27 Apr, 2021 | 3 min read

CIAM for higher education: a win-win

  • Gomathy Kumarakuruparan
  • Technical Writer - WSO2

Image by Naassom Azevedo from Pixabay 

All universities strive to become major players in today’s knowledge-based economy. However, they face increasing competition from modern learning platforms—which not only provide a vast number of independent courses but also online subject matter from some of the world’s top universities. These challenges can in fact be turned into new opportunities. 


According to Forbes, the online education market is estimated to be $350 billion by 2025. According to Statista, 49% of students worldwide enroll themselves for online courses. This means that universities cannot depend on their conventional enrollment and learning methods for long. However, as they adopt online learning and management platforms, maintaining access and security becomes key. 

Security and data breaches are not rare instances anymore. When the IT networks at the University of Maryland were hacked in 2014, the incident exposed several student records, resulting in a $6 million compensation. Moreover, 54% of universities in the UK have reported one or more cyber breach incidents from 2019 to 2020. 

The faculties and courses offered in universities are no longer firmly set. A student can opt for subjects according to their interests from different departments, faculties, and even other affiliated universities. This means that the student should be (ideally) granted access to specific courses in different disciplines. This is just one of the many knowledge management scenarios a university needs to deal with on a daily basis. 

Modern universities need a Customer Identity and Access Management (CIAM) solution to handle security and also manage these increasingly dynamic learning platforms. 


CIAM addresses three main elements to support universities in this paradigm shift. 

No organization can solely rely on its knowledge or resources anymore, especially with an expanding customer base. This is why most organizations believe in open innovation. The primary objective of a university is to provide a world-class education. So, setting up an in-house team to handle technical issues can cause management to deviate from this goal. The right thing to do is to collaborate with experts who know what they are doing when it comes to building and scaling efficient and custom CIAM solutions. It is time that universities get into the co-creation culture for both cost and efficiency benefits.

Knowledge management is the very basis of a learning-based CIAM solution. Providing timely access to several applications with the least effort; having a clear record of the students, staff, and their general and access information; and granting the correct permissions to access courses and information based on various enrolled options or designations are some of the tasks a CIAM solution can manage. 

Information and communication technology has guaranteed universal access to education. Digital platforms have made it possible for anybody who aspires to learn to do it, irrespective of the geographical location, age, and sometimes even prior knowledge. The more the information, the more important the access and security features of the applications that hold it become. This is where CIAM comes into play. Many universities follow the “bring your own device (BYOD)” mode. CIAM can easily handle the tricky part of monitoring the learning-related access and activities on these personal devices. CIAM also mitigates cyber attacks such as phishing, man-in-the-middle attacks, and brute force attacks. 


Students and staff can benefit from the different features in a CIAM solution. While a solution should ideally be exclusive to customer needs (i.e., the student in this case) in its primary state, it should still be able to act as an efficient IAM solution that provides benefits to staff as well. 

The 3 S’s for students

Self Reliance

With CIAM, students don’t have to wait to be enrolled by a staff member. Self registration is a convenient way for students to register by themselves. This is quicker than requesting an administrator to do it. Password management tasks, including recovering a forgotten password or username, or changing the password on expiry, can be performed by students themselves. This will significantly lessen the load on admins as well, who will have time to spend on other critical tasks. Hence, this is a two-way advantage.

Apart from this, a student can also choose to log in via a federated authenticator like Google or Twitter instead of going through the hassle of signing up in several applications with new credentials. 


Most students do not want their knowledge to be confined to one discipline. They appreciate versatility. The student might need to access different learning platforms in the university based on their course preferences.

Students also need to access a number of other applications to access different amenities provided by the university. For example, they might need to check for reference literature from the online library, choose their meal plan if they are boarded within the campus, or sign up for free transport. It is a nightmare to remember credentials for all these applications, as well as extremely time-consuming. Single Sign On feature in CIAM solves this and lets students log in to several applications using the same session with enhanced security. 

Once logged in, the application should be able to only show information that is relevant to that particular student. For example, if the application shows all the courses offered by the faculty to a student who has enrolled in only one course, it is not user-friendly to the student. Moreover, certain staff members should be granted permission to modify the learning materials while the students should only have view access. CIAM manages scenarios like this using Role-Based Access Control (RBAC)


Student logins should be secured. For this, discrepancies need to be monitored and accessing the application should be made more challenging. For example, a student might suddenly log in from a different geographical location or from a different device. In this case, to make sure the user is who they claim to be, CIAM uses a feature called Adaptive Authentication, a form of multi-factor authentication that is applied only when there is an additional level of security required. 

Apart from this, student data that is stored within the applications should stay protected and unexposed at all times. There are a number of data regulations in place today depending on the state or country of operation, such as GDPR and CCPA. Not adhering to these can lead to heavy fines as well as a damaged reputation. 

The 3 A’s for staff members


Staff members are assigned several tasks based on their roles. Checking if they have successfully completed a day’s task with each and every one of them is unrealistic. This can be solved using workflows in CIAM. Staff members can be assigned tasks and staff can update their progress on each particular task. They can also re-assign it to another member or seek help from somebody. Once a task is complete, it can be validated, and approved or rejected by the assignor. This way, the performance of all staff members are monitored within the application itself. 

The security compliance features ensure that the staff members are given access to operations based on their skills and positions in the university. For example, payments will be processed only by the finance department. Information on financial transactions is hence hidden from the other members. 


Workflows can also be used to assist students with various ad hoc requests such as leave approvals and project approvals. A CIAM solution with extensibility is also useful to integrate with other departments and universities for an expanded knowledge base. Storing and modifying learning material across these disciplines can also be managed via CIAM. 

Provisioning and de-provisioning cannot get easier than this since student profiles can be easily activated and deactivated with CIAM. A batch of students can automatically be removed after the completion of a course as well.


A lot of data regulations require precise auditing of the consents provided by students, student information stored, etc..This is supported in CIAM solutions. Students can be given data that the university stores in their applications when a request is made by the student. A log of student and staff activity can easily be extracted in case of other scenarios too. 


The modern education landscape is one that is evolving rapidly, with educational organizations focusing on digital transformation initiatives and new technologies. CIAM is therefore becoming an increasingly vital part of IT architecture.

A CIAM solution can vastly improve the quality of the core objectives of an organization. It can make things more convenient, user-friendly, fast, and affordable. CIAM solutions go beyond just the access factor and hold the capability to manage and extend applications with immense security.