RapidIdentity Cloud Reference Architecture

Over time, technology within K-12 school districts and higher education institutions has evolved from a central concentration to a broad, virtual distribution. As this perimeter of information has expanded, so has its ability to drive business outcomes. However, securely and efficiently managing access to this information presents unique challenges— such as securing identities across the educational ecosystem. RapidIdentity Cloud enables organizations to increase their security posture, while streamlining identity management throughout each user’s academic lifecycle.

DOWNLOAD REFERENCE ARCHITECTURE

Seamless Infrastructure Integration

RapidIdentity Cloud was purpose-built to manage identities and associated access from the cloud, while seamlessly integrating with on-premises systems and applications. A simple portal concept allows users to easily sign-on to applications, manage their profile, request or approve access, and view analytics and reports in a contextualized view. 

The RapidIdentity Portal can also be used by IT administrators to configure policies, manage roles, and maintain libraries of applications and associated access. Additionally, RapidIdentity Cloud offers robust provisioning and lifecycle management capabilities that automate account additions, changes, and updates, as well as deprovisioning activities for cloud-based and on-premises applications, even legacy applications. 

Included with RapidIdentity Cloud is the RapidIdentity Bridge, a client-server utility that allows for secure communications to be configured between RapidIdentity Cloud and on-premises applications by specifying internal application information and ports. The Identity Bridge consists of a service that runs in the tenant environment and a client that runs on any Windows server on the customer’s premises. The Identity Bridge is managed through the RapidIdentity Portal.  

 

RapidIdentity Cloud Reference Architecture

Security and Availability

A critical mission in education is balancing the security needs that are vital to the operation of an organization with individual privacy rights. At Identity Automation, we hold our commitment to protecting student data privacy and maintaining comprehensive security to the utmost importance.

For customers in the United States, RapidIdentity Cloud runs in Amazon Web Services (AWS) in the U.S. Regions, ensuring that data is not stored outside of the United States. Through AWS hosting, Identity Automation provides a framework for addressing security, availability, confidentiality, and integrity. Privacy is central to RapidIdentity and is addressed in detail in our Privacy Policy.

RapidIdentity Cloud is evaluated on a periodic basis and holds the following security and privacy certifications:

 

SOC 2 Compliant

Available upon request, Identity Automation’s SOC 2 Type 2 Report covers the AICPA’s Trust Services Principles and Criteria for Security, Availability, Confidentiality, and Privacy. The report also includes a mapping of the controls tested to FISMA and NIST security requirements.

 

FERPA Certified
The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. In particular, this regulation is concerned with personally identifiable information, or PII, in student records and bans third parties from using this data without parental consent. It applies to all schools that receive funds under an applicable program of the U.S. Department of Education (DoED).

Identity Automation earned the FERPA Certification issued by iKeepSafe, an experienced privacy protection organization, ensuring RapidIdentity meets FERPA compliance.

 

COPPA Certified
The Children’s Online Privacy Protection Act (COPPA) is a federal law regulated by the Federal Trade Commission that surrounds the collection of personal information from children under the age of thirteen. COPPA requires operators to publish clear privacy policy notices whenever personal information is being obtained and to disclose any personal information that is collected to a child’s parents.

Identity Automation has earned the COPPA Certification issued by iKeepSafe, an experienced privacy protection organization, ensuring RapidIdentity meets COPPA compliance.

 

California Student Privacy Certified
The California Student Privacy Certification is a comprehensive certification issued by iKeepSafe, an experienced privacy protection organization, that assesses for multiple federal and California laws governing student data privacy. 

The RapidIdentity architecture is designed to be fully redundant and maintainable 24 hours per day, seven days a week. Leveraging AWS resources, such as multiple availability zones in regions, coupled with elastic load balancing and scaling technologies, enables RapidIdentity availability and allows for maintenance to be performed without interruption to operational processes.

Helpful Definitions

RapidIdentity Cloud

Designed to run natively in the cloud, RapidIdentity Cloud is the most complete Identity and Access Management (IAM) service, providing K-12 and Higher Education with greater security of their data and systems, while enabling educational organizations to manage identities of all types, including students, guardians, teachers, faculty, administrators, alumni, contractors, partners, vendors, and more. 

RapidIdentity Portal

From faculty and staff to employees and students, RapidIdentity Portal provides a central interface for any user identity managed by RapidIdentity Cloud. Through a single interface, RapidIdentity Portal provides both administration capability and end-user experience, giving administrators a single place to efficiently manage identities and end users a single web page for complete single sign-on (SSO) and account self-service.

RapidIdentity Identity Bridge

The RapidIdentity Identity Bridge is a lightweight, Windows-based utility that can be installed on any Windows server (the server does not need to be dedicated to the utility) and configured to securely communicate with the RapidIdentity Cloud tenant environment.

EdTech Apps

RapidIdentity Cloud can communicate directly with most cloud-based EdTech applications for provisioning, rostering, and SSO. Many organizations leverage a combination of user provisioning and SSO to create and assign role-based access for users.

Local Network Applications, Database, & Files

Through the RapidIdentity Identity Bridge, RapidIdentity Cloud can communicate with HR or SIS systems, as well as files, local applications, and databases for data syncing and transformation.

Remote User

Remote users consist of any RapidIdentity managed user that is attempting to access a federated application or RapidIdentity Portal outside the local network. This is the most common use case for remote learning.

Local Users

Local users consist of any Active Directory accounts for an organization’s identities that are on an existing LAN or WiFi network managed by the organization.