UTS: Solving ID management with a UX focus
help desk calls in first day of the Okta rollout to over 40,000 students
internal and external users, enrolled across 3 Okta tenancies, one Workforce and two CIAM.
multi-factor types enabled, key ones being SMS and Okta Verify
- Modernising identity management with a UX focus
- Getting the design priorities right
- Prioritised rollout phases see onboarding of 200 apps
- Design and readiness for easy adoption
- Leveraging Okta for future growth
As one of Australia’s most respected and innovative tertiary institutions, the University of Technology, Sydney (UTS), was dealing with independently operating faculties and the multi-tiered access policies faced by 326,000 users - particularly as the applications they rely on shift from on premise to cloud.
With the access needs of students and staff prioritised, UTS sought a single, independent technology to create an efficient hub and spoke architecture for a modernised identity platform.
Okta’s MFA led SSO provides access to all UTS supported apps via the mature security control of a centralised portal.
The 26-week project took a phased approach for rolling out this multi-tenancy platform. Initially, 30 “crown jewel” apps were onboarded to the Okta portal, with all apps prioritised for MFA integration for Admins. A total of 200 apps are to be managed and accessed via the secure efficiencies of Okta.
UTS credits Okta with being a market leader in dedicating roles to customer success. And Okta’s Professional Services’ experience, collaborating on other tertiary institution modernisation strategies, was invaluable to the analysis of UTS’ challenge.
UTS had created a new business line selling micro credentials and provided new business offerings that will be customer based and not require traditional enrollments. This new business line required a new CIAM design to be implemented to manage the B2B and B2C aspects of these new products and offerings. Okta’s CSM is helping UTS efficiently orchestrate the change while capitalising on existing technology investments.
What got Okta over the line at UTS was its independence across a number of technologies, ease of deployment and use for multi-SaaS tenancies, compared to the competition. That and being 100% cloud based means it fully supports a modern environment and supports the legacy environments at the same time.
Rowland Harvey, Enterprise Architect at University of Technology Sydney - Identity Management and Digital Strategy
Typical of the tertiary education sector’s business structures, the University of Technology Sydney (UTS) has independently operating faculties, with their own apps and a number of different sign on systems. Individuals may have multiple roles - for example, a student can also be a staff member and a researcher, which adds another layer of complexity.
From a technology perspective, the University had been running various legacy and cloud identity management platforms, and was very much an on premise organisation. “While users had single password access, they had to login with one credential, then follow on into the next proprietary app needing either an email address or a staff number, and the same password. The applications were not all captured in an holistic portal that made it easy for Staff and Students to find the Apps and services they needed quickly. The Okta portal fixes this with a great user experience” explains Rowland Harvey, Enterprise Architect at University of Technology Sydney - Identity Management and Digital Strategy.
To stay agile and manage the proliferation of new SaaS applications that the business demanded, as well as growth in numbers, the University needed a more holistic solution.
Reducing risk by putting users first and shifting mindsets
The commitment had been made to focus on data and de-duplication, rather than identity management and controlling access and authorisation. Rowland’s expertise proved useful in finding the right identity and access layer product for both workforce and Customer identities to turn that around and focus on design for the user.
As with any large organization, buy-in for new concepts, especially those that affected existing architecture, needed to be weighed out carefully. For UTS, the proliferation of tools that faculties, staff and students use, such as Office 365 and other SaaS Apps, changes everything. Such tools are all cloud services, and no longer fit into the old security model of requiring VPNs or a proprietary model based on IDPs offered by other large SaaS vendors.
“What got Okta over the line at UTS was its independence across a number of technologies, ease of deployment and use for multi-SaaS tenancies, compared to the competition. That and being 100% cloud based means it fully supports a modern environment, and supports the legacy environments at the same time,” shares Rowland.
Bringing added value to the table
For UTS, Okta’s Workforce is impeccable. “It’s our portal to all our applications. The MFA and SSO components are so adaptable to our needs. Okta supports the best user experience for providing access and is simple to use and set up with single clicks to get into an App. Our frictionless sign on strategy with Okta is essential for user experience and mitigating risk to our key Crown Jewel applications,” says Rowland.
He further adds that the strategy of moving from a proprietary, on premise LDAP to Okta’s cloud UD will cut complexity. “It’s a far better integration point for most of our strategic platforms. We’ve gained independence with a hub and spoke design that supports ease of management and standard patterns for onboarding. Okta brings so much more to the table and our life is so much easier.”
