearson to be able to support the authentication preferences and security policies of the school districts that it serves. That presented a complex, administrative challenge as every school has its own preference and system for how it manages identities such as through Active Directory, an IDP/SSO platform, or custom solutions. According to Wayne Moore, Director of Software Development at Pearson, it was also critical that the Pearson team could centrally manage all those identities for performance testing, to access auditing, and to handle other essential user management tasks on behalf of its customers.
Moreover, many schools wanted to personalize the experience as they used Pearson Access. As Moore explains, “School districts and schools want control over the look and feel of their login experience via Pearson Access, specifically by customizing the login screen to match their branding.”
As they began bidding for contracts to serve school districts, the Pearson team knew it also needed a solution that could be implemented successfully inside a tight time frame. “We needed an enterprise solution geared toward our needs, and a partner that could grow with us. And we needed to deploy this solution in time to support spring testing,” Moore says.
With OneLogin CIAM, we can provide students, teachers, and administrators with seamless access to our platform. It provides the enterprise-grade security features we need and the support for the authentication methods our customers prefer.
The Pearson team initially turned to Amazon Cognito as the identity service for this platform. While the service provided great capabilities in the areas of back-end application development, it fell short in key areas for the broader needs of Pearson’s Customer Identity and Access Management (CIAM) project.
As an identity service, Amazon Cognito couldn’t support the scope and scale of Pearson’s project. Performance testing with Cognito raised initial concerns. “We weren’t confident that Cognito could reliably support our goal of one million users on the platform,” Moore explains. The administration console also lacked critical functionality for ongoing use. Moore recalls that even simple admin tasks like finding users in the directory and exporting a list of users were difficult.
Amazon Cognito also couldn’t adequately support the authentication needs and approach that Pearson wanted to deliver for its customers. “With a lot of greenfield, new development on the horizon, we need to be able to grow on an CIAM platform. That includes everything from the types of identity management systems we can authenticate and how we administer to how we deliver a customizable experience for customers. Amazon Cognito only scratched the surface,” Moore explains.
The Pearson team considered CIAM alternatives, including building in-house and leveraging a third-party solution inside AWS’s partner ecosystem. It quickly ruled out developing its own solution. “CIAM is a very specialized area and we need dedicated professionals to keep pace with the changes in security standards and protocols,” Moore says.
Next, the team evaluated Auth0 and the OneLogin Customer Identity & Access Management (CIAM) solution by running proofs of concept. “Both vendors performed well in the technical evaluation, but we were also looking for a strong partnership. We got both technical excellence and a strong relationship with OneLogin,” he continues.
According to Moore, numerous OneLogin CIAM features stood out, including support for security policies, fine-grained user access control – even for just-in-time users – and the ability to automate changes to user attributes, roles, and groups through mappings.
Moore was also impressed with the ability to stand up accounts instantly, establish API credentials for teams that are part of the platform ecosystem, and easily export and import users.
“OneLogin offers enterprise-grade reliability at the scale we need now and in the future when we have millions of users. Through OneLogin’s integrations with AWS, it was also invaluable being able to import users into OneLogin CIAM,” Moore explains.
Pearson was able to deploy OneLogin CIAM in support of signing new customers onto the platform before spring testing. The trusted identity provider feature in OneLogin supports SAML, OpenID Connect and OAuth, enabling Pearson to configure multiple identity providers to securely sign users into OneLogin and OneLogin-protected applications.
“With OneLogin CIAM, we can provide students, teachers, and administrators with seamless access to our platform,” Moore explains. For instance, if students are already logged into their school system with SSO, they use the same interface to see and take tests.
In addition to making it possible for Pearson to deliver a consumer-like experience to its customers, OneLogin gives Pearson confidence to grow its business. “OneLogin enables us as we pursue our strategy onboarding millions of users. It provides the enterprise-grade security features we need and the support for the authentication methods our customers prefer. In addition to benefiting from OneLogin’s technology, we appreciate partnering with a company that is continually evolving its own platform,” concludes Moore.