Muhlenberg College Uses OneLogin Single Sign-On for Tactical, Strategic Wins
-
Pays
United States -
Secteur
Higher Education -
Site Web
muhlenberg.edu - Télécharger le PDF
Enjeux
New Apps Drive Need for SSO Solution
Strategically, Allan Chen, CIO for Muhlenberg College, had a desire to unify their authentication services under Security Assertion Markup Language (SAML) as much as possible, and recognized if he was to do that, a SaaS solution would be the best option for them. Beyond this, he knew that giving his students, faculty and staff a central SSO portal would be a great gain in efficiency and usability.
When faced with the need to roll out some new apps that wouldn’t work with Muhlenberg’s existing LDAP directory, Chen took that as the opportunity to find a true cloud-based IAM solution like he’d been envisioning.
Minimizing Manual Management
Instead of running several different directory services with manual management, Chen saw an Identity as a Service (IDaaS) solution as a much better option, both tactically and strategically. In an ideal scenario, each user account created would be automatically provisioned per the user profile for access to Google’s G Suite for productivity, and groupware applications, such as Samanage for IT management, Qualtrics for assessment and surveying, and Lynda.com for learning. OneLogin is also the portal for Canvas, Muhlenberg’s Learning Management System.
Time and Resource Constraints
The goal for G Suite specifically was to start offering it to students as they started their new academic year, leaving only a few months to get an SSO solution in place. Chen says, “A SaaS solution for SAML was very intriguing to me, because we did not have the staff resources to do that ourselves, and we could also spin up a SaaS solution a lot faster.” Muhlenberg’s approach to meeting the challenge was based on more than just immediate requirements. Chen says, “At Muhlenberg, due to our size and budget constraints, we really work hard to develop strong partnerships with companies as opposed to just paying invoices.”
OneLogin puts information at the fingertips of faculty, staff, and students, to let them focus on work rather than how to find things.
Solutions
As Chen looked at OneLogin, he found all the key functionalities his team identified for Muhlenberg College, including SSO portal capability with unified SAML, password management, and multifactor authentication. The capabilities, speed to deployment and partnership opportunity made OneLogin an ideal solution.
OneLogin IAM to Meet SSO and SAML Needs
Chen and his team originally learned about OneLogin as a result of their project to launch new help desk ticketing functionality with Samanage. The only way to authenticate with Samanage was via SAML, and OneLogin was one of just three vendors offering a built-in connector to Samanage for SSO. Samanage and OneLogin work closely to help ensure customer success and fast onboarding. He explains, “OneLogin is a system that we felt we could spin up very quickly and get rolling with our applications. We felt very comfortable with the efforts they made. From the beginning, OneLogin was eager to listen to our questions, discuss our specific needs in detail, and to explore and engage in the possibilities—that really spoke volumes about the company. We felt we could be better partners with OneLogin.”
More Powerful Role Management for IT without Hindering Users
Chen says SAML with OneLogin gives the college the possibility to handle roles, groups, and permissions in a more granular way than LDAP.
“Now we have a modern, current protocol for authentication with other systems. LDAP’s been around for a long time, it works, and most people do work with it, but it’s very, very simple. Now we have the ability to handle roles and groups and permissions with a modern protocol like SAML.”
Yet OneLogin also offers simplicity. A single SSO link from the web pages for faculty, staff, and students is now all that is needed to route users to an application portal for direct access to the Canvas learning management system, email, and other services, giving a better overall user experience.
Avantages
Shortly after deploying OneLogin, Muhlenberg College already had ten different applications using the SSO solution and access management capabilities of groups, rules, and roles. Chen also sees several other key benefits with OneLogin.
Fewer Password Resets Save Considerable Time and Hassle
Chen states, “As with any institution, a large percentage of the calls we get are about resetting passwords. So, password management was a really big deal and now saves our IT support staff considerable time and effort.”
He also adds, “OneLogin scales without a problem. There really isn’t a difference between having 20 users in a group versus just opening it up to the entire campus.”
Improved User Experience for Both IT and End Users
Chen and his team find OneLogin easy to use: “Even I am able to spin up a connector and get single sign-on working. That speaks to the ease of the product, that my infrastructure and networking person is comfortable with me digging around in OneLogin, as well as the agility that OneLogin gives us.”
He also reports that the students and staff understand how to use OneLogin: “We are now shifting towards OneLogin as our single, unified portal. People understand that there is this one place to go and they can get everything.” Further, once a user account is created, the ability to provision users into G Suite as well as other apps such as Samanage, Lynda.com and others has improved IT efficiency.
True Partnership that Offers Guidance for Future Authentication and Access Goals
“OneLogin meets our needs today, and helps guide us in the future. Besides SAML-compliant applications, we may also start using FERPArelated (Family Educational Rights and Privacy Act) apps, and we’ll be able to control access via OneLogin,” says Chen.
Chen sums it up by saying, “I think OneLogin is both a strategic and tactical asset. It helps guide our application strategy and it meets a tactical requirement to get necessary authentication and access work done right now as well.”