How an IDaaS solution can reduce user on-boarding process costs while complying with data regulations

The Graduate Institute of International and Development Studies is a Swiss institution of research and higher education dedicated to the study of world affairs, with a particular emphasis on the cross-cutting fields of international relations and development issues.

Graduate Institute information system has 4 main user categories:

  • 1’000+ students who access online courses material trough Moodle, Swiss university network SWITCH and Google collaboration tools;
  • 500+ internal employees (professors, back office) that use 20+ cloud and on premise business applications;
  • 10’000+ alumni that access an internal social network and Google collaboration tools;
  • 5’000+ online applicants per year With increasing number of study programs, shorten programs, high user population rotation rate and increased usage of cloud solutions, Graduate Institute of Geneva wanted to improve its user identity governance and application security with a limited IT budget. These were the trigger to initiate an implementation of a dedicated identity management solution.

“IT project in cost saving context”

“Two months to go live for next summer student intake”

“Limited internal resources to work on project”

“Incomplete business processes analysis”

“Hybrid architecture: mix of cloud and on premises applications”

Under budget pressure with short deadline constraint and limited availability of internal resources the choice of an IDaaS solution was clear: no installation cost, limited administration, OPEX model vs CAPEX, encourage usage of standards vs custom development.

Based on an IDaaS market analysis Graduate Institute of Geneva choose Onelogin solution because of:

  • A pricing model adapted to educational world (limited cost for applicants and alumni)
  • Compliant with Swiss data regulation: hosting in Europe and data privacy policy
  • Large support of standard and custom application access management modules

We started the implementation project by focusing on the new student user category because of limited risk, high business value and expected ROI. First phase of the implementation project was dedicated to the analysis of the student on boarding business processes: clerk interviews and reverse engineering application analysis. This enabled us to simplify business process by removing unnecessary and low value steps, identify target application repositories, data structure and quality rules.

The implementation phase consisted in:

  • Activation of onelogin test and production instances
  • Setup of onelogin administration roles with privileged accounts security policies
  • Installation of onelogin agents on premises to enable internal identity repositories management
  • Implementation of identities rules and processes using onelogin configuration based tools: role based access management
  • Design of audit and reports

Transition and production phase were straightforward: import of the new student data, mail invitation campaign, administrator training.