Serving diverse stakeholders with evolving needs
The University of Notre Dame is known for excellence in undergraduate education as well as innovative and collaborative research. The institution has a rich campus culture and a history rooted in the Catholic faith.
Notre Dame is home to more than 12,600 students from over 100 countries, and with nearly 50 international study programs, it is truly a global institution. The university also has 5,590 faculty and staff dedicated to fostering the development of its students.
Personalized classroom learning has always been a cornerstone of education at Notre Dame, which is why the institution maintains a 10:1 student to faculty ratio. However, some aspects of Notre Dame have scaled up—most notably, the technology its stakeholders use to study, teach, research, and collaborate.
“Our students live all over the world,” says Michele Decker, manager of Identity and Access Management. “Whether they’re in China, Australia, or here in our campus libraries, they all need access to the same resources in a timely manner.”
In the midst of a shifting technology landscape across the higher education sector, Notre Dame needed to provide a secure, seamless user experience to both prospective and current students, as well as faculty, staff, donors, and alumni. The university’s cloud infrastructure was growing, and operational efficiency as well as exposure to data breaches were becoming challenges within its legacy systems. The team knew they had an opportunity to modernize their approach to identity management.
“The technology we use has seen rapid growth, especially in the realm of cloud applications,” Decker says. “That was part of the driving force behind looking for an identity partner.”
Tackling a high maintenance on-premises framework
When Notre Dame began its journey toward modern identity and access management (IAM), the institution’s homegrown system dated back more than two decades. The university was running multiple open source technologies and adding components including Shibboleth for single sign-on, as well as supporting its own password management systems. Its IAM system was evolving faster than the resources required to oversee it properly.
“In total, our team alone was running over 200 servers,” says Derek Owens, Identity Architect and team lead of identity and access management. “We were spending all of our time in server development and administration, and keeping the maintenance of those servers in place.”
In addition to its legacy systems, Notre Dame had various LDAP integrations in place that continued to increase along with the demand for SAML protocol. These integrations were time consuming to administer and sometimes disjointed. The team needed to lighten its IT workload.
Security risks posed another challenge on top of the university’s operational issues. With their legacy IAM system, access to services was determined through multiple data sources and was often managed manually. Multiple stakeholder groups had access to a variety of programs including the institution’s G Suite email platform, Ellucian Banner ERP software, and Sakai learning management system.
“Our ERP system is our student information system and HR system. But then we have service accounts, shared accounts, and guest accounts—other types of accounts that aren't in the ERP,” Decker says.
Faculty from other universities had access to a shared file system via Notre Dame’s Center for Research Computing, and numerous organizations worldwide had access to its library collections. Access rules were based on each user’s status—student, faculty, or staff—as well as other classifications like department or university. In addition to serving various user groups, the institution had to monitor status changes such as student to alumni.
“The challenge was knowing in what context our users were ready to engage with us,” Decker says. “We needed more visibility.”
Notre Dame also had multi-factor authentication in place with Duo, but with a disjointed institutional IAM system, security and user experience had become a balancing act. The university needed identity, access, and authentication under one platform to protect its security and allow people to get their work done without IT becoming cumbersome.
Sights set on smarter business processes
Notre Dame needed a modernized and seamlessly integrated IAM system that could scale to meet stakeholders’ digital expectations as the world of higher education evolved. The university was seeking an identity partner that understood the unique challenges within higher education’s shifting, transient landscape.
“As the demand for cloud applications grew and our identity management framework became more complex, we decided to start looking at a service that could modernize and automate some of our workflows,” Decker says.
Okta for Education stood out to Notre Dame as the solution that could provide greater insight into the university’s daily activities, verify that users were who they said they were, and ensure users had access to only the resources they needed. Reducing the burden of account provisioning workloads was also a top priority. The institution needed a centralized user repository across all lifecycle stages, as well as real-time security reporting.
“Being able to see what is happening and when across our entire identity fabric is very important,” Owens says. “The systems we previously had were bolted together making it more difficult. Having a foundation we could build upon and having stronger insight were two reasons why we moved to Okta.”
As part of their digital strategy, Notre Dame’s team was looking for an identity partner that could provide trusted expertise and a solid foundation. They were impressed by Okta’s standing in leading industry analyst reports such as the Gartner Magic Quadrant.
A frictionless deployment
Notre Dame decided to purchase Okta’s Workforce Identity Products including Single Sign-On (SSO), Universal Directory, Adaptive Multi-Factor Authentication (MFA), Lifecycle Management, and API Access Management. The university had an ambitious six-month timeline for phase one of deployment. The institution worked with Okta to ensure the implementation of its solutions would be hassle-free for stakeholders.
The university wanted students, faculty, and staff to be able to keep their existing passwords when they switched from Shibboleth to Okta’s SSO service. To achieve this, Notre Dame wrote a login application that authenticated users through their existing active directory credentials. This was an ideal solution given that Okta’s SSO securely integrates with AD and LDAP across multiple domains in a flexible manner.
