Customer Success Use Case

University of Southern Indiana

University Access to Campus Services

Single Sign-On

Description Goes Here

Summary

The University of Southern Indiana used the Cirrus Bridge for single sign-on to quickly enable the implementation of Okta for all CAS authenticated services.

Business Challenge

The University of Southern Indiana (USI) predominantly deployed CAS authentication for access to most campus applications. USI selected Okta as their Identity and Access solution, but Okta does not support authentication for CAS applications. USI wanted to implement Okta as quickly as possible and deploy multi-factor authentication (MFA). Moving 50-60 services from CAS to SAML based authentication would take a significant amount of time and effort and USI wanted to utilize the features in Okta as quickly as possible. USI also needed a solution that would work with outbound firewall rules.

Cirrus Identity quickly engaged with USI to implement a load-balanced and fault-tolerant Bridge solution with a static IP to provide USI time to individually transition and test the CAS to SAML reconfiguration for their campus services.

Some of the services that USI supports with the Cirrus Bridge are: Banner Student Information System, USI Student Portal, Blackboard Learning Management System, AdvisorTrac Appointment Scheduling with RedRock, EZproxy for access to Library, and Visual Zen Orientation software.

Project Goals

Quickly convert existing CAS services and enable MFA with Okta.

Provide USI Identity & Access Management team flexibility and time to reconfigure SAML authentication for applications.

Provide an intuitive login experience for campus users to access systems with different SSO protocols.

Partner with Identity & Access Management professionals so the small IT team at USI could focus on other priorities.

As part of a larger Disaster Recovery strategy, move infrastructure to the cloud for greater availability and redundancy.

How Cirrus Helped

Cirrus Identity quickly engaged with USI on a proof of concept project to integrate the Cirrus Bridge with the CAS authenticated Banner Student Information System. USI supports dynamic renaming of both user names and domains (student/staff). Cirrus and Okta were able to implement the business rules to support the dynamic account renaming.

After the proof of concept, Cirrus Identity provisioned the production Bridge solution with a Static-IP add-on and guided USI through the Bridge configuration with Okta. USI chose to individually transition the services to Bridge to minimize any risk with a DNS “big bang” cutover.

Within three months, USI and Cirrus Identity implemented the proof-of-concept and migrated the first services to production with Okta in preparation to implement multi-factored authentication. Additional campus services were added in the following months. The USI students, faculty and staff experienced minimal down-time and applications using the Cirrus Bridge present the same single sign-on experience as other Okta-integrated applications.

Login Screen

Impacts

"Totally transparent to the end users! There was no impact to them even in the slightest. We didn’t have a good path forward without the Cirrus Bridge. Getting identity and authentication in the cloud greatly improves our disaster recovery preparedness. We were able to retire the ADFS infrastructure and will be able to retire the legacy CAS infrastructure soon."

Richard Toeniskoetter, CIO

Intuitive User Experience - Maintained the same single sign-on login experience for campus users.

Improved Reliability & Reduced Technical Risk - Okta and Cirrus Identity hosted solutions have provided greater reliability than legacy CAS.

Improved Security - The Cirrus Bridge enabled USI to begin the Okta MFA implementation to improve campus security starting with IT and critical departments.

Lower Infrastructure Costs - Legacy CAS infrastructure will be retired after additional incremental projects complete.

"We engaged a lot of consulting services over the years to modernize CAS, now we can do what we need with service tickets to Okta and Cirrus. The Security Operations Center has also reported that significantly fewer hours are required to review reports."

Jim Jones, Senior Systems Administrator

Cirrus Products Used

Extends or translates CAS/SAML for use with Microsoft AzureAD, Okta, Slate or other enterprise services to support InCommon/EduGAIN mesh style federation.

High Level Architecture