Transcription
Distributed under the Okta distribution license. Only Okta may distribute under this license.IF YOU HAVE RECEIVED A COPY OF THIS DOCUMENT YOU MAY NOT SHARE WITH ANY THIRD PARTY OR REDISTRIBUTE OUTSIDE OF YOUR ORGANIZATION.TECHNOLOGY SOLUTIONSCASE STUDYCalifornia State University, Long BeachOkta Provides a Single Sign-On System to SimplifyAuthentication for StudentsCalifornia State University, Long Beachis one of the 23 schools in the publicCalifornia State University system. Foundedin 1949, CSULB is one of California’s largestuniversities by enrollment, with 37,065students. CSULB offers 82 baccalaureatemajors, 67 master’s degrees, 4 teachingcredential programs (including 10 singlesubject areas), and 4 doctoral degrees. Inthe 2019 U.S. News & World Report rankingsof regional public universities in the West,CSULB is number three.Confidential and Proprietary. Contains Trade Secrets. Unauthorized Distribution is Strictly Prohibited. The Tambellini Group, LLC.
Distributed under the Okta distribution license. Only Okta may distribute under this license.IF YOU HAVE RECEIVED A COPY OF THIS DOCUMENT YOU MAY NOT SHARE WITH ANY THIRD PARTY OR REDISTRIBUTE OUTSIDE OF YOUR ORGANIZATION.INITIAL CHALLENGESIn July 2013, CSULB’s Enrollment Servicesdepartment requested an application thatwould make it easier for students to securelyaccess their school resources. At the time,students had to log in separately to eachsystem (e.g., enrollment, advising, financialaid), and the repeated authenticationdisrupted students’ workflow. The EnrollmentServices department hoped the Division ofInformation Technology could build or find asolution that would enable students to log into a single sign-on (SSO) portal to access alltheir applications and services in one place.CSULB’s IT division met with variousdepartments to identify requirements for anideal SSO solution and determined that itwould have to support various authenticationmechanisms, including Shibboleth SSOand Lightweight Directory Access Protocol(LDAP) authentication. Further, an imperativevoiced by more than one department wasthat each authentication method neededto remain unchanged for users who want tocontinue to authenticate directly throughthe individual application. This wouldprevent previously created bookmarks andlinks for the logins from being broken afterimplementation of the new solution.IT met with SSO providers OneLogin andPing, but Okta was the most confident vendorin its ability to integrate with CSULB’s existingShibboleth environment. The CSULB teamand Okta worked out how they would createthe authentication token on the Shibbolethside, ensuring the applications alreadyintegrated with Shibboleth would remainunchanged and still work with Okta SSO.IMPLEMENTATION ANDSHIBBOLETH INTEGRATIONCSULB began their implementation ofOkta SSO in February 2014, leveragingOkta Professional Services, who workedwith CSULB IT via phone calls. A Shibbolethdeveloper helped with the integrationbetween Okta and Shibboleth, which wasthe most challenging part. Okta initiallysuggested CSULB set up two separateOkta instances. After initially establishingTECHNOLOGY SOLUTIONS CASE STUDYConfidential and Proprietary. Contains Trade Secrets. UnauthorizedDistribution is Strictly Prohibited. The Tambellini Group, LLC.
Distributed under the Okta distribution license. Only Okta may distribute under this license.IF YOU HAVE RECEIVED A COPY OF THIS DOCUMENT YOU MAY NOT SHARE WITH ANY THIRD PARTY OR REDISTRIBUTE OUTSIDE OF YOUR ORGANIZATION.one system as the Shibboleth IdP (identityprovider) and a second system as a ShibbolethSP (service provider), they found the sessionwas being lost between the two systems.They eventually solved this problem byinstalling the Shibboleth IdP and SP onthe same system. Jesse Santana, Directorof System and Web Services at CSULB,worked closely with Okta ProfessionalServices to complete the integration andimplementation by March 13, 2014.Since CSULB’s implementation, Oktahas hired a Shibboleth expert who hasupdated the architecture to enableShibboleth to integrate with Okta directly.Rearchitecting the environment with thenew direct integration has cut the numberof authentications required in half. Inthe previous environment, each userauthenticated to both Okta and Shibboleth,but now only one authentication per usertakes place.PRICINGCSULB was one of Okta’s first highereducation customers, and, with about37,000 students, it was too expensive for theschool to leverage Okta’s standard per-clientlicensing model. Instead, Okta devised anew pricing model to fit CSULB’s budgetthat priced student licenses at aboutone-fifth of the cost of the institution’semployee licenses. CSULB now has about60,000 licenses for their environment.BEST PRACTICESA best practice for CSULB is to ensure anynew application added to the institution’senvironment supports Shibboleth and iscertified by InCommon Federation. CSULBalso wrote a script that leverages the OktaAPI to perform REST (RepresentationalState Transfer) calls once a month to checkfor inactive accounts. If an account has notbeen used in the past 30 days, the license isdeactivated, but the account is not purged.When an account is deactivated, a studentcan still return, log in, and be reassigned alicense, and all the student’s applicationsremain unchanged when they reactivate.This deactivation process keeps CSULBbelow their license count.TECHNOLOGY SOLUTIONS CASE STUDYConfidential and Proprietary. Contains Trade Secrets. UnauthorizedDistribution is Strictly Prohibited. The Tambellini Group, LLC.