The institution also replaced Duo with Okta’s Adaptive MFA for students, faculty, and staff. Not only did adopting Okta’s security solution create a consolidated view of all their users, Okta also helped address Notre Dame’s unique situations when users are unable to complete authentication on their mobile phones. In one scenario, the school set up a kiosk where staff could call in to authenticate their identity.
“We enabled Okta Verify with Push, SMS, and Voice MFA,” Decker says. “We hope to take advantage of more of the functionality from Okta going forward. The behavior-based access is intriguing.”
The deployment also gave Notre Dame increased visibility into users’ activities. When the team switched on Okta, they realized people were logging in from more than 80 countries—insight they gained all within the first 10 minutes after go-live. With Okta’s Adaptive MFA, Notre Dame can now monitor and manage access by location.
“It was a surprise to all of us when we were looking at the stats, but it makes sense that our users are logging in from all over the world,” Decker says.
After some careful planning, it took Notre Dame two days to cut over to Okta’s SSO and Adaptive MFA. The team tackled the rollout over a weekend in late July to ensure everything would be up and running for the start of the new academic year.
“We got comments from the highest levels of the university complimenting us on what a non-event it was,” Decker says.
Limitless integrations and a delightful user experience
Notre Dame’s stakeholders now have confidence that their accounts are being handled securely. With Okta’s SSO, users now have more self-service options to manage their passwords. This has reduced the number of password reset tickets to the university’s IT team. The Okta Integration Network also enables the university to integrate seamlessly with more than 6,000 apps and 1,000 SAML gateways.
“When we managed our own IAM infrastructure, it would sometimes take weeks to complete SAML integrations,” Kirner says. “Often with Okta, new applications we’d like to add to our portfolio are already supported.”
Access management has also become smoother with Okta’s Adaptive MFA. Access is based on login context, and Notre Dame can deploy policies by group. The service offers support for a range of authentication factors, as well as robust reporting. The institution can now manage user identities at a greater scale, which is essential for any higher education institution.
“The idea is to focus our resources on items that bring value to the university. If I’m spending all my time running a Windows server, that doesn't bring value to the university,” Owens says. “With Okta, I can focus on the details of the data, the access, and the rules to help protect the university so everyone can get their work done.”
Another step Notre Dame took was to implement Okta’s API Access Management service for its cloud and custom apps. With data centralized and secured, the university can run these integrations with ease and is now free to focus on user experience. This means Notre Dame’s stakeholders can enjoy faster, smoother access to the apps they need for class or work.
In addition, provisioning and deprovisioning workflows have improved. With Okta’s Lifecycle Management service, Notre Dame has streamlined onboarding and offboarding with time-saving automation features. Lifecycle Management syncs the university’s user profiles between Okta and it’s third-party applications.
“Okta has allowed us to greatly reduce the amount of infrastructure we run to support our identity and access management services,” Kirner says. “The Okta team is responsive to our short-term needs and is a partner in our long-term vision.”
A new school year, a new approach to identity
With a new semester underway, the team at Notre Dame can get excited about the future. During phase two of deployment, scheduled in another six-month block, the university will migrate all remaining applications to Okta.
“We have a few use cases to handle right away. Our goal is to get everything under Okta management so we have more visibility into all of those access controls, and so we can grant and revoke access in a timely manner,” Decker says.
The start of the academic year is always a busy time for the IT Help Desk—a burden that has been lessened by giving the team the ability to view all user account information in Okta. This has empowered them to have greater insight into the issues they’re troubleshooting.
The next step is to dive into other areas of their tech stack, such as infrastructure, to see how they can extend access to those layers as well as potentially using Okta’s Advanced Server Access. Notre Dame has its sights set on a future where the process of onboarding students, faculty, and staff can be completed with ease on day one. The university wants employee access to services to be defined through standardized roles attached to position descriptions.
“We envision a future where leaders and managers in the organization can easily see what their teams have access to, and where access can be smoothly changed to accommodate staff transitions into new roles when they occur,” Kirner says.
The institution is already well on its way there. Even on the busy first day of school, everything was running so smoothly that Decker and Owens had time to chat with the Okta team and reflect on the project’s success. Their #1 request? Time for a nap.
About the University of Notre Dame
Founded in 1842, the University of Notre Dame is the nation’s leading Catholic research university, providing a distinctive voice in higher education that is at once rigorously intellectual, unapologetically moral in orientation, and firmly embracing of a service ethos. Rated among the top 15 of all U.S. institutions of higher learning, Notre Dame ranks second nationally in the percentage of students who study abroad and has seen research funding increase from $87 million to more than $200 million in the past decade. The University is organized into four undergraduate colleges — Arts and Letters, Science, Engineering, and the Mendoza College of Business — the School of Architecture, the Keough School of Global Affairs, the Law School and the Graduate School. It is located adjacent to the city of South Bend, Indiana, in a region with a population of more than 300,000, and is widely known for the beauty of its campus, including the Golden Dome of the Main Building, the world’s most recognized university landmark.