Challenge

The University of Westminster offers both full- and part-time courses and consequently has a very large population of students. This creates the significant challenge of managing approximately 70,000 student accounts alongside 5,000 permanent staff accounts and up to 2,000 temporary staff accounts. Alumni accounts are also growing in number due to a recently introduced opt-in service.

Across all these accounts, the University’s IT department must ensure rapid initial provisioning, reliable access to dozens of different academic and administrative systems, and high levels of security. It also aims to provide easy access to data and systems for students and staff and to make new applications available to them quickly. Increasingly, these new applications tend to be cloud-based, but students and staff expect to access them in the same way as they do local applications.

To accomplish all this with a relatively small team, the University needed a powerful set of tools for managing identities across multiple directories.

Solution

The University selected NetIQ Identity Manager to integrate its various eDirectory and Microsoft Active Directory instances and create common user credentials across its entire estate of IT systems. “We regularly look at every single software product we use and ask quite simply: Is it worth it?” said Dave Marriott, team leader for EndPoint Systems at the University of Westminster. “Identity Manager is one of those solutions that does exactly what it says on the tin, and that’s why we continue to see value in it. It has allowed us to standardize login processes and credentials across a broad array of systems, and it has removed a large amount of paperwork associated with user management.

Identity Manager synchronizes identity information across multiple directories, creating a single master identity for each unique user and eliminating most of the manual tasks associated with user management. For an organization with a large and rapidly changing user population, this represents a significant reduction in IT administration. Identity Manager also enables the IT department to rapidly and accurately provision new user accounts, and users have the same credentials across multiple systems without compromising security.

The University has updated its Identity Manager environment twice in recent years – first to simplify the migration of all student mail accounts to Google and second as part of a broader modernization program. “Moving to the latest version ensured lower support costs and also meant that we would have access to prebuilt drivers for the latest applications,” said Marriott. “We are running Identity Manager on SUSE Linux Enterprise Server virtualized on VMware ESX Server. In fact, 90 to 95 percent of our entire server estate is now virtualized, which means that we can freely interchange hardware without affecting the services.”

Nearly all internal systems at the University link to Identity Manager, from the student record system to the staff ID card system. When the University decided to move to cloud-based delivery for its Blackboard Academic Suite, it was also able to use Identity Manager to authenticate users to this external service.

Results

Identity Manager automates, simplifies, and accelerates all major user management tasks at the University of Westminster. When a new staff member is entered in the Human Resources (HR) system or a new student is entered in the student information system, Identity Manager automatically provisions user accounts in the appropriate systems, including external ones such as those from Blackboard.

“Identity Manager is pretty much universal for us: everything is either directly or indirectly hooked into it. That’s our strategy,” said Marriott. “For external systems, Access Manager reads the user credentials from the central vault and injects them into the web pages, so our users save the time and effort of signing in multiple times.” By accelerating both the provisioning and deprovisioning of user accounts, Identity Manager makes a significant difference at peak times of year – in particular, student enrollment. “We might be provisioning 10,000 accounts over a single weekend. For me, Identity Manager wins hands down for that kind of task,” said Marriott. “The biggest savings in terms of time and cost are in the fact that Identity Manager enables us to have common shared credentials for every system, rather than having to manage users from scratch in each application. As a university, there’s no way we could handle the creation of thousands of accounts on the fly without Identity Manager.”