In education, one person is an applicant, then a student, often a worker or researcher, then an alum — and their access has to keep up at every step, for decades, across IT that's spread among colleges and departments. We govern that whole lifecycle, protect student and research data, and help you prove it under FERPA.
See how we help →In most sectors, a person joins, holds a job, and leaves. In education, the same identity can be an applicant, a student, a teaching assistant, a researcher, an employee, and an alum — sometimes several at once — and the institution keeps a relationship with them long after they graduate.
Underneath that sits decentralized IT: colleges and departments running their own systems, federated logins to hundreds of applications, shared lab machines, and student records and research data that FERPA and funders expect you to protect. Access changes constantly, and the place it breaks is the transitions.
A campus identity rarely starts or ends cleanly. It changes role over years, and every transition is an access change waiting to be missed.
Limited, time-boxed access to portals before they ever set foot on campus.
Email, the LMS, library, labs, and registration — scoped to their program and year.
Administrative systems, grading, research data, HR — often held alongside a student role.
Access that downgrades for life — not left lingering over-privileged, not abruptly cut.
From the day they apply to long after they graduate — the right access at every step.
We tie provisioning to your SIS and HR systems and grant access by role and program, so access changes the moment someone's status does — applicant to student, student to staff, staff to alum — and handles people who hold several affiliations at once. Access reviews keep it honest, and graduation downgrades access instead of leaving an open account behind. This is our identity governance work.
We vault and monitor the privileged access behind your SIS, research and high-performance computing systems, and the databases that hold FERPA-protected records — bringing the scattered admin accounts across departments under least privilege and session control. This is our privileged access management work.
Colleges and departments each run their own systems, and that's not going to change. We operate identity centrally across them — keeping federation and single sign-on consistent and the FERPA-relevant controls current — so autonomy doesn't mean fragmented, unprovable access. This is our managed IAM work.
Across teaching, research, and the identity backbone that connects them.
Platform names are trademarks of their respective owners. Use does not imply partnership, sponsorship, or endorsement.
Book a free identity security audit — we'll reach out to scope it, review your environment with you, and deliver your findings. No cost, no obligation.