In this article, we are sharing from our experience working on IAM with over 100 Universities, Colleges, and University systems ranging from community colleges to prestigious liberal arts institutions, to top 10 R1 research universities, but more specifically we are focusing on three use cases from specific Higher Education Institutions to support our hypothesis that IAM is key to transformational improvement to the digital campus experience. We are also hoping to raise awareness of how IAM has a strategic role and impact in Higher Education, and how establishing an IAM program can influence continuous transformational improvements to the digital experience.
What is Identity and Access Management (IAM), and how does it affect Higher Education?
To paraphrase Gartner, IAM is about giving the right people the right access to the right things at the right time. How is this possible with a technology platform alone? The answer is that it isn’t. A proper IAM program acknowledges that there are also people, policies, and business process behind the data that drives IAM. It is extremely important that IAM and the business that drives it become aligned, as without alignment, IAM will eventually fail to support the institutional needs and the business of education as a whole. In essence, IAM is not just plumbing. IAM isn’t simply just a piece of technology middleware.
Change seems to be a constant in Higher Education. Especially recently. The graphic here is from the 2024 EDUCAUSE Top 10. (a highly recommended read). It talks about what is referred to as Institutional Resilience. The concept describes 10 influencing factors or circumstances that Higher Education Institutions are anticipating and/or responding to, in order to minimize or control resulting consequences. I can personally say from experience with dozens of institutions this year that many of these are seriously affecting the way Higher Education is conducting business. These institutional resilience initiatives are also, more specifically, affecting the technologies we use to provide the identities and access required to teach, learn, conduct research, and provide care.
For example, many higher education institutions are experiencing issues with the perceived value of traditional academics, changing demographics, and user expectations of the digital experience that are resulting in shrinking enrollment that is compounded by fierce competition and decreased funding. Societal changes like the expanded use of hybrid/remote learning and work are increasing demand for an internet native perspective on the user experience as well. There are also capital and regulatory stresses forcing institutions to adopt complex solutions to satisfy requirements from cyber insurance providers and privacy regulations. Schools are responding to this in a number of ways, and many of these institutional resilience initiatives intersect with, depend on, or are influenced by IAM.
Responses to these changes in the higher education landscape and achieving institutional readiness and resilience are usually predicated on utilizing technology to solve these problems and are placing an increasing burden on IT to adapt and support the organization’s needs with more complex technologies. Some common resilience initiatives include the following:
- ERP modernization initiatives to support more complex business practices and greater flexibility.
- Removing barriers and obstacles from and streamlining student recruitment and admissions as well as establishing and improving business analytics to be more agile and competitive.
- Expanding non-traditional/non-degree learning programs to offset declining enrollment in traditional academics.
- Increased use of automation to ensure day 1 readiness and improve administrative efficiency.
- Establishing zero-trust with IAM as the cybersecurity perimeter to reduce risks and satisfy cyber insurance.
- Implementation of new tools and policies to comply with increasingly complex regulations.
Institutional resilience initiatives that intersect with identity are usually driven by one of these four strategic drivers:
- Business Enablement – allowing institutions to adapt and be flexible.
- Student Engagement – allowing institutions to engage, recruit, and retain their customers (students) and be competitive with other institutions.
- Operational Efficiency – making the best of limited resources by becoming more efficient and reducing redundancy.
- Risk Management – ensuring that all of the above don’t open the institution up to undue risks.
Each of these strategic drivers can be mapped to the resilience initiatives we talked about in the previous slide. Each of these resilience initiatives relies on technologies that are typically provided in the IAM stack at any given institutions. For example:
- ERP modernization requires more flexible and efficient identity data and access management to manage access to complex business processes and provide right sized access to sensitive data.
- Recruiting, Admissions, and CRM reform requires real time provisioning and the implementation of new tools such as Customer IAM (CIAM), progressive profiling, and improved business analytics to remove barriers and obstacles from student recruitment, to help identify and track prospects and their actions sooner, and to understand patterns and trends in recruiting.
