Digital Identity

Is this the missing link for maximizing the impact of technology in education?

GUEST COLUMN | by Leon Mallett

Screen Shot 2016-07-23 at 1.29.34 PMTechnology plays a critical role in education. From engagement through to inclusion, it has a profound impact on teaching and learning.

The problem has been that some advanced enterprise technology is out of reach for a lot of education establishments. This is due to the costs, complexity and commitment of delivering something new on site. When organizations have made a big investment they soon have increasingly outdated software and systems that are slowly stagnating on-site.

Fortunately, the cloud has changed all that.

Now education establishments of all shapes and sizes have access to a huge range of the latest technology on tap through the cloud. Problem solved! Or is it?

Now education establishments of all shapes and sizes have access to a huge range of the latest technology on tap through the cloud. Problem solved! Or is it?

The missing link in many cases is the technology that allows your IT team to effectively manage the space between your organization and the cloud.

This technology is called identity and access management, and it acts as an enablement technology for cloud services.

Identity and access management is the process of assigning specific sets of users to specific resources. It is the layer of technology that means when you log in to your email, you get your email, and not your neighbor’s email.

In most cases each organization would have one tenancy within a given cloud application. But there are scenarios where it’s not quite that simple. For example, several organizations, especially schools within the same district, share a tenancy. Conversely, there are also cases where a large complex organization such as Universities that have multiple tenancies and within each tenancy, there are lots of accounts.

Rather than them having to make the decisions manually of who gets access to what, which can be a seriously laborious and time consuming job, with an identity and access system you create ‘rules’ to decide who gets access to what.

For example, a rule could be created that means that if the person is classified as a student then they access applications x and y, whereas if a person is classified as a teacher, they access applications x, y and z.

Identity and access management takes a major burden off of the IT Team, and means they are able to do much more proactive work for the organization, and spend less time doing repetitive, manual, and sometimes error prone, tasks.

Here are some of the other benefits to managing digital identity in education through identity and access management.

User provisioning

User provisioning is the process of taking users from a source directory, usually Active Directory, but it could also be a Student Information System, and using key attributes like first name, last name, email address, department, etc to create an account for that user in the application.

While automated provisioning is really useful for IT Teams, automated de-provisioning can often be even more critical. An identity management system will be able to automate de-provisioning to significantly increases your security and peace of mind.


In a normal consumer model, a user connect to an app, the app would then request some credentials, usually in the form of a username and password, and provided that they’re correct, the app would let them in. This process is called authentication, but is not an efficient or easily manageable model for access in an educational environment.

With a federated access model you can have as many applications as you like and the user only needs a single password. That’s because when the user goes to the application to log in – instead of going back to the user and asking for a username and password, the application passes the claim to a specified third party identity service middleware instead. This third party identity service is commonly known as the identity provider or IDP.
The clever part here, is if the users have already logged into a domain joined workstation, they won’t need to log in again and the users won’t even know this is happening. This is known as single sign on.

User Lifecycle Management

User Lifecycle Management recognizes that a person is rarely static in an organization. Whether they are an employee or a student, it’s likely that during the length of their membership of the organization they will move from year to year, or from department to department.

User Lifecycle Management is the area of identity management concerned with making this transition as simple as possible for IT Admins, and to make sure that the users always have the applications and services they need.

As you can see from the diagram shown depicting the flow from prospective students through to alumni, this process can actually start from before a student or employee are full members of the organization, and it can continue even after they have left. Being able to flow the data through multiple systems in this way, and keeping it in sync, can streamline what is otherwise a horrible messy process full of manual, expensive and error prone processes.

The real power comes from what you can achieve with this. Being able to offer digital services to prospective students with few limitations could completely transform how you attract and recruit new students. In the same way being able to provide digital services to graduates could enhance your relationship with your alumni.

Forgotten passwords

The next way an identity service can help your organization is with perhaps the most grating IT problem of all for education organizations, and the bane and bugbear of the IT helpdesk. Forgotten passwords.

Not only does single sign on help this immeasurably by consolidating access to a single username and password, but identity services will also typically have the provision for self-service password reset.

This means that when a user forgets their password, they can securely reset it themselves without having to bother your IT team. There are a few different ways of achieving this, but the preferred methods are by answering pre-answered security questions, or with a SMS verification code sent to their mobile phones, or potentially even both.

File storage

File storage is one of the greatest costs on the IT budget. One of the great benefits of the cloud is the opportunity to have large volumes of extremely cost effective storage. For example, every Office 365 account comes with a terabyte of it, in the shape of OneDrive.

But (and there is a big BUT), the primary mechanism for accessing cloud storage is through file synchronisation.

File synchronization works by effectively copying local files from a specified folder into the cloud, and vice versa. Every time you add, remove or change a document the changes are reflected in both places.

The consequence of this, is that synchronized storage ties storage to a device, not to a person.

This is absolutely fine – preferable even – for most consumers, but it’s a really big drawback when it comes to organizations like schools, colleges or universities which have lots of multi-user machines. Synchronized storage is really impractical in educational environments.

By combining identity management, single sign on and drive mapping technology it’s possible to fully recreate the experience of network storage.


Digital identity can have a genuinely transformative effect for all types of education establishments.

From compatibility and enablement, security and access, data and user lifecycle management, eliminating password problems, improving user engagement and even cost saving and file storage.

It’s a big deal, and it’s only going to increase in importance, as the cloud continues to grow and evolve.


Leon Mallett is a Director at IAM Cloud with nearly 10 years of experience working in and with the education sector. Leon is a major advocate for the role of education in society, health and economic growth.

Leave a Reply