KU Leuven

Flexibility and automation needed for future success

With its strong international focus, KU Leuven attracts many international students and post-grad scientists to its innovative research programs. It also maintains strong bonds with Belgian colleges, as many students attend both KU Leuven and a college for specific courses. Historically, if a student enrolled in both, they would be given separate user credentials for each institution. Leen Van Rentergem, Manager ICT Services at KU Leuven, wanted to change this: “We had a home-grown Oracle-based account management system. Although this had served us well, its scalability and integration capabilities were limited. Only one developer had the necessary expertise to manage the system which obviously left us exposed. Integrating with partner organizations is key to us, so that we can streamline access rights for our students and staff, and exchange data with our partners. Higher education and scientific research is a competitive field where ease of use and speed can make a real difference to a user’s experience.”

Scalability and flexibility is crucial for a university’s success. The automation we have introduced with Identity Manager gives us a competitive advantage and enables us to support such a complex, distributed, and differentiated environment with a relatively small IT team.

KU Leuven attracts nearly 60,000 students but including the 13 partner colleges this number exceeds 100,000 students, supported by over 20,000 staff members. A robust identity and access management solution is needed to manage a student lifecycle and learning environment with major turnover at the same time each year. “We looked for an open and flexible solution which would give us advanced integration opportunities,” comments Leen. “We wanted it to be cloud-ready as Azure integration was on our horizon at the time. Most importantly, and why we felt Identity Manager is such a good fit for us, we wanted to apply our own business logic to the processes and remain in full control. With a small IT team, automation is key to our scalability and responsiveness, and we were impressed with Identity Manager’s capabilities.”

Event-driven identity manager crucial in fluid environment

KU Leuven needed automation to process accounts fast and assign the correct access rights to each new account, thousands at a time. In parallel, effective account deprovisioning is crucial too, to ensure full security. Streamlining the user experience involved connecting and simplifying central IT systems containing large group accounts and decentralized domain-specific environments. Following its implementation Identity Manager provides event-driven identity management with every change causing a real-time effect. The flexible role-based granularity within Identity Manager adapts in real-time as people change roles or status in the fluid environment of grants, bursaries, and research projects. Identity Manager closely integrates with the SAP-based HR and student administration system to seamlessly facilitate this.

Without the flexible control provided by Identity Manager, our 120,000 students and staff would have to juggle separate user credentials for up to 20 different accounts. Instead they have seamless and personalized SSO access to all the facilities they need.

New students enroll online through the SAP system. This data is shared with Identity Manager to create an account based on the source information. Correct access rights are assigned and dynamic group membership is triggered based on business rules, integrating with AD and LDAP for specific attributes. Account provisioning is instant and seamless. Philip Brusten, Teamlead Competence Centre Information Security for KU Leuven, describes the wide reach of Identity Manager: “At an IT level we ensure the correct rights are assigned so that a new student or staff member has immediate single sign-on (SSO) access for every service or facility they need. The fine-grained rights controls are domain-specific and delegated to the individual process owners, in a decentralized model. For instance, a librarian can manage user rights to particular magazine subscriptions, or sections of the library, via a user-friendly interface. Similarly, our facilities colleagues can assign parking spaces to certain students or staff and create visitor badges with direct access to specified facilities, such as a laboratory, guest WiFi, or catering services. This granularity gives us unprecedented cost control and traceability which is helpful in audit situations.”

Competitive advantage on the academic world stage

“We are very proud of what we have achieved,” says Leen. “Without the flexible control provided by Identity Manager, our 120,000 students and staff would have to juggle separate user credentials for up to 20 different accounts. Instead, they have seamless and personalized SSO access to all the facilities they need. In the higher education sector this is still quite unique and a real differentiator for us on the international stage. It also meant we were ready for COVID-19 when this hit the world in March 2020. With flexibility we quickly pivoted to an online learning environment, ensuring our students and staff could continue their work uninterrupted.”

She concludes: “Scalability and flexibility is crucial for a university’s success. The automation we have introduced with Identity Manager gives us a competitive advantage and enables us to support such a complex, distributed, and differentiated environment with a relatively small IT team. We look forward to our continued partnership with Micro Focus (now OpenText).”