- Non-traditional non-degree learning expansion requires an e-commerce driven, real time onboarding process that can be accomplished with CIAM, self-registration, and social identity integration tools.
- Day 1 readiness and administrative efficiency requires increased use of automation for birthright access, expansion of delegated administration of access, and rationalized approach to request & approval workflows that are all available earlier and easily understood.
- Zero-trust with IAM as the cybersecurity perimeter requires the use of a Privileged Access/Account Management platform, and the ability to manage identities, accounts, and access of people that aren’t traditional users like students, staff, and faculty.
- Growing compliance requirements and inclusivity requires a holistic approach to consent, privacy, and identity proofing that can be accomplished in the IAM stack.
The primary point being made here is this: Higher education is rapidly adapting to survive and thrive, and institutions are reevaluating their strategies to include technologies such as IAM as a central pillar to support transformational change and resilience to how they do business.
Use Cases for Digital Transformation with IAM
To support the assertions that IAM depends upon strategic alignment and institutional collaboration, and that IAM enables continuous improvement and transformational change, this article will share some anonymized use cases from three Moran clients this year. These use cases include:
- One institution utilizing IAM and CIAM to expand their non-traditional/non-degree program footprint to offset a decline in enrollment for traditional academics and to streamline recruiting, onboarding and to modernize the digital experience.
- One institution utilizing IAM to support more inclusive practices, reduce redundancy and technical debt, and to modernize the digital experience.
- One institution utilizing multilateral federation to establish a state-wide academic sharing program to bring flexibility to their population and be more competitive in their market.
Using IAM for Non-traditional Education Expansion
Starting back in 2023, this client sought help in establishing a plan and roadmap for modernizing their IAM practices to support an institution wide initiative to enhance the digital experience. This client is a large public university that has been seeing a decline in traditional academics, but a sharp increase in non-traditional/non-degree learners. The latter was growing so much that they began running into issues with how their IAM environment was largely dependent upon SIS/ERP data to drive the enrollment process. Although the IAM system works extremely well for traditional academics that are typically calendar and batch based, they started seeing how the traditional IAM process was creating barriers and delays in their onboarding process resulting in lost business for non-traditional programs. Beginning to see lost opportunity of a now around 50% enrollment in non-degree learning, the institution needed to act. Moran assisted this client in establishing a plan to implement CIAM tools and integrate them with their internal (Workforce) IAM system to remove barriers, streamline onboarding, and provide real time provisioning for everyone associate with the institution. This plan also included establishing increased analytics and progressive profiling to position them to respond more quickly to trends and changes in the market so they can maximize intake of their prospects in a transactional, e-commerce-like way.
This client is through the first year of their roadmap and Moran is still working with them daily to help them accomplish this goal. The initiative is currently in the development phase for the CIAM identity integration and is very close to implementing real time provisioning this October, with a go-live for the rest in March 2025. This specific use case really tells a story about how IAM can influence transformational change in an institution by adapting to a growing market during the contraction of another.
Using IAM to improve Privacy & Inclusion, and Operational Efficiency
Starting back in 2023, this client sought help in establishing a plan and roadmap for modernizing their IAM practices and to support a more inclusive approach to IAM. This client is a top R1 research University with diverse demographics ranging across multiple industries. They had numerous challenges with IAM, as their solution was a custom-built, home-grown collection of aging technologies designed and maintained for decades by smart, dedicated people, but those people by then had retired or were soon to retire. The solution worked adequately for provisioning of traditional students, faculty, and staff, but it struggled to maintain any flexibility for use cases outside of that. When Moran was brought in, IAM was seen as a barrier to getting many major institutional resilience initiatives done. One of those institutional resilience initiatives that is very important to university leadership is meeting students where they are with inclusivity. So far, every attempt to support pervasive use of preferred names, pronouns, non-English characters, single name, or other non-anglicized naming concepts had resulted in failure at best, disaster in some cases where students were singled out inadvertently, leading to several problems for the University. The problem was that data systems were so disparate and IAM was so antiquated that it just couldn’t support inclusive identity information. The same systems creating the barrier for inclusivity were creating extreme barriers for the University’s business processes as a whole. For example, due to the very manual and drawn-out access management process, it could take 5 – 10 business days to get access to systems and services after starting a new job. After a great deal of effort to fix this problem with no avail, the medical school began a workaround process that would hire and pay all their practitioners 2-weeks before they were asked to report to work so that they could start their first day able to treat patients and provide care. The accumulation of lost productivity and wasted money in a year was a staggering concept.