Kick off to roll out in just six months
The 26-week project took a three phase approach: foundation build, configuration delivery and application onboarding. Success rested on the collaboration between the Okta and UTS teams for the critical planning stage, which included architecture and design workshops, solution design documentation, policy definition, setting up the MFA and sign on policies, and selecting a wide blend of pilot applications.
“We went full steam ahead to get the foundation done in six weeks. We then designed the user groups, standards and guidelines for integrations and used an agile and iterative approach to onboarding batches of apps into Okta for staff, students, Alumni and external users,” Rowland says.
Within the original project, 30 “crown jewel” apps were onboarded to the Okta portal, all prioritised for MFA integration. In subsequent integrations, a total of 200 apps are to be managed and accessed via the secure efficiencies of Okta.
Seamless adoption reflecting design quality
Easy adoption by users at each rollout phase was a direct reflection of the quality of the UTS/Okta architecture design, communications program and readiness management.
Critical to the success of the implementation is the user experience, and Rowland verified the numbers. “80% of users told us they preferred SMS for MFA authentications. So having listened, we designed for them. As a result, on the first day of enrolling 40,000 students into high touch apps using the new MFA, we only had 47 calls for help.”
Covering all user abilities and competencies via strong collaboration
Universities have many users who are sight or hearing impaired. UTS adheres strictly to the international Web Content Accessibility Guidelines (WCAG) that set a single shared standard for making web content accessible for people with disabilities. Okta tested its WCAG Accessibility protocols and updated 33 defects to ensure the UTS sign in widget met all requirements identified by the UTS team.
The value of Okta’s Professional Services was highlighted during the intensive design and deployment phase. The Okta team compared the data points collated from UTS with their experiences working on other tertiary institution modernisation strategies. And during cut overs, UTS called on Okta’s Support team to temporarily override rate limits and halt alerts, to cater for the short term flood of user numbers.
Accreditation had a huge impact on the UTS team. “We used our credits to the max so a number of support and administrative people could do the training on our specific configuration which includes Okta OAG. The knowledge transfer invigorated them. It means we can respond quickly and confidently to the needs of our users and systems,” he says.
On an ongoing basis, Rowland sees the CSM as a great function, serving a vastly different experience as compared to speaking to a Support Engineer who logs tickets. Okta is a leader in customer success, especially in Australia.
“Having a dedicated CSM is a major advantage. He knows the telemetry around the behaviour of our setup, can accurately assess how adoption is taking place and all that feeds into our ongoing policy and integration design,” Rowland says. “Importantly, he is also in tune with us, what we need to keep getting value from the project and how to leverage what we have for the future.”
Leaving governance vulnerabilities behind with optimised ID management
“Okta is completely independent and optimised for the spectrum of cloud offerings. That makes for easy onboarding of multiple apps from different sources. We now have a consolidated dashboard view, based on access. So operationally, we will soon be in the position to not have to maintain separate logins,” says Rowland.
“Plus, we have that layer of security which has become mandatory since the arrival of COVID and the shift to remote working - UTS is protected by Okta from the risk of targeted and spray attacks.”
As staff moved home to work, they could only gain access to their apps via the UTS VPN.
“With the move to Okta OAG for our Key HR and Finance Application, the reliance on the VPN diminished, and with it, the source of complaints about the user login journey,” shares Rowland.
Okta’s LCM provides a centralised, current view of what licences are being used and by whom, with almost pinpoint accuracy. “Because we’re only paying for active, allocated licences, Okta uncovers savings immediately,” Rowland explains.
“We are no longer locked behind our firewalls for a number of new services as well, which now opens us to wider opportunities in a more secure way,” he adds.
Leveraging Okta for future growth
With identity management improved and deployed successfully to Staff and Students, UTS is looking to leverage Okta for more workloads such as Okta Advanced Server Access (ASA) and B2B integration to the UTS College and enterprise clients. Okta’s CSM is helping UTS efficiently orchestrate the change while capitalising on existing ITC investments.
Business Situation
As one of Australia’s most respected and innovative tertiary institutions, the University of Technology, Sydney (UTS), was dealing with independently operating faculties and the multi-tiered access policies faced by 326,000 users - particularly as the applications they rely on shift from on premise to cloud.
Solution
In selecting Okta, the University was putting the user experience front and centre. Being 100% cloud based, Okta supports modern environments. And compared to the competition, it delivers ease of use and deployment for multi-tenancies.