By Megan Anderson Posted December 14, 2019
The IT staff at educational institutions see the need for implementing cutting-edge technologies, but work on a razor-thin budget. Paradoxically, that often means that the identity and access management (IAM) infrastructure at schools and universities exists somewhere between innovative and outdated.
For instance, educational institutions would ideally be able to grant their users — both students and staff — one identity per person. This identity would work campus-wide, as well as for any third-party solutions the institution requires.
However, most single sign-on (SSO) solutions are outside the budget. As such, IT admins of educational institutions usually settle on less-than-ideal arrangements to compensate. The options for schools might seem limited, but let’s evaluate the solutions.
Single Sign-On Compromises
When it comes to identity and access management (IAM), many educational institutions are stuck in one of three less-than-desirable scenarios:
- Relying completely on a legacy system such as Microsoft® Active Directory® (AD) or OpenLDAP
- Relying on G SuiteTM or Office 365TM as their sole identity provider (IdP)
- Effectively going unmanaged — users simply log in to each IT resource separately
Unfortunately, each of these approaches comes with its own challenges.
The Cost of Active Directory and OpenLDAP
Both AD and OpenLDAP require dedicated servers on-prem, which need to be maintained. Any IT admin responsible for these servers knows how pricey they can be. Plus, in order to run AD, you need to renew the Windows® license. Additionally, if you haven’t upgraded your AD server since 2008, you’re going to need to buy a new one.
Moreover, AD does not extend its identities to non-Windows cloud applications. This forces users to have multiple credentials that need to be managed separately, leading to inefficiencies in workflow for both the end user and the IT department. Also, if staff are able to bring in their own devices, there’s no guarantee they will all be Windows machines, meaning that those with Mac® or Linux® machines will require many workarounds to manage.
This is especially important to note as Mac machines (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Megan Anderson. Read the original post at: https://jumpcloud.com/blog/single-sign-on-solutions-for-education/