During our initial engagement, Moran helped the institution to develop am IAM Vision, Strategy, and Roadmap that provided a path to solving the inclusivity problem, while also improving many other IAM related issues, like providing day 1 access, real time provisioning, and many more. Our deliverable directly resulted in the establishment of a 4-year IAM program meant to address their issues and get IAM out of the way of their resilience initiatives.
This client is through the first year of their IAM Program and they have already accomplished the first phase of their roadmap. They are also almost complete with the procurement of their IAM platform and getting ready to start accomplishing their major initiatives. This specific use case really tells a story about how IAM can influence transformational change in an institution by increasing operational efficiency and meeting students where they are.
Using IAM to Establish Academic Sharing
Earlier this year, this client reached out to Moran to help them establish a plan and roadmap to support a state-wide initiative to provide academic sharing across 11 independent institutions in a state university system. Each of these institutions had their own decentralized IT services, which includes IAM. These schools fortunately did share a system wide Student Information System (SIS) though, which was the foundation for the academic sharing initiative. The goal of this academic sharing was to bring flexibility to their student population, deduplicate academic program development and maintenance without limiting access, and be more competitive in their market. The enrollment crisis has been hitting many of these institutions hard, and a response became imperative.
The biggest problem with this approach was their decentralized IAM environment. Moran worked with this University system to compose a strategy to support cross registration and enrollment for their learning environment. The solution included establishing an academic sharing framework, defining the rules of engagement and guidelines to ensure a seamless user experience across institutions. When a student from one institution cross-registers in a class at another institution, that student needs to log in to the teaching institution’s learning services with their home institutions credentials. To enable this, Moran architected a multi-lateral federation solution that will allow each student to access any school’s resources they are affiliated with, using their credential from their home institution. This enables the state system to provide a service to support authentication and authorization for cross-registered students. This of course required common standards to create an acceptable level of shared risks, addressing things like a minimum password policy, MFA policy, device specifications, and so forth.
This client is currently in the procurement phase for their multilateral federation solution and Moran is soon going to be engaging with them in designing and deploying the solution. This specific use case really tells a story about how IAM can influence transformational change by collaborating across multiple institutions for competitive advantage, enhancing the digital experience, and for increasing operational efficiency.
Mature IAM Through and Institutional Program
To the point of this article, IAM is more than just middleware. With the right program to support it, IAM can be an agent for transformational change and continuous improvement, rather than a blocker or barrier to resilience initiatives. A mature IAM program should include:
- Strategic alignment to ensure understanding of the most critical needs of the institution.
- Institutional collaboration and awareness at the executive level to encourage sustained investment and to reduce organizational and political barriers.
- Process Redesign to ensure the business process supports the data needs of the technology.
- Policy Management and Development to ensure risk and compliance are being managed and aligned with stakeholder requirements.
All that equates to the fact that IAM can either be the biggest blocker to your resilience initiatives, or it can be an agent for digital transformation. It just depends on how you approach it.
———
Moran Technology Consulting is an experienced and proven consulting services provider to higher education. Moran offers a full range of IT and management consulting services. Our consultants have worked with over 350 institutions and conducted over 850 projects across 40+ states and 12 countries.