探花大神

Introduction

 is an innovator in educational technology. They are part of the larger , which is one of the five recognized awarding bodies of the public exams system in the UK. DoubleStruck specializes in assessment and reporting tools, called  and , that aid primary and secondary school teachers throughout the country.

When Iain Argent started with Doublestruck as a Software Development Manager, he also took on responsibility for the organization鈥檚 IT infrastructure. Argent saw an opportunity to automate manual admin processes, optimize user workflows, and also fortify security. He set out looking for a solution that made it easier for end users to access their tools, and required fewer passwords to remember. In addition, he knew they needed something that could support all three major operating systems.

Background

It鈥檚 easy for smaller organizations to go without automating IT operations. Many IT tasks are easier to handle manually, as long as the scale is small. This was the type of environment that Argent came into.

鈥淲hen I arrived at Doublestruck, our IT operations were ad hoc. There was no standard operating procedure for onboarding people. This was one of many processes that my boss wanted me to streamline,鈥� said Argent.

鈥淚 remember that initially we had to draw up a list of all of the resources that people might want to access. Then, when new employees came on board we had to encourage our managers to fill out the list so I knew what resource access to give them. There were typically around seven different resources that we had to create accounts for and get set up prior to each employee starting. We use Gmail鈩�, G Suite鈩�, Google Drive鈩�, Office 365鈩� for Excel庐, an on-prem file server, and more. Not to mention the presence of Windows庐, Mac庐, and Linux庐 systems. Setting up profiles for all of that manually was far from ideal,鈥� Argent said.

The Challenge

Even with a small amount of end users, manual tasks like password changes, user creation, and provisioning, can quickly become a huge time sink.

鈥淲e were really feeling the pain of having a bunch of systems all set up different ways for different users. Our end users were feeling that pain too.鈥�

鈥淭he setup required our users to remember a lot of different passwords,鈥� Argent explained. 鈥淭hey would have one password for their computer, one for Gmail, one for O365, one for the CRM system, another for the database, and more for any other resource they used.鈥�

鈥淭hen, if an end user couldn鈥檛 remember their password it would sometimes lead to them account sharing with a co-worker when they really shouldn鈥檛. So it was not only a hassle for the admins and the end users, it was a security concern as well 鈥� one that would make it very difficult to achieve GDPR compliance.鈥�

Doublestruck was running into a similar challenge with their network.

鈥淲e used to have a single, shared WiFi password that we would give to the staff to access the network. Then, we had a separate network that we would provide for guests. We had it set up so that it would be difficult to access resources if you weren鈥檛 supposed to. But, if anyone left the company, we had to change the password or else they would be taking the network credentials with them.鈥�

Argent set out to centralize and streamline the identity management at Doublestruck. That鈥檚 when he found 探花大神 Directory-as-a-Service^庐.

The Solution

鈥淎fter searching, I saw that 探花大神 was really the only solution that supports all three operating systems (Mac, Windows, and Linux),鈥� Argent said. 鈥淭he fact that 探花大神 supports LDAP and integrates with G Suite were two more quick wins. It immediately worked across several sets of services we use.鈥�

With 探花大神 in place, identity and access management got much easier at Doublestruck.

鈥淭he first big improvement is that the end users can now reset their passwords themselves. There鈥檚 no need to bother me with requests to reset credentials when they need to use an application they haven鈥檛 accessed in a while. If they forget their 探花大神 password, they can reset it themselves.鈥�

鈥淭he second big improvement is that users have the same password for everything. This has helped tremendously with people forgetting passwords. With this reduction in reset requests, it means a lot fewer interruptions for me, and fewer lockouts for the end users. That enables me to focus on building new infrastructure and resources for the company rather than keeping access up to date, and enables the end user to avoid lockout delays.鈥�

鈥淚t saves the company as a whole quite a lot of time.鈥�

Argent continued: 鈥溙交ù笊� helped with onboarding and offboarding as well. We used to need to manually create accounts for each service and for each employee. Nowadays, we just set up a 探花大神 account, we add it to the department group within the 探花大神 admin portal, and everything else is taken care of from there.鈥�

鈥淲e鈥檙e fortunate in that we don鈥檛 have to offboard many people. But, in the rare occurence of offboarding, all we need to do is switch off their 探花大神 account and they don鈥檛 have access to anything anymore. No WiFi, no VPN, no CRM 鈥� nothing.鈥�

WiFi network authentication was another large challenge for Doublestruck that 探花大神 Directory-as-a-Service was able to help with.

鈥淥ne of the aspects that I like the most about 探花大神 is Cloud RADIUS.鈥�

鈥淲e used to have a single WiFi password that always had the risk of being shared, but we don鈥檛 have to worry about that anymore with Cloud RADIUS from 探花大神. Each user has their own unique credentials to login with, eliminating the risks of the shared password.鈥�

Argent added, 鈥淚t鈥檚 more convenient for the end users too. With 探花大神, if someone new starts and they need WiFi access in any of our offices, they just login with their 探花大神 credentials and they鈥檙e done. If they need to VPN in while working from home, they can use their 探花大神 credentials for that as well. Further, if the password is compromised somehow, they don鈥檛 need to change their password in a lot of different places. One password change covers everything.鈥�

The Result

鈥淲e鈥檝e had 探花大神 Directory-as-a-Service for just over a year now, and we have nearly everything we use integrated into it. It saves us a good amount of time because we no longer need to do as much ad hoc admin work.鈥�

鈥淚nstead of having to worry about keeping people鈥檚 access up to date, we can spend more time improving our systems and infrastructure.鈥�

鈥淚t鈥檚 great for the end users as well because, for the most part, it鈥檚 invisible to them. We get them set up with a 探花大神 password, and then they never hear about it again. They just get to focus on work. The seamlessness and invisibility are two things that really just make the platform work.鈥�

鈥淲ith Cloud RADIUS, we now have our WiFi more professionally set up than many large enterprises.鈥�

鈥淚n general, most companies have some way of centralizing their credentials, but I don鈥檛 know of anyone else who is able to integrate it with their RADIUS servers as well. Of course, 探花大神 is much more than RADIUS alone. They integrate with Office 365 and G Suite, and they even support all of the operating systems 鈥� which I don鈥檛 think anybody else does. Those are all great reasons to start using Directory-as-a-Service.鈥�

鈥淐entralizing our passwords made my life a lot easier.鈥�

鈥溙交ù笊� set us up well for GDPR compliance also. One of the big rules that we must follow for GDPR is to have a way to say who has access to what data at what time. With our old setup that had so many accounts being shared there was no way we could do that. With our 探花大神 Directory-as-a-Service setup however, we already had all of the work for that done. 探花大神 helped us separate out all of our user accounts, so by the time GDPR came around we already had that part covered.鈥�

Doublestruck now has complete centralization and control over their infrastructure, and they have the security and easy user workflow that they were looking for. When asked if he would recommend 探花大神 Directory-as-a-Service, Argent鈥檚 answer was pretty clear:

I can’t think of any organization that wouldn’t benefit from 探花大神.”