Miami, FL – September 10, 2020: Marymount California University (MCU), a Catholic university in Rancho Palos Verdes, California partners with QuickLaunch to automate user provisioning and streamline user lifecycle management. As a true identity partner, QuickLaunch will be offering its proprietary Single Sign-On, Identity Provider, Password Manager with Multi-Factor Authentication, Adaptive Authentication, User Self-Registration, Automated Provisioning and Mobile App to MCU.
MCU doesn’t have a formal provisioning and lifecycle management solution in place. They transitioned to an outsourced IT support model three years ago. Prior to that the account provisioning was managed by internal IT staff who would manually provision staff, faculty and student accounts using various methods. For students, powershell scripts were used to onboard and provision student accounts in Active Directory.
When MCU outsourced its IT support in May of 2017, staff and faculty account provisioning became the responsibility of the managed service provider. Student account provisioning was still happening via Student Information System, CAMS Enterprise at that time.
MCU has since migrated to a new student information system with Campus Management called Campus Nexus. The implementation was not a smooth one and MCU continued to work out issues related to student account provisioning in Active Directory.
As discussed earlier, staff and faculty accounts were provisioned manually by its managed service provider. Each account is manually created and is dependent on clear communication from Human Resources. Due to the outsourced IT support arrangement, the managed service provider was reactive instead of proactive. When accounts are provisioned for staff and faculty, there were no clear templates for roles and permissions. Only until after staff or faculty members have started work does the managed service provider understood what their true needs are in respect to the systems to which they need access. Much of MCU’s staff and faculty’s access and permissions to other systems were controlled by Active Directory security groups. Most of the time MCU didn’t know there are issues until they were reported.
Student accounts were provisioned using an Active Directory workflow that was running in MCU’s student information system, Campus Nexus. The AD Workflow contains instructions for provisioning a student AD account based on their student status “admitted”. Unfortunately, the programming of the workflow is managed by Campus Management, which creates difficulties with modifying or adjusting the programming of this workflow. The workflow requires a person with .NET programming skills. This workflow has not worked properly since MCU went live with Campus Nexus. This has caused frustration for the university and students.
Currently, the workflow is not working correctly, and all newly provisioned student AD accounts must be manually modified and fixed in order to give students access to other university online resources. MCU has been working with Campus Management for over three months to have this fixed. Student access to wireless and other learning management systems are dependent on the workflow provisioned AD student account.
The first challenge is explained above. The current mechanism for provisioning student accounts is controlled by a workflow that resides in Campus Nexus. The workflow cannot be easily modified.
The other challenge is that MCU may have up to a thousand or more admitted students brought into their student information system from Slate, MCU’s Admission CRM. However, not all of those admitted students will end up enrolling and attending MCU. Therefore, MCU could end up with a thousand or more student Active Directory accounts, but only half of them may attend the university.
In order to clean out the accounts who are not enrolled, this has to be done manually. MCU doesn’t have a good mechanism or system to help us provision and deprovision accounts based on specific criteria. In the end the institution can potentially end up with thousands of Active Directory accounts that are not used. This also creates a security risk for the university.
MCU also have students who might defer for a semester or two, or have students who take a leave of absence. If MCU deletes these accounts, they then have to re-provision them. However, they do not have a good way of identifying these accounts or a solution to manage the handling of these special scenarios. All of this work must be manually done by staff.
This impacts students in a negative way because when a semester begins, MCU gets inundated with support calls due to accounts not working. Sometimes they work for certain things, but not others due to problems with the workflow. If MCU doesn’t catch accounts that are not provisioned correctly, they don’t know about them until a student reports a problem. This puts MCU in reaction mode instead of being able to be proactive and catch these problems before they impact the students. The other challenge is that MCU doesn’t have a good tool to manage the accounts to be able to effectively troubleshoot account problems before they are reported.
QuickLaunch Single Sign-On will help users (student, staff and faculty) at MCU to login to multiple applications such as Campus Nexus, Brightspace, Office 365, Slate and others using a single set of credentials.
Users will be able to reset lost / forgotten / expired passwords by their own using multiple factors of authentication (security questions, email and SMS) with QuickLaunch Password Manager with MFA. This will improve the draining productivity of users and reduce the volume of password reset requests going to IT help desk.
QuickLaunch Adaptive Authentication will detect suspicious logins and prompt the users with MFA to verify their identity. This will not only boost institutional security but also prevent account takeover attacks.
User Self-Registration will help the institution to end the practice of using default passwords for user accounts. It will push new users to create passwords for their own account when they login to the system for the first time. This will protect user accounts from getting compromised.
Automated provisioning will help IT to eliminate the manual process of user onboarding and automate user provisioning/deprovisioning, thereby saving a lot of effort and time being consumed in provisioning/deprovisioning every user manually.
Mobile app will modernize the end user experience by giving users access to apps, login through TouchID and FaceID, ability to reset passwords and receive push notifications about important announcements all from a mobile device.
About Marymount California University
Established in 1932, Marymount California University is a Catholic university in Rancho Palos Verdes, California. Based in the liberal arts tradition and inspired by the Religious of the Sacred Heart of Mary (RHSM), the university awards associate, bachelor's, and graduate degrees. The institution is accredited by the Western Association of Schools and Colleges. The institution welcomes students of all faiths and backgrounds into a quality, values-based education. It fosters a student-centered approach to learning that promotes the development of the whole person. Inspired by the Religious of the Sacred Heart of Mary, it challenges its students to pursue lives of leadership and service.
QuickLaunch is the only AI-first identity and integration platform-as-a-service (IDaaS and iPaaS) that transforms how cloud-savvy institutions and companies manage human and device authentication, authorization, access control and integration. QuickLaunch leverages AI to autodetect threats and step up authentication. More than 500 institutions such as New Mexico State University and Colorado Community College System along with companies such as Jenzabar, Unifyed, OculusIT, and BlackBeltHelp trust QuickLaunch to protect and manage over 2,000,000 identities and integration to over 3,000 applications such as Salesforce, Adobe Creative Cloud, Box, Canvas, Blackboard, G Suite and Office 365.