Distributed under the Okta distribution license. Only Okta may distribute under this license.IF YOU HAVE RECEIVED A COPY OF THIS DOCUMENT YOU MAY NOT SHARE WITH ANY THIRD PARTY OR REDISTRIBUTE OUTSIDE OF YOUR ORGANIZATION.OUTCOMEREFERENCESAccording to Santana, students, faculty, andstaff have found Okta to be user-friendly.Those who want to log in the way theydid before Okta’s implementation can stillaccess the same links with no change intheir previous user experience. Meanwhile,those who use the Okta SSO portal enjoythe convenience of logging in to one placeto access multiple applications. Help deskcalls related to access have gone down.About 102 active applications in the CSULBenvironment currently leverage Okta.Support for Okta is maintained by a CSULBengineer who also manages storage and theShibboleth servers; the Okta maintenanceonly takes a small portion of his time.As part of this research, Tambellini briefedwith Jesse Santana, Director of System andWeb Services at CSULB, and that briefinginformed this case study. Information in thisstudy was also gathered from www.csulb.eduand versities-west/top-public.Photo CreditsPage 1: Walter Pyramid Long Beach State University PublicAffairs, www.csulb.edu.Page 2: Students walking on campus, California StateUniversity, Long Beach, www.csulb.edu.Page 3: University Library entrance, California StateUniversity, Long Beach, www.csulb.edu.Page 4: Go Beach, Long Beach State University PublicAffairs, www.csulb.edu.Santana also reports that Okta has providedexcellent support through its ticketingsystem and responds immediately. CSULBhas noticed only a few short outages (lastingtwo to three minutes each) in over threeyears of using Okta. In the near future,CSULB plans to implement Okta MFA withits Okta SSO solution for applications thathandle level-one data.TECHNOLOGY SOLUTIONS CASE STUDYConfidential and Proprietary. Contains Trade Secrets. UnauthorizedDistribution is Strictly Prohibited. The Tambellini Group, LLC.
Distributed under the Okta distribution license. Only Okta may distribute under this license.IF YOU HAVE RECEIVED A COPY OF THIS DOCUMENT YOU MAY NOT SHARE WITH ANY THIRD PARTY OR REDISTRIBUTE OUTSIDE OF YOUR ORGANIZATION.ABOUT THE TAMBELLINI GROUPThe Tambellini Group is the world’s leading independent technologyresearch and advisory firm dedicated exclusively to higher education.Tambellini offers direct interaction with the top industry analystsand provides custom, data-driven advisory services. The company’sproprietary database of more than 19,900 global institutions’technology selections and nearly 67,000 listings is unparalleled inthe industry. Members leverage Tambellini’s unbiased research onthe changing education technology landscape to make fact-baseddecisions and achieve key strategic goals. Founded in 2001, Tambelliniis a woman-owned business headquartered in Irvington, . Box 685, Irvington, VA 22480ACKNOWLEDGMENTSThe purpose of this report is to provide higher education institutions withinformation about the objectives, solutions, and outcomes related tothe utilization of technology in colleges and universities across the U.S.The Tambellini Group thanks California State University, Long Beachfor approving this report and the quotes herein.We thank everyone who has participated in making this report available.TERMS OF USEThis report contains confidential, proprietary and trade secretinformation by The Tambellini Group, LLC. Unauthorized distributionis strictly prohibited. All rights reserved. No portion of this report andstrategic analysis may be reproduced, given, lent, resold or disclosedin whole or in part without the written permission of and attributionto The Tambellini Group, LLC. Only the person, institution, school,company or organization that has licensed this report may accessand use the report. You may print and use this report inside yourinstitution, school, organization or company as part of an institution,school, organization or company license. You may not distribute thisreport, in whole or part, to others outside of your institution, school,organization, or company unless you have specifically licensed therights to distribute the report for external use. The Tambellini Groupoffers no specific guarantee regarding the accuracy or completenessof the information presented, but The Tambellini Group makes everyreasonable effort