For Kingsborough Community College, Okta is an essential element in a multi-layered cybersecurity strategy

10,000

students, faculty, and staff logging into Okta to access their virtual desktops

Zero

downtime in 5+ years

"Whenever our sister CUNY schools ask for an SSO reference, we always recommend Okta—not only because of the solution, but because of the service level and the support."

Asif Hussain,

Assistant VP and CIO, Kingsborough Community College

A multi-layered cybersecurity strategy

Kingsborough Community College, one of 23 colleges in the City University of New York (CUNY) system, has earned recognition as one of the top five community colleges in the United States. The Kingsborough campus is a major presence in its Brooklyn-Manhattan Beach neighborhood, with 2,000 faculty and staff serving 10,000 traditional students, 5,500 continuing education students, and a large number of high school students getting a head start on their college courses.

The college is at the beginning of its cloud journey, with an IT infrastructure that remains primarily on-premises. As such, its cyber security strategy retains a traditional, perimeter-based focus with an evolving, multi-layered approach.

“The bad actors out there are getting more and more sophisticated,” says Asif Hussain, assistant VP and chief information officer. “It is necessary, especially in this pandemic time when everybody is remote, that we have as many layers as possible when it comes to security.”

For example, the team uses Palo Alto Network’s (PAN’s) application-based firewall, with PAN Wildfire for malware analysis. For endpoint protection, the team is running three solutions: Basic McAfee anti-virus software, PAN Traps, and CrowdStrike. “As we have seen recently, even security applications can become compromised,” says Hussain. “With a layered security approach, they can check on each other.”

Streamlining burdensome student processes

As the college began deploying cloud solutions a few years ago, Hussain’s team saw a need to add online identity and access management (IAM) to their toolkit. “We needed to manage software-as-a-service (SaaS) accounts for students, staff, and faculty,” he says. They were also concerned about removing access to those applications in a timely manner after staff members moved on or students graduated.

After evaluating their options, the team deployed Okta Authentication, Okta Authorization, and Okta User Management in 2015. “Okta presented a great solution that negated the need for us to create SaaS accounts ourselves, or for users to have to remember multiple usernames and passwords,” says Hussain.

Forms are a big part of any college experience, so Dynamic Forms was the first Okta-enabled cloud application that had a big impact. “You can create a flow and have a lot of information already filled in using your student information system through PeopleSoft,” says Hussain. The solution required SSO, so that students could log in easily to complete those forms.

“Okta helped us set that up, and today all our students, staff, and faculty use Dynamic Forms for many different things,” he says: “Grade change requests, tuition appeals, scholarship requests, leave requests, honors program enrollment—so many things. All the financial aid forms are now set up in Dynamic Forms, and all of them are linked to Okta.”

“It’s an amazing thing, as far as our students are concerned,” he says. “It’s made processes so easy for them.”

Today, students also use Okta to access Starfish, an early alert system to help them request advisor appointments, tutoring, and other services, and ExamSoft, which offers cloud-based exam administration.

Securing virtual desktops with MFA

In 2020, to accommodate the need for increased remote access, Kingsborough IT set up a virtual desktop infrastructure (VDI) solution from Citrix. With the VDI, users could access their applications from virtually any device. The team started out relying solely on Microsoft Active Directory (AD) for authentication into the VDI but ran into issues with student accounts.

While faculty and staff profiles were pretty easy to set up, student profiles were more challenging because of the way they had been created in AD. “The issue came about when CUNY Central started hosting student email services. We didn’t have a standardized naming taxonomy, so some services used a student’s email address and others used their full name,” says Marc Dacosta, a member of Kingsborough’s IT infrastructure team. “This split in user ID naming conventions happened when we had to come up with a solution for access to on-premises solutions.”

With Okta’s track record of providing IAM for cloud services at Kingsborough, it made sense to expand the college’s Okta implementation to the VDI solution. With Okta B2B Integration, the team could easily integrate disparate AD user profiles. “Today, we’re implementing Okta to unify and make student access a seamless process,” says Dacosta.

The team is also adding Okta Multi-Factor Authentication to the VDI implementation. “We’re looking at Okta now for another layer of security, on top of single sign-on,” says Hussain. He looks forward to taking advantage of Okta’s geo-fencing capabilities, which allow the team to set rules that force MFA when users try to log in from outside a specified geographic location.

“Okta provides us a layer of visibility, when it comes to people authenticating into our systems and applications,” he says.

Reliable identity that just works

easy for our students, staff, and faculty to access applications through the app without having to log in multiple times,” he says.

Overall, he says Okta has made life easier for Kingsborough’s entire user base, and reduced the burden on IT support staff “astronomically.”

“Once we get someone set up on Okta—in the right groups for access to software in the cloud—then basically their support issues for accessing those applications are resolved,” he says. “Onboarding is amazingly easy, as well as offboarding.”

From his on-the-ground perspective, Dacosta agrees. “Once an Okta-connected app is up and running and everything’s fine, you just let it run. You don’t have to do much. With all we have on our plate, we are thankful for that.”

When the team needs support from Okta, it’s there, says Hussain, and uptime is never a question. “In the five-plus years we have been with Okta, we haven’t had a single minute of downtime,” he says. “There has been no instance in which anything has not worked, when it comes to Okta.”

Hussain admires the system-wide resilience demonstrated by Okta’s record of reliability. “Whenever our sister CUNY schools ask for an SSO reference, we always recommend Okta—not only because of the solution, but because of the service level and the support.”

Moving forward with a multi-faceted solution

The Kingsborough team is increasingly focused on exploring additional Okta features and identifying areas where Okta can help streamline identity and access for their community. “We are currently looking into using Okta to access Office 365,” says Hussain.

The infrastructure team has been using Okta to manage and secure access to security cameras. “Internet of Things devices are compromised all the time, so putting those behind that extra MFA layer provides peace of mind,” says Dacosta. “It gives us one less thing that’s directly touching our AD or requires us to remember yet another set of credentials.”

They’re also looking at connecting the wireless printers around campus to an Okta authentication portal. Some student services, such as grades look-up and file-sharing, are already behind a web portal. “If Okta becomes the de facto standard through VDI, I could foresee it being implemented across the board,” says Dacosta.

It all goes back to the team’s layered cybersecurity strategy. “MFA is not a solution in itself,” says Hussain. “It’s part of a tool set that helps us prevent compromised accounts.”

He sees the many-faceted Okta Identity Cloud and Okta’s identity leadership as a key part of that strategy. “We have yet to scratch the surface of what Okta can provide.”

About Kingsborough Community College

Founded in 1963 as part of the City University of New York (CUNY), remains firmly committed to its mission of providing both liberal arts and career education, promoting student learning and development, and strengthening and serving its diverse community. Kingsborough has been named one of the leading community colleges in the United States by the Aspen Institute College Excellence Program and serves approximately 14,000 students in the bustling borough of Brooklyn.

Continue your Identity journey

Get hands on with the free trial today, or get in touch with our team to discuss your unique needs.