Higher Education’s Unique Identity and Access Management Challenges, Part 2
Previously in our two-part series on the identity and access challenges unique to higher education, we discussed users with multiple roles, the increasing use of technology in the classroom, and limited budget and manpower. As you may already have guessed, these challenges are just the beginning. Here, we’ll talk about three more challenges you’re likely familiar with, particularly if you’re using identity and access management (IAM) systems built for commercial or corporate environments. These struggles may seem inevitable, but they don’t have to be. Take a look at the list and ask yourself how many apply to you.
1. Provisioning/deprovisioning at scale
If you’ve been at your higher-education job for even a few months, you’ve probably already lived through at least one mass provisioning (or deprovisioning) event. The cycle of enrollment and graduation means that higher-education IT departments must deal with thousands of new users being onboarded and thousands of former users being offboarded periodically throughout the year. Turnover isn’t a constant trickle—it’s seasonal storms.
The problem with these seasonal storms is that riding them out with IAM systems designed for commercial environments takes valuable time away from your more strategic IT initiatives. Using manual workflows and workarounds to provision accounts, authenticate identities, authorize access, create passwords, and eventually deprovision those accounts can suck up a good 20 percent to 40 percent of your staff’s time.
The right IAM system can shelter you from these seasonal storms by automating and streamlining the onboarding and offboarding process through features such as self-service account-claiming. This allows you and your staff to spend less time manually creating and managing accounts and handling help-desk tickets and more time on long-term IT initiatives to benefit the growth of your school. Compliance also benefits from automation, thanks to the reduced risk of human error.
2. IAM for contingent and external users
More than ever, higher education is relying on contingent workers and external partners or other nontraditional staff to fill in workforce gaps. This employment strategy may work well for the school’s finances, but creates difficulties for you and your staff, as the nature of contingent workers’ employment creates complexities around provisioning, access decisions, recertification, and deprovisioning.
Your staff is already dealing with the heavy workload of student and regular-staff IAM. Now here comes a flood of contingent and external workers. Typically, these workers aren’t entered into the same centralized, authoritative information system of record for employees. Instead, without a way to automate this process, you often need to manually provision, manage, and deprovision their accounts, making sure to give them appropriate systems, application, network, and building access—no small feat when contingent workers are often hired by different entities or through processes different from those used for traditional workers.
Modern IAM solutions address this challenge by becoming the central, authoritative source for external and contingent users, allowing you to easily manage and automate the access and permissions of users outside the standard employment model at your school. No more manual workarounds. In fact, best-in-class IAM systems, like RapidIdentity, offer a sponsorship feature, which delegates account creation from IT to the department heads or other authorities doing the hiring. By using predefined roles, account access to different applications can be granted in compliance with preset, organization-wide policy.
3. Ad-hoc workflows and requests
Visiting professors and students require network and access privileges while at your school, but, of course, at levels different from those of your school’s own faculty and students. More often than not, that means the burden falls to you and your staff to create and manage new types of user accounts and IDs—often on the fly, as you may not be warned of the new arrivals until the last minute.
Though you may be used to dealing with these requests via paper forms, email chains, and in-person account requests, doing so is cumbersome and time-consuming. You and your employees have enough work on your plates without having to provide and revoke custom network, application, and building access to hundreds or thousands of campus visitors every semester. Delays, errors, and potential compliance and security vulnerabilities are all but inevitable.
A best-of-breed IAM solution can solve this problem through automated, policy-driven workflows for user account creation, no matter what type of user account is required.
Investing in a solid IAM system can, in fact, reclaim hundreds of man-hours for your department to spend on more worthwhile projects. Are you ready to see what an IAM solution designed with higher education in mind can do for you?
Share this post: