Welcome to part two of our series of blogs on Digital Identity solutions for Higher Education.
Click to read part one, where we cover the challenges universities are facing and how implementing Microsoft Azure AD B2C (now Microsoft Entra ID) can address these challenges.
In this blog, we will continue exploring the role Azure AD B2C can play in identity management within higher education institutions.
We will focus on the customisation options offered by Azure, the essential aspect of data security, and the implementation process of Azure AD B2C in the university context.
Customisation and User Experience
In the previous article, we covered the common pain points and challenges shared by universities when it comes to identity management.
However, each institution also has unique processes and user journeys designed for their service users to experience.
The question arises: Can Azure AD B2C provide the level of customisation necessary for universities to differentiate themselves and stand out from the competition?
Plamen Yotov (Lead Technical Architect), in our webinar, expands on the highly customisable nature of Azure AD B2C, enabling universities to create distinct user experiences that align with a university’s brand and messaging.
“The platform offers various customisation options, including branding of their login pages, user interface customisation, and the ability to incorporate custom workflows and business logic into the authentication process. This includes implementing custom validation rules against existing student data stores (such as UCAS data), enabling multi-factor authentication options, and enhancing security features. These customisation capabilities enhance data protection and access control and streamline and personalise the user experience.”
Plamen explains further that external users to a university can include prospective students, alumni, visitors, contractors, external examiners and lecturers, collaborators from other institutions, and short course students. Azure AD B2C enables universities to define different user types or roles based on their relationship with the institution. These roles, such as “applicant,” “alumni,” “visitor,” or “external collaborator,” come with specific permissions and access levels.
For more on managing a single user holding multiple roles with real life examples > in our full video here.
Moreover, universities can leverage Azure AD B2C to control access to specific applications or services based on the user’s role or level of authorisation. This ensures that external users only have access to the resources and services relevant to their job functions or participation in university activities. With the ability to grant multiple roles to a single user, Azure AD B2C helps universities manage complex scenarios where individuals may have multiple affiliations or roles within the institution.
Azure AD B2C helps ensure data is safe and secure
In an increasingly digital world, data security and compliance with regulations such as the General Data Protection Regulation (GDPR) are paramount concerns for universities.
“We know from speaking to universities that they often have over 100,000 applicants each year but of course, not all of these applicants will go on to become students and therefore part of the university ecosystem. How do we make sure we’re GDPR compliant and ensure that these unsuccessful applicant accounts are managed in line with the legislation?”
prompts Fiona Edmond, IAM lead for Higher Education at Condatis.
To ensure safety and security of data and to comply with GDPR:
- Azure AD B2C securely stores and manages data, employing access control and encryption. Therefore universities can provide applicants with a clear process for submitting data access and deletion requests. Azure AD B2C facilitates a timely and compliant fulfilment of these requests, integrating with other systems through APIs.
- Automated account deletion workflows can be implemented, ensuring that unsuccessful applicant accounts are managed in line with GDPR requirements and personal data is not retained for longer than necessary.
These measures significantly reduce the risk of unauthorised access to applicant data and ensure that personal data is not retained longer than necessary. By leveraging the capabilities of Azure AD B2C, universities can safeguard applicant information, maintain compliance, and promote data privacy and security.
Implementing Azure AD B2C
While discussing the implementation of Azure AD B2C, Fiona highlights the hesitation universities often have when considering the migration process. If this is something your institution is also discussion, Plamen assures that Azure AD B2C can be built on top of existing systems and processes, integrating seamlessly with various identity management systems, including on-premises Active Directory and cloud-based identity providers.
The platform offers a range of APIs and connectors for integrating with custom in-house applications and systems. This coexistence allows universities to take gradual steps toward achieving their end goal without requiring extensive redevelopment or reconfiguration.
Enhancing the student experience and centralising data through Azure AD B2C offers numerous benefits for universities, including streamlined processes, reduced manual tasks for staff, and cost savings. With the flexibility and customisation options provided by Azure AD B2C, universities can differentiate themselves and provide a superior user experience to their diverse user base.
Explore your options with us
In closing, at Condatis we emphasise the importance of taking smaller, manageable steps when implementing identity and access management solutions. Our team of experts assist clients in planning and executing a phased approach tailored to their needs and priorities.
We are happy to share use cases with your university staff to demonstrate real-world applications of the technology discussed. We will demonstrate how Azure AD B2C can automate onboarding processes, create student and alumni accounts, and ensure effective communication with alumni while preserving their privacy.