Identity Automation's Identity and Access Management Blog

Stay up to date with all of the latest news and events.

Signs It's Time to Modernize Your Identity Management Software

Auto Provisioning for Users with Multiple Roles

 

auto-provisioning-for-users-with-multiple-roles.jpg

Are you using an identity and access management (IAM) solution designed for the enterprise to manage user identities and access privileges at your community college or university? If so, then you’ve likely already run into some serious difficulties—and if you haven’t yet, it’s only a matter of time. An increasingly complex IT environment and growing number of users that require access to systems and data have made user identity and permissions management more challenging than ever, particularly in higher-education institutions.

As complicated as IAM is in commercial environments, where single accounts for individual users are the norm, it’s even more of a tangle at universities and community colleges where users often have multiple roles. Of the nearly 80 percent of students who also work, some are also employed by their schools, making them both students and staff members. Meanwhile, some professors do double duty as students pursuing advanced or additional degrees. Additionally, a number of professors, staff, and graduate students are also alumni. Each of these roles requires you to enable access to different systems.

Many legacy identity management tools fail to recognize that multiple ID numbers (employee and student, for example) may be assigned to a single user. Instead, these legacy solutions treat these unique IDs as different users, resulting in users having to manage multiple credentials in both Active Directory and downstream systems and you having to provision and manage all those credentials.


The Challenges of Multiple Accounts

From the perspective of your users, having multiple accounts can quickly become a burden. Instead of remembering and managing a single set of credentials for all their on-campus activities, users must remember two or more credentials and may even have to use two separate accounts for some of the same downstream applications, such as email. This poor user experience impacts you and your team in the form of complaints and increased support calls about password resets and other login issues. Multiple accounts also lead to data-synchronization issues, such as student or staff accounts getting incorrect permissions, creating confusion and further burdening your help desk staff. All that adds up to a heavy burden on you.

Does your current identity and access management solution require you to create more than one directory account for a single user? Can your IAM platform manage multiple user roles for an individual? Or, are you and your team struggling with the limitations (and the help desk consequences) of a patchwork of legacy identity management technology, point solutions, and scripts developed in-house and on the fly?


A Better Way

The struggles you deal with may seem inevitable, but today, users’ multiple accounts shouldn’t have to be your burden just because your current IAM solution isn’t equipped to handle them. Modern IAM products with functionality purpose-built for the unique challenges of higher-education institutions, like yours, do exist. Such IAM systems can recognize multiple roles per individual user, using multi-attribute matching and validation to discover whether or not a predetermined number of attributes attached to a particular ID—email address, phone number, home address, school address, and date of birth, for instance—match, and either automatically merge-matching accounts or flag them for you to consider merging, depending on pre-established business rules.

One account for multiple roles—it’s easier on the user and far easier on your help desk staff. Institutions like Houston Community College have already made the switch to a single ID for each of its students, faculty, and staff, including those with multiple roles.

Given how commonplace multiple roles are in higher-education settings, there’s no reason for you to treat them as an exception to the norm that requires custom scripts, workarounds, and hours of manual provisioning. A modern IAM system doesn’t just deliver a better end-user experience. It also reduces the burden on your help desk and even minimizes the chance of human error during the provisioning and deprovisioning processes, thus cutting the chances of a disastrous breach later on down the line. With the right IAM solution, you can “set it and forget it,” knowing things are working as they should.

play-video.png Watch This Video to Learn How IAM Solutions Provision and Manage Users with  Multiple Roles»