University replaces patchwork access with unified control

Benefits

• Eliminated 1.5-2 hours of daily manual access tasks
• Centralized access across ~70,000 total accounts
• Enabled consistent MFA enforcement across all major applications
• Improved efficiency of security investigations through a single authentication layer

The Story

Before OneLogin, identity and access security at Point Loma Nazarene University was held together by a set of custom-built systems that required constant attention from the IT team.

The university began exploring centralized authentication through Auth0, which helped introduce the idea of single sign-on (SSO) internally. But as Joe Alcorn, Director of Systems and DevOps at Point Loma Nazarene University, explains, it was never built for the scale or structure of an enterprise university environment. Only a small number of applications were integrated, and critical gaps lingered – especially around multi-factor authentication (MFA).

“That was the big missing piece,” Alcorn said. Without built-in MFA support across systems like Google Workspace, the university couldn’t extend consistent security controls across its environment.

The biggest operational burden, however, was password management.

Reining in sprawling user accounts

“Password management across multiple platforms was a nightmare,” Alcorn said. The IT team relied on homegrown synchronization between Active Directory, Google Workspace and Canvas. The integration between these systems was fragile – easy to break and time-consuming to repair. Every update risked pulling the systems out of sync. And in an education environment, updates are constant, requiring Alcorn to spend one to two hours each day one to two hours each day on manual deprovisioning and provisioning processes.

As the university grew, so did its complexity. Point Loma needed to support not only student and staff accounts, but also alumni access and parent accounts tied to student records. These “third-party” accounts added an entirely new layer of identity management challenges, especially around governance and controlled access to sensitive data like grades and billing. There was no simple way to manage these identities consistently across systems without increasing risk or workload.

Simplifying the chaos with a single point of entry

In 2017, the university implemented OneLogin with a clear goal: Replace fragmented authentication and eliminate the need for custom synchronization between systems.

OneLogin replaced the need for fragile synchronization that required constant manual correction, and the university gained a single-entry point for authentication and access management.

“It just worked,” Alcorn said.

As additional applications were brought into OneLogin, MFA became consistently enforced across the university’s major platforms. Identity lifecycle processes were also simplified as integrations evolved – connecting OneLogin with Workday to support more automated provisioning and deprovisioning workflows that included third-party parent accounts.

From 360 hours of annual, manual tasks to 360-degree visibility and control

The operational impact was immediate. What previously required hours of daily, manual effort, especially around onboarding and offboarding users, became automated.

Beyond efficiency, the biggest shift came in security operations. Instead of investigating authentication activity across multiple disconnected systems, the IT team now had a single place to look.

“Where we're really seeing the benefit is when we have to do security investigations,” Alcorn said. “We're looking at one point of authentication that we have to investigate instead of hopping into five different apps to try to figure out what’s going on.”

The Point Loma team successfully traded in 360 hours of annual, manual tasks for 360-degree visibility and control. What was once fragmented and manual is now centralized, automated and visible through a single identity layer.