to present the most reliable information available.The Tambellini Group assumes no liability for errors, omissions ordiscrepancies in the information contained in this report.The research for this report is not sponsored, and The Tambellini Grouprelies on fees from its Peertelligent and Market InsightsSM subscriptionservices for publication. As such, The Tambellini Group issues eachcopy of the report to the institution, school, organization or companythat licenses it. Trade secret and other violations are thereforeenforced to the fullest extent.The Tambellini Group and The Tambellini Group logo are trademarksor service marks of The Tambellini Group, and may be registered in theU.S., other countries or both. Other third-party trademarks or servicemarks are property of their respective owners.DISCLAIMERThe Tambellini Group does not recommend or endorse any vendorsolutions for higher education. The Tambellini Group is an independentresearch firm without sponsors or ties to vendors. The Tambellini Groupprovides selected information about vendors based on research. TheTambellini Group makes every effort to validate all of the informationpresented in this report and performs all research in good faith. TheTambellini Group relies on publicly available information, interviewswith higher education institutions and vendor feedback in order toprepare and publish reports which contain timely and helpful pointsof interest. By using information in this report, you acknowledge thatyou do so at your own risk. No information contained in this reportshall create any warranty or liability. You should obtain any additionalinformation necessary to make an informed decision prior to takingany actions related to the material in this report.You assume all responsibility in connection with selecting a vendorsolution, whether or not you obtained information about such solutionthrough this report. The Tambellini Group and its officers, contractorsand affiliates assume no (and hereby disclaims all) responsibility ofany kind, for any advice, treatment or other services rendered by anyvendor or for any other claims that may arise directly or indirectly fromsuch advice or other services.THIS REPORT IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE”BASIS, AND IS INTENDED FOR INFORMATIONAL PURPOSESONLY. WHILE WE STRIVE TO PROVIDE THE MOST UP TO DATEINFORMATION AVAILABLE, THE REPORT MAY CONTAIN TECHNICALOR OTHER INACCURACIES OR TYPOGRAPHICAL ERRORS, AND MAYBE CHANGED OR UPDATED WITHOUT NOTICE.WAIVER OF WARRANTIES. THE TAMBELLINI GROUP MAKESNO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THEREPORT AND ANY AND ALL THE TAMBELLINI GROUP SERVICESPROVIDED TO YOU. THE TAMBELLINI GROUP HEREBY EXPRESSLYDISCLAIMS ANY AND ALL WARRANTIES, WHETHER EXPRESS,IMPLIED, OR STATUTORY, INCLUDING WITHOUT LIMITATION,ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESSFOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ANYWARRANTIES CONCERNING THE AVAILABILITY, RELIABILITY,COMPLETENESS, AND/OR QUALITY WITH REGARD TO THE REPORTAND ANY AND ALL THE TAMBELLINI GROUP SERVICES PROVIDEDTO YOU.The terms in this report will be governed by and interpreted inaccordance with the laws of the Commonwealth of Virginia, withoutregard to the conflict of laws and rules thereof, and may be amendedonly in a writing signed by The Tambellini Group. You agree anyviolation of the trade secret provisions herein may cause irreparableharm and damage to The Tambellini Group. For this reason, you agreeThe Tambellini Group may seek injunctive relief for your breach, inaddition to other remedies at law or in equity, without having to provedamages or post bond. In all court proceedings brought in connectionwith this report and/or The Tambellini Group’s services provided to you,the parties hereto irrevocably consent to exclusive personal jurisdictionby, and venue in, the courts of the City of Richmond, Virginia and theUnited States District Court for the Eastern District of Virginia.TECHNOLOGY SOLUTIONS CASE STUDYConfidential and Proprietary. Contains Trade Secrets. UnauthorizedDistribution is Strictly Prohibited. The Tambellini Group, LLC.
credential programs (including 10 single subject areas), and 4 doctoral degrees. In the 2019 U.S. News & World Report rankings of regional public universities in the West, CSULB is number three. Distributed under the Okta distribut
