Industry: K-12
Solutions: RapidIdentity Lifecycle Management, Authentication, ShieldID, PhishID
Outcome: With RapidIdentity, Allen ISD experienced faster provisioning for new users, improved password management, robust risk mitigation, superior IT support, and an overall better user experience.
“We didn’t really hit a lot of snags … in part because the tool is so well-built.” —Nelson Orta, Allen ISD Director of Information Systems & Cybersecurity
The award-winning Allen Independent School District (ISD) in suburban Texas serves more than 21,000 students from pre-K through 12th grade. Allen ISD consists of an early childhood school, 16 elementary schools, three middle schools, one freshmen center, one high school, and a STEAM center with interactive learning opportunities.
To service students and staff more efficiently and effectively, the new IT leadership at Allen ISD knew they needed a modern identity management solution. They specifically sought a cloud-based solution to save time and enhance security. The features they needed from a modern IAM system included enabling granular access by location, role and other attributes, a personalized SSO portal experience, staff-friendly multi-factor authentication (MFA) security, and enhanced security and mitigation capabilities to block malicious access attempts.
CHALLENGE
The district previously relied on an outdated portal with limited functionality. The portal required manual maintenance and only offered nightly syncing. Those once-a-day syncs led to unnecessary delays for new users receiving their login credentials and existing users obtaining access to applications. “There’s just less overhead within the IT department [with a hosted solution],” said Nelson Orta, Allen ISD’s Executive Director of Information Technology. “In public education, we’re always challenged with all the tasks that we have, the number of people we serve and the resources available.”
The lack of an automated account claim process was especially problematic, leaving new hires without immediate access to their email accounts or necessary resources. Instead, the district’s IT team routinely had to manually batch the creation of new hire accounts in the summer. “There were constant complaints—understandably so,” Orta said. “Account creation was super slow and super late … Onboarding new staff was a massive pain point previously. Now, I don't hear about it at all.”
Their previous solution did not offer granular access management. For example, they could not provide users access by specific campus, level, or title. That made their existing groups less granular, disorganized, and harder to manage. In their new system, they sought more individualized targeting capabilities, such as grouping special education teachers separately from career and technical education (CTE) teachers.
The desire to improve the user experience was another reason Allen ISD decided to replace its previous portal. “The usability of the old portal was nowhere near [RapidIdentity],” Orta said. “It was just a static deal.” Not only did it appear outdated, but it was also missing some of the modern-day functionality people expect from online platforms—such as seeing their recently accessed applications and using drag-and-drop to move application icons or files. “From a beauty standpoint, RapidIdentity is clean and sleek,” said Myles Perry, Director of Information Systems & Cybersecurity. “I can easily configure user access, organize the tiles, and specify the order I want icons to be in.”
Allen ISD also needed Security Assertion Markup Language (SAML) functionality to allow users to easily and securely access applications such as Google, Microsoft, Office 365, Canvas, Google Classroom, Canva, DreamBox Learning, SharePoint, and more. Furthermore, they wanted a solution that allowed them to add a layer of MFA (multi-factor authentication) for all staff members—especially given the rising cybersecurity threats facing K-12 education.
Orta and Perry were thoughtful and intentional about finding a new solution. “As much as people weren’t necessarily attached to the old portal, they were attached to the idea of a portal. Change can be hard. However, leveraging the fact that there was already a culture of having a centralized portal to access applications was something we saw as an opportunity to proceed with modernizing the solution from both the user experience standpoint on the front-end, and the technical staff on the back end as it related to the identity management, configuration and maintenance, always with a focus on Quality of Life improvements for the user base,” Orta said. “We knew this was going to be very beneficial for all users, and it has been.” They knew they would have to be transparent with principals and staff members about whichever new solution they adopted. Fortunately, they turned to RapidIdentity, which quickly demonstrated value to all Allen ISD’s users—from teachers and kindergarteners to cafeteria workers and CFO.
SOLUTION
Transitioning to RapidIdentity was a smooth experience for Allen ISD. “We didn’t really hit a lot of snags that we could not support or fix internally and, thus, we did not really need a ton of [support],” Orta said. “In part because [Perry] is very well versed on how an ideal identity management flow should work without compromising security, and partly because the tool is so well-built and easy to manage.” The IT team immediately enjoyed the flexibility and robust functionality of RapidIdentity.
Allen ISD implemented these RapidIdentity solutions:
- Lifecycle Management automatically pulls data from the district’s SIS and HR systems to create and manage student, teachers, staff, and sponsored accounts and seamlessly keep downstream systems like Active Directory, Azure, and Google accurate and up to date.
- Authentication offers a persona-based SSO portal experience and secure authentication through kid-friendly pictographs and QR codes, as well as a variety of secure processes for staff, including an extremely easy setup of multi-factor authentication.
- ShieldID enables Allen ISD to mitigate security risks based on specific parameters.
Unlike the nightly synching of the old portal, RapidIdentity worked much more efficiently. “No more waiting until the summer or later when we run a batch of new hires,” Orta said. “Now, it’s running every 55 minutes.” New staff members or newly-enrolled students now receive an automated email within the hour advising them that their new account has been created. They can then create their password and quickly receive the access they need.
Role-based access control was also a challenge before RapidIdentity Cloud was implemented. “The security groups were a hot mess. It was pretty much impossible [to target] a specific campus or specific level,” Orta said. “[RapidIdentity] just gives you a lot of options.” Orta and Perry met with their HR and finance departments to determine the most effective way to create accounts moving forward. By collaborating across departments, they could better target access based on job titles. “Everything that people do in school districts or any large education organization requires providing access to stuff so people can do what they need to do,” Orta said. “You’re really managing the way talent accesses what they need.”
The user experience was another welcome benefit of RapidIdentity. Not only did it look better, but it offered easy application integration from the old portal. Users were immediately able to access the same applications they could before the transition. By the time the RapidIdentity portal launched at Allen ISD, the IT team had already pre-built the solution with the application tiles that are critical to each user’s role. Student access was also made easier with RapidIdentity. The district deployed easy-to-use pictograph authentication for its youngest users, removing the need for young children to remember traditional passwords—or to require their teachers to spend time resetting them when they are forgotten.
RapidIdentity is not just an Identity Access Management platform—it also comes with second-to-none information security solutions. Identity Automation also provides Allen ISD with advanced firewalls and geofencing to protect against bot networks, DDoS, brute force, and account takeover attacks. Allen ISD uses a variety of MFA options to protect the credentials of all of its users—from teachers to groundskeepers and cafeteria workers. In addition, Allen ISD is in the process of piloting RapidIdentity PhishID, a browser-based phishing prevention tool that uses sophisticated AI-powered computer vision to detect and block credential harvesting attempts. “The reality of it is K-12 environments are the number one target for threat actors. There’s multiple reasons for that: a lot of data that we protect is very valuable, including personal student data and financial data; funding challenges; and, lots of legacy systems that need to be focal points for upgrading”. ” Orta said, “For these reasons, threat actors around the world are targeting us.”
Additionally, the Allen ISD team appreciates the 24/7 emergency support they receive from Identity Automation.
RESULTS
Since deploying RapidIdentity in 2021, Allen ISD has seen significant improvements in its user experience and overall security posture. Orta said the district benefits from the “full menu of identity management” solutions available with RapidIdentity.
- Faster new user provisioning: New account creation is handled by RapidIdentity’s time-saving automation. Now, new teacher or staff accounts are provisioned within the hour. By collaborating with HR and finance on new hires, the Allen ISD IT team is also able to provide individualized access and security based on role. The district has also automated substitute teacher provisioning, providing the substitute access to the teachers’ materials, allowing them to seamlessly continue with their lessons.
- Improved password management: With pictograph authentication, the district’s youngest students aren’t expected to remember passwords. This also saves time resetting passwords when students inevitably forget them. Other users—including new teachers and staff members—are able to quickly set up their new account password with timely instructions from an automated email.
- Superior support: The district receives timely responses from Identity Automation for requests. For example, Orta was able to submit a support case to an Identity Automation engineer at 6 p.m. on a Friday evening when he had a security concern. “The engineer understood the urgency of our security concern, and they were very quick to respond,” Orta said. Unlike other companies in the IT industry, Identity Automation tailors their support to the needs of K-12 education.
- Robust risk mitigation: Shield ID provides quick remediation and protection against account takeover attacks and other security issues that may arise. Orta describes Shield ID as a “no-brainer.” He said, “We cannot be without it.”
- Better user experience: From students to teachers, and non-instructional staff, everyone at Allen ISD enjoys using RapidIdentity. “It’s rinse and repeat. I’ve found that RapidIdentity is super easy to use”, Perry said.
Allen ISD looks forward to continuing to rely on RapidIdentity for its identity and access management needs and contributing to the regular product enhancements to meet the changing needs of the district and the PK-12 market. “I find [RapidIdentity] to be super easy to use. If you have a little programming experience—you don't have to be a Jedi by any means—you can find new uses for it almost every day.” —Myles Perry, Allen ISD Director of Information Systems & Cybersecurity
