Ad hoc identity management for parents of admitted students

Our goal was to convert our "post-deposit checklist" into a dynamic, personalized online resource that parents as well as students could use. The personalization part meant we needed to provide secure access to parents, who have no identity in our network. We solved this by providing guest accounts in Microsoft Azure that we connected to incoming students, secured with a "shared secret" verification process, and used SimpleSAMLphp to enforce the rules. The ability to provide ad hoc identities and identity management to individuals outside our local system is exciting for other reasons. There are many times the need to give passwords to "strangers" so they can access sensitive web content has been inconvenient and not necessarily secure, and the systems we've developed for this post-deposit checklist process can fix these problems, too. Not everyone will have Azure, so solutions using services like Okta will be explored.