With more than 20 major computer systems in the Hawaii Department of Education, managing secure access for more than 20,000 users was challenging because most applications required different passwords.
"It made it very difficult for our employees to remember everything and encouraged insecure practices like writing your password down on the inside cover of a notebook," says David Wu, assistant superintendent and CIO in the Office of Information Technology.
In 2012, the Hawaii Department of Education tapped a Race to the Top grant to deploy a single sign-on system. The SSO project, under a tight deadline, aimed to enhance the agency's identity management system by simplifying user access while maintaining data security and privacy.
The agency opted for an off-the-shelf SSO tool for web-based authentication, which doesn't require software installation on client desktops, notebooks or tablets. The IT department provisioned the new system on an existing virtualized server.
Staff can use a single username and password to sign on in the morning and maintain that access throughout the workday. So far, the SSO system is used for 14 applications, including human resources, time and attendance and financial reporting. The system stores the password once and remembers it for each of those applications or accesses a directory service such as Lightweight Directory Access Protocol to grab the password and log in for the user, Wu says.
From start to finish, the agency completed the project in less than six months. "I'm happy to say that our team pulled through it, and we didn't miss any major deadlines as a result," says Wu.
The structure of the Hawaii Department of Education in part enabled the fast rollout, says Wu. As the tenth largest school district in the nation, the state superintendent and board oversees all schools in the state. That tight management structure enables standardization.
Overall, the SSO deployment has been a great success for users and the IT department alike. "I get people thanking me and praising how much time they save," says Wu. The solution also reduces the IT workload because users can now reset forgotten passwords through a self-service page rather than call the help desk. .
"States are ideal partners for NSTIC pilots because of the many services they offer online, and the many more they could offer online if the costs and risks involving identity fraud could be reduced."
— Jeremy Grant, Senior Executive Advisor for Identity Management, National Strategy for Trusted Identities in Cyberspace (NSTIC)
"Our Commonwealth Authentication System, also known as CAS, securely utilizes data across agencies using a match/no-match process for identity proofing."
— Dave Burhop, Deputy Commissioner and CIO, Virginia Department of Motor Vehicles
"We're deploying an identity management system with multifactor authentication to address cyberthreats and reduce the ability of hackers to gain access to sensitive information."
— Lynne Pizzini, Chief Information Security Officer, Montana