West Coast R1 Public University
Guest Access to Canvas Learning Management System and ServiceNow ITSM System

Social Login
Description Goes Here
Shared Services
Description Goes Here
Hosted Identities
Description Goes HereSummary
This R1 transitioned 1,000+ guests to access 400+ systems including Canvas and ServiceNow using the Cirrus social login and hosted identity solutions.
Business Challenge
This large R1 public university did not want to continue to invest in further development of features for their existing Guest Management system and needed to improve reliability and reduce technical and service desk support costs. They decided to leverage the Cirrus Identity social login and hosted identity solutions. This allowed improved automation of the process for sponsors to request and manage access for thousands of guests who access over 400 websites and applications on campus including Canvas and ServiceNow. By providing a non-social hosted identity option, the university was able to create access for international students that are unable to use some social providers. The end result is that this university was able to retire their legacy guest system infrastructure, reassign development to higher priority projects while also reducing support costs.
Their initial use cases was to reduce the overhead associated with the Guest Management that allowed Instructor sponsors to request access to their Canvas LMS for guest lecturers, visitors or some students. Guests can now follow an intuitive process to select either a Google account/password or a branded “Other Login” option hosted by Cirrus Identity. After the initial Canvas implementation, over 400 other applications and websites were also able to benefit from the new guest management system.
Project Goals

Simplify the IAM environment, improve reliability, add features and retire legacy solutions

Partner with IAM professionals so the small IT team could focus on other priorities

Maintain an intuitive login experience for sponsors and their guests

Reduce technical and support operational overhead by improving guest access automation and features

Ensure existing guests maintain their systems access in a smooth transition to the new guest system
How Cirrus Helped
Cirrus Identity partnered with this campus to determine the implementation approach to retire the existing Guest Management system. To prepare for the Cirrus implementation, the campus first revised the guest attribute design in their Person Registry.
Once the registry work was complete, Cirrus and the campus deployed and configured the Gateway, Account Linking, Invitation, External Identity Provider, Proxy and modified the custom integration with LDAP. The campus developed documentation for sponsors and guests and Cirrus helped with a smooth transition from the legacy guest account conversion to social login or the Cirrus hosted identity. The campus rolled out the new system and processes by cohort over 4 months and retired the legacy system at the end of rollout. All applications that allow guests can use the CAS SSO login screen.
Guest Login

"It’s a lot easier for the users and the sponsors!"
Data Analyst

Intuitive User Experience - Service requests are down 35% compared to last year. 1000’s of users transitioned and retained existing access to systems.

Reliability & Technical Risk - Hosted solutions have provided much greater reliability and stability.

Faster Solutions for Technical Gaps - New features have been implemented and now over 400 applications/websites use guest logins.

Infrastructure Savings - Legacy infrastructure has been retired - saving $2,400 annually.

Support Savings - The Service Desk is saving over 50 hours a year (over $2,500 annually).Description Goes Here

Developer Savings - Over 100 hours of a Sr. Developer time (over $7,000 annually) for maintenance has been redeployed to other priorities. Months of development time were saved in not reengineering the existing system.
"I don’t pay much attention to it because there is not a reason to pay attention! It’s always very nice to know that it will be there working. "
Identity & Access Manager
Cirrus Products Used

Identity Provider Proxy
A single identity provider endpoint that supports federation with multiple identity providers and protocol translation.

Account Linking
Link external identities from social login or our external identity provider to your organization’s identifiers.

External Identity Provider
A non-social login option. Use our identity provider of last resort or brand your own external identity provider.
High Level Architecture