Edinburgh Napier University: Unified, Seamless Single Sign On
Edinburgh Napier University is a globally renowned institution, with over 18,000 students from over 109 countries. Founded in 1964 and based across three campuses in Edinburgh, the university’s vision is to deliver an unrivalled student learning experience.
The university had an existing enterprise SSO solution, but mainly due to a lack of the necessary skill set to work with this product, adoption had been limited to a small number of external applications; the university implemented other solutions to provide SSO so some internal systems, but coverage was incomplete and the user experience was not ‘joined up’.
Having made the decision to replace this with a single technology to provide Single Sign On across all of its applications for all of its users, the university went to the market to find a replacement solution.
Having gone through a tender process, the university narrowed down to a shortlist of SSO providers. These companies were than invited to participate in an onsite Proof-of-Technology exercise, to prove that the proposed solutions would fully meet the university’s needs. Of the companies involved, ProofID was able to demonstrate full compliance with the requirements within the given timescale, and accordingly the university selected this solution, based upon PingFederate and PingOne from the market leading SSO vendor, Ping Identity.
A key aim of the project was to extend SSO to as many applications as possible, to provide a ‘unified SSO’ experience; the university was operating three SSO technologies covering different categories of applications (internal external and UKAMF), so it was essential that SSO could be provided to all applications via PingFederate. Also, the university wanted ‘seamless SSO’ where possible, meaning that once a user had authenticated to their computer, there would be no need for further logins.
An instance of PingOne, hosted by Ping Identity, was configured to provide an ‘application launchpad’; this was a key part of the solution, as James Blair, Head of Applications Systems Group at the university explains:
“The PingOne ‘launchpad’ was one of the main things that got me interested in ProofID’s solution; PingOne gives us a way to remove part of our locked down student portal service, as it will only provide access links to logged on services. That’s a real win for us.”
The solution was deployed into production in a resilient and redundant configuration across fifteen days in October and November 2015. In the initial phase, SSO was provide to five instances of Moodle, Office365, Papercut, Webex and EZProxy, with additional applications to follow in a later phase. The PingOne Launchpad for students is scheduled to go into production before Christmas 2015.
The integration went well, with PingFederate’s wide array of integration kits proving crucial in enabling federated SSO with applications, common in the Higher Education sector, which do not natively support a recognised federation protocol; for example the Apache Integration Kit was the key to providing SAML based SSO to Papercut.
James Blair shares his overall thoughts on the deployment:
“The integration with our systems went well, and the system is very quick at logon. We’re very pleased with how the project has gone, and we’re looking forward to integrating our remaining applications.”
Tom Eggleston, Managing Director of ProofID adds:
“Modern universities have a very complex and diverse range of applications to support; the key to implementing SSO successfully in such an environment is support for standards and broad integration capabilities. PingFederate does these better than any other solution, and has been shown across many deployments now to be the best fit for Higher Education.”