Murdoch University blazes trail for tertiary sector with cloud-based identity and access management

Murdoch University is Australia’s pioneer user of Microsoft Azure Active Directory Premium (AADP) in the Higher Education sector. It’s acting as a beacon for other universities which also want to implement a leading-edge cloud-based identity management solution in order to future proof their digital ecosystems.

Working closely with the Council of Australasian University Directors of Information Technology (CAUDIT), the Australian Access Federation (AAF) and Microsoft, Murdoch University is crafting a framework that could be leveraged by other universities seeking to modernise their own identity and access management.

Managing secure access and identity continues to challenge Australian universities which routinely need to tackle secure systems access for tens of thousands of students, academics and professional staff.

Murdoch University had previously developed its own bespoke identity management platform. While this may have been suitable for its past requirements, it is not sustainable for usage long term as it doesn’t offer the secure standards, flexibility and risk management that Murdoch needs for secure digital foundations.

With Murdoch’s plans to introduce new technologies increasingly expected by students and staff, such as multi-factor authentication and fingerprint or face identification, the university looked to leverage Azure Active Directory Premium (AADP) as a new identity management platform to support remote users as well as its 23,000 students and 1,700 staff spanning Australia and its geographically dispersed campuses (Dubai, Myanmar and Singapore).

Replacing an identity management platform is however not a trivial exercise – especially when the legacy identity management solution comprises a number of components and technologies built over many years and has been hardwired into 450+ applications.

To minimise risk and disruption, Murdoch took a phased approach, which kicked off with a proof of concept using Microsoft’s Identity Protection and Access Management platform, AADP.

Alex Tegg, Murdoch University’s Associate Director of Planning and Governance, explained that one of the first steps involved was creating a translator between the legacy system and AADP.

“You cannot migrate 450 applications at the same time. The gateway is the translator that allows the existing applications to continue to function, and allows those applications to talk to Azure ADP,” said Tegg.

He expects that the legacy system and AADP will exist together for the duration of the application migration, expected to run through 2020. Of course, AADP will immediately reduce the friction associated with spinning up and providing access to new applications, reducing this in most cases by an order of magnitude with many applications starting to support Azure ADP integration out of the box.

This is critical for Murdoch as it embarks on legacy system integration and broader migration of its computing systems to the Azure cloud with support from Azure integration services.

According to Tegg; “Having our cloud infrastructure, identity and integration capabilities all in that same Azure ecosystem is regarded as a critical advantage over utilising separate platforms for each.”

Murdoch has also leveraged the Azure Active Directory B2C platform for social identity. In addition it is using Microsoft Identity Manager (MIM) to replace its large number of legacy scripts for identity lifecycle management for students fed from Callista (Murdoch’s Student Management System) and for staff.

Unified access management was also critical to the University’s plans to leverage the wider Office 365 collaboration platform (SharePoint, Teams, OneDrive) to promote greater communication and collaboration between students and academics. “That merger of the two tenancies – staff and student -into a single environment was critical to allow us to have one single identity platform, and to enable seamless collaboration between the student and staff cohorts, we had to bring in everyone,” said Tegg.

“AADP authentication works in one tenancy – if we had continued with the separation of staff and student tenants this would not have worked.”

Leveraging existing licenses that Murdoch University obtained through a CAUDIT enterprise agreement, its identity vision became a reality.

When Murdoch first developed its proof of concept (PoC) some of the elements of AADP were still in product preview.

Michael Grant, Director of IT Services and Deputy Chief Operating Officer, lauded the support that Microsoft delivered during the PoC. “This is a maturing product and Microsoft has been taking on board our suggestions and helping us resolve issues, helping us lead from the front. That has been a great benefit of working together.”

To support the engagement CAUDIT provided Murdoch University with additional support via Microsoft Premier Support – which delivered the consulting services, subject matter and product expertise across the PoC and into the implementation to get the solution up and running.

For CAUDIT it’s an investment in the future of the entire university sector, as many other institutions are taking a close interest in what Murdoch has achieved according to Tegg. “We have had extensive interest from both CAUDIT and the AAF which works across all Australian and New Zealand universities. We have presented to them and evangelised what we are doing and the capabilities of the platform. There was significant interest with many of them talking about their own plans in this area that are similar to what Murdoch has done.”