Customer Success Use Case

East Coast R1 Public University

Hospital Access to Campus Services

Single Sign-On

Description Goes Here

Shared Services

Description Goes Here

Summary

This R1 university simplified access to services shared with the affiliated hospital system.

Business Challenge

This university has two separate Identity Providers of accounts/passwords - one for campus and one for the affiliated hospital system. Keeping accounts separate helps maintain strict HIPAA compliance requirements for the hospital system and reduces the number of accounts that the campus needs to manage. Not having to create campus accounts for everyone in the hospital system saved on licensing for the campus. However, the outcome of having separate Identity Providers is that teaching faculty, students in residency and others at the hospital, have two accounts. For these users, the university and hospital system wanted to maintain a unique identifier linked to their credentials, and configure access for services to the unique identifier for a streamlined login experience.

The essential applications/services that are shared with the affiliated hospital system include: Library services, a customer relationship management system, classroom scheduling, automated malware analysis, a financial system and study abroad applications. More applications are continuing to be added including a contact tracing system for COVID-19 safety.

The primary objective was to easily provision access to essential campus services to the affiliated hospital system users while making the login process intuitive.

Project Goals

Maintain access, reduce friction and deliver a seamless login experience for university and hospital system users

Partner with IAM professionals so the small IT team could focus on other priorities

Reduce friction and deliver an intuitive login experience

Reduce technical and service desk support overhead and licensing costs

Ensure existing access is maintained for a smooth transition

How Cirrus Helped

Cirrus Identity partnered with this university to implement Cirrus Identity Account Linking. Users that have both a hospital system account and campus account are linked and associated with a unique identifier. All the matching work to assign a unique identifier was pre-populated and tested before cutover for a smooth rollout.

When a hospital system user logs into one of the essential shared campus services that have been configured in the Cirrus Proxy, their unique identifier is passed to the service for authorization. It doesn’t matter if they have an active hospital system session or campus session because the same unique identifier is passed to the campus service for single sign-on.

Some of the essential campus services that needed to be shared with hospital system users were setup with the CAS protocol for authentication. Cirrus helped configure a CAS Bridge to the Proxy to make this seamless for the users.

For a smooth transition, passwords were synced for those that had both a hospital system and university account. Hospital system and university users have an intuitive and consistent login discovery screen to authenticate.

Login Screen

Impacts

"Lowered identity management overhead between the university and the hospital system - less support, less licensing - for both. We can do more with limited resources because we are using a consistent way of delivering the service. We gained capacity to support other security initiatives. It opened up possibilities for future groups that would need a more complex access solution."

Chief Information Security Officer

Intuitive User Experience - Much easier for the hospital system users to access essential services. 3,000 users transitioned and retained existing access to systems.

Repeatable Solutions for Access - Now over 10 applications/services allow access based on either the campus or hospital system account and it’s easy to add more!

Reliability & Technical Risk - Hosted cloud solutions have provided reliability and stability. There is a strong partnership with Cirrus.

Infrastructure & Licensing Savings - Legacy infrastructure has been retired and licensing costs were minimized.

Support Savings - Easier to provide support with a simplified environment

Developer Savings - Developer time is now spent on higher priority projects.

"Enabled the hospital system to control their own population and not have to go through the campus as the middleman."

IAM Developer

Cirrus Products Used

Link external identities from social login or our external identity provider to your organization identifiers.

A single identity provider endpoint that supports sophisticated attribute capabilities, federation with multiple identity providers, and protocol translation.