IT departments at K-12 districts, colleges, and universities have a challenge: keeping students secure while also making it easy for them to use school apps and resources to register, pay, sign up for classes, etc. Of course, it’s not just students. The same is true for staff, alumni, and external users.
But we’re talking about two often competing directives. Because security requires that people use secure passwords for their many applications, but remembering all those passwords makes life hard for users. In fact, an academic study showed that 72 percent of people have trouble remembering their passwords. That's why 70 percent of people reuse passwords, which obviously isn’t great for security.
What other methods do people use to deal with passwords? They:
Or they simply forget the password and request a reset. Over and over again, adding up to lost time and money as your IT staff spends hours and hours just resetting user passwords.
The cost of password resets adds up. A single password reset can cost up to $70. Forrester found that large organizations spend up to $1 million each year in staffing and infrastructure expenses to handle password resets.
And there is. It’s called single sign-on, SSO.
SSO is as close as you can get to ridding yourself of passwords altogether. With SSO, instead of using separate passwords for each application, students use just one password to access all of their school apps and resources.
SSO uses SAML (Security Assertion Markup Language) authentication to enable students, staff, and alumni to log in just once, with one password. That means:
Users have a much easier time remembering one (even complex) password than many passwords. Of course, it’s still important to have good requirements and it’s important that you prompt users to change their password regularly.
Getting down to one password per user can save your helpdesk a ton of time. But students, and especially occasional users like parents or alumni, will still forget that single password. The beauty of single sign-on is that, when they do forget it, your help desk staff doesn’t have to be the middle guy in password resets.
With cloud-based SSO, users can reset their passwords by themselves.
OneLogin single sign-on provides access to all the apps a student needs through a single portal the user logs into via a single password. OneLogin includes a Cloud Directory that acts as your secure directory. It has an intuitive web-based interface that allows you to manage users, authentication policies, etc.
OneLogin is easy to plug into complex directory infrastructures with multiple forests and domains via its Active Directory (AD) and LDAP connectors. And the real-time user synchronization means that when users are created, updated, or disabled in Active Directory, the changes are instantly pushed to OneLogin, which in turn will propagate user updates into the respective cloud apps.
With OneLogin, you define password policies with specific requirements and reset times. If a user’s password expires in AD, they’re prompted to change the password the next time they log into OneLogin. They can also reset their password at any time—including when they forget it.
When a user changes their password via OneLogin, it keeps the password synchronized with AD and any cloud applications where password provisioning is active. OneLogin SSO takes you out of the password reset equation. Students and staff can manage their own passwords while still being required to comply with your password rules. And you can even add multi-factor authentication and risk-based authentication to further secure and streamline user authentication.
With OneLogin SSO, you can balance those two competing directives: keep students and staff secure while also keeping them happy by giving them an exceptionally easy user experience.
Contact us to learn more about OneLogin.
Learn how single sign-on can make your organization more secure while also improving the user experience.Read More
Find out what you can do to create a culture of cybersecurity in your organization.Read More
Infographic showing results of a recent survey of over 300 IT professionals.See it