"The exciting things are obviously the provisioning and the one-click apps. Those one-click apps are just awesome."
Tracing its history back to the Republic of Texas, the University of Mary Hardin - Baylor (UMHB) serves 4,000 students, with 500 faculty and staff in central Texas. In addition, the university IT department supports another 25,000 alumni and prospective students.
Challenge
UMHB offers a wide variety of apps to serve its students and staff, all with different usernames and passwords, and inevitably students would get confused on which one was which. So single sign-on (SSO) was a big impetus for the university. “As we continued to launch new apps, we needed a way to have a single username and password for our community, and SAML helped us do that. So that's the biggest reason that we're with an identity management provider,” says Matt Irvine, Director of Media Services at UMHB.
“When our SSO provider went out of business, it was a real pain because it's complicated to move all your apps. The challenge for us is that we were moving off of one provider and onto another, rather than doing it for the first time. So it was challenging, making sure that we weren't stranding users. We also wanted to add Canvas, a separate, hosted solution for learning management, and make it a seamless user experience for students,” states Irvine.
Solution
“We did evaluate a few different companies as we moved over. Two-factor authentication was a deciding factor. A lot of companies charge extra for two-factor, which we thought that was kind of shady. So that was a big plus for OneLogin--not only do you support two-factor and it's included in the price, you also have your own solid two-factor app,” comments Irvine.
As UMHB searched for a replacement, “Every time I would search for SAML and some app, OneLogin would come up in search results. That spoke well to me, that we would be in good hands with OneLogin. I wasn't getting the same kind of assurances that the other competitors we looked at could handle our needs,” says Irvine.
“Where OneLogin does really well is that it is very easy to configure, and even more so now. It's pretty simple. If I want to start up G Suite, I load up the Google connector from the app database, and we're off to the races. It takes barely any time to make it happen,” comments Irvine. UMHB was also looking to make custom apps again. The OneLogin SAML toolkit cut a whole lot of their implementation time, as they could build on top of it, enabling them to get up and running very quickly as a result.
“We're using provisioning with Office 365, and it's working great. In fact I was surprised at how easy and efficiently that works. We are really pleased with the one-click install features with Office 365. For our faculty and staff Google Drive implementation, we're using provisioning out of the box through OneLogin. If they're in the right organizational unit (OU), it just happens,” explains Irvine.
“We’re always looking to reduce calls to the helpdesk, and one of the ways that we've done this is with OneLogin. We've been able to use the OneLogin APIs a great deal to make different self-service tools for our team, both users and technicians. This helps us serve people much more rapidly,” says Irvine. “To solve a user problem, such as password resets, our technicians previously would have to go through eight different systems with eight different screens to get the data they needed to help the user. Now they can go to one place and solve most of those questions.”
Results
One of the great value adds UMHB sees with OneLogin is that “...when you build an app for any customer that uses your product, that app's available to all your customers. As we've been in the product longer, and with more education customers using the product, it gets easier and easier to spin up new apps,” says Irvine.
UMHB finds the greatest business impact in using OneLogin is with single sign-on. “We want best of breed systems, however, there tends to be a disconnect when users are forced to maneuver through various systems with different usernames and passwords. My challenge to the IT team was to integrate these disparate systems in such a way that our users perceive them as one coherent system. OneLogin has been a critical component in meeting this objective,” says Brent Harris, Vice President for Information Technology at UMHB.
The university is now able to serve students, faculty, staff, and the community much better, because they don't have to remember a number of different usernames and passwords. If they get locked out of an app, they get locked out of all the apps, which increases security for the university.
“The exciting things are obviously the provisioning and the one-click apps. Those one-click apps are just awesome,” reflects Irvine. “When you need to launch a complicated app where you may have to share data back and forth between the service provider, and OneLogin has already done it, that's awesome. That's exciting stuff for nerds like us.”
“With Office 365, trying to spin up ADFS and the directory sync tool… it's just mind-numbingly painful. But with OneLogin’s one-click install, we were in and out, and done with the implementation in just a matter of minutes, eliminating the need to spin up virtual servers and so much more, because OneLogin has already done it for us,” says Irvine. “We've seen great things as a result of being partnered with OneLogin. The reason we're with OneLogin, and we'll stay with you, is because you have a whole lot of value-add on top of single sign-on.