The university needed an error-free way to create new student and employee accounts, and remove access from those who no longer needed it.
Automating the creation and deletion of hundreds of user accounts each semester with UMRA
Fitchburg State College, founded in 1981, was the first practical arts teacher training program in the country, and has since grown to have over 35 undergraduate and master’s degree programs, 6,500 students and 520 employees. Fitchburg State had 44,000 records in Active Directory, which in no way reflected their actual environment due to stale accounts that were no longer required. After several attempts to delete users based on inactivity, while inadvertently deleting hundreds of active users, they realized they needed help. “We weren’t able to integrate Active Directory information and the student record system to accurately report information” said Sherry Horeanopoulos, Information Security Officer.
After realizing the methodology they were employing with user accounts was inefficient, the college began to look for help managing their accounts more reliably and cleaning up their directory. Most options they evaluated were very expensive and complicated. “UMRA from Tools4ever was a really easy solution and the support was phenomenal”, stated Sherry. The school also decided they were switching from a local student e-mail server to Gmail, and Tools4ever was one of the few companies who supported Gmail. Connectivity is a hallmark of Toolsever.
Efficiently creating new accounts
At the beginning of each semester, online students frequently called saying they were starting classes but did not have an account created for them. With UMRA in place, it now automatically creates an account for a student who is registered, paid and confirmed. With a variety of departments and people inputting Information on the back end, never before had consistent conditions to automate account creation existed. Now, each time a creation occurs, Sherry receives an e-mail notification of the new account. “It just works; it’s in the background chugging away. Four times a day all the accounts get created and within a couple of hours, the users have their accounts ready to go”.
In short, UMRA is configured to query Banner to look for new students, changes to existing records and records that exist in Active Directory but not in the database. When a new record is present, the AD account is created along with a home directory, initial password, and group memberships, and located in the appropriate Organizational Units.
When a record is eliminated from Banner, the Active Directory user record is automatically disabled and moved to a separate OU. After 18 months of being disabled, the accounts are purged from Active Directory. In the case of an account create or a delete, an e-mail is set to an appropriate party. IAM is compatible with over 150 connectors making this type of automation easy.
“There is no other company that I deal with regularly that I like better than Tools4ever.”Sherry Horeanopoulos, Information Security Officer at Fitchburg State University
Reliably retiring people from the systems
Fitchburg also encountered problems with hundreds of students graduating every year and no accurate way to determine who should be deleted from Active Directory. Fitchburg previously deleted all students who graduated, however they also accidentally removed student’s who shouldn’t have been removed “We would be losing a subset because some students continued and some went on for graduate school and further education. We didn’t want to take them out if they were truly continuing, but we didn’t want them lingering if they weren’t, and there was no easy way to know, based on our student records, who should be taken out.”
With UMRA in place, Fitchburg no longer needs to worry about these mistakes. “It’s much more complicated to apply conditions to each of these events if you don’t have this tool; the tool just makes it so easy.” If a terminated or graduated flag is set in the SIS application, the account is disabled, according to the pre-defined rules. If something has changed since the last synchronization, the Active Directory account may be re-provisioned or specific attributes updated. Fitchburg can easily target each population of users with different conditions. For example, employees who are retiring keep their accounts for up to 18 months, but employees who are terminated are deleted immediately. “If your employment at FSU is terminated, with one click you are out of the system”, stated Sherry, significantly reducing security issues. With data breach being so topical of late, access control has become so important and IAM is an ideal preventative solution.
Where are they now?
Fitchburg State frequently hires adjunct professors for off-site or online courses. Often these professors are concerned when they are about to begin classes and don’t have a logon. This is a result of IT not being notified, as this employee type may not be entered into the HR system. With the UMRA web portal in the HR department, Fitchburg has the immediate ability to disable terminated employees and create accounts for adjunct professors and other non-traditional faculty members.
Overall, Fitchburg State Is spending 75% less time dealing with account issues. Sherry stated “All of these employees love UMRA because it frees them up to do other things. There is no other company that I deal with regularly that I like better.”