Skip to Content
Author's profile photo Bernhard Escherich

Better services in higher education? Without Identity Management: no chance!

 Real innovations solve business needs

For me the real interesting technology innovations are the ones by which we can solve business needs. In the last months you can observe a real good example in the higher education industry: SAP Netweaver Identity Management.
It is interesting that these projects are mainly driven by the IT departments but the areas concerned with a better service for students and teachers. The FU Berlin just recently presented very interesting insights in his IDM implementation at different customer events.

Fierce competition in higher education requires better services

Universities and other institutions in the education sector know that they are in a fierce competition for the best students, the best professors, and not least financial resources.
Most of their customers (teachers, students) are very demanding and they are using the latest IT at home (digital natives). Just think of universities beginning to give each new student an iPad for free. So it is not acceptable for these students to fill in five or more different paper applications for the various IT systems of a university (network access, email, Student Lifecycle Management System, Library System, Faculty leave system). Rather, they expect their access ready to work up from the first minute this on the campus already.

Identity management as a strong backbone

The slide below describes the process by which universities can achieve this goal:  image

The entire process of applying for a university and the enrollment is on the Student Lifecycle Management system. These are precisely the data that are needed to create a user for the students. Thus, the data to the central identity management system, distributed and there created an identity for the student. As far as possible, the necessary technical roles are assigned, for example, a user of the library or a user for the computer systems in the data center, depending on the field.
The important thing is that unlike many companies, the individual faculties very many rights regarding your IT strategy and the selection of their systems (freedom of research and teaching). So does the architecture also includes a faculty level, where either Directory Services or separate instances of identity management systems implemented. While this supposedly leads to an increased expense, the gain by a high level of acceptance and avoiding political conflict is very high.

What is true for the SLCM can also be done for the employees from the HR system.

At each university there are a lot of visiting scholars who also need a very good service. Up to now also these processes need to be started via paper formulas. Here the self service components of the IDM system facilitate the whole process. The visiting scholar applies for the access to the university systems by herself. In order to create the identity an approval by the responsible professor is needed and is triggered via the connecting workflow processes.

The first wave of universities  is already live or starting their implementations. But its still a very huge field with a lot of opportunities. I am quite sure that the release of EhP5 will even accelerate the growth in this area with enhanced functionalities. But this will be covered in other blogs.

If you are at the SAPPHIRE now in Frankfurt I will be happy to discuss this topic in more detail and share our experiences.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member
      Hi Bernhard,

      We're currently implementing IDM to address some of these same requirements. We'll be sure to share our experiences and feedback on BPX and SDN as we go.

      We're currently analysing all our existing account lifecycle management processes and interfaces across all our systems which will ultimately be provisioned by SAP IDM.

      It's proving to be an interesting, complex and rather large project.

      Our fist stage will be to implement IDM which will provision Windows Active Directory and Exchange Email accounts directly from IDM.

      Subsequent stages will move other systems over to IDM.

      The golden sources for our student identities will be at student application stage captured from our existing Student Records system (non-SAP) via SAP PI interfaces.

      Staff accounts will still be created from paper forms, but soon we hope that HR will be creating staff records in HR before staff members actually arrive on day 1.

      We do have issues around where our golden source will be for associates, external visitors, tutors who are based overseas etc.

      Author's profile photo Bernhard Escherich
      Bernhard Escherich
      Blog Post Author
      Hi Paul,

      thanks for sharing the interesting information. I am really looking forward to you post on SDN about your experiences.

      You are right IDM projects can become quite complex as they are about processe and a lot of discussions about areas undocumented before.

      If you look at the HCM-IDM integration I can only recommend to use the Provisioning framework which makes your life much easier.

      Best regards,