Saviynt ChangeMakers: How the University of Ottawa Integrated Digital and Physical Access Control Systems—A First in Higher Ed

As a product manager at the University of Ottawa, my job is to leverage technology strategically to make the campus of the world’s largest bilingual public research university smarter and more connected. My team and I recently spearheaded an innovative identity modernization initiative. In it, the University consolidated digital and physical identities within a single system. 

By bringing together our universal card system—which gives users access to buildings, the meal plan, and debit card funds, among other things—with digital identity management, we have been able to create new efficiencies, security and improved experiences for all members of our community. 

This wasn’t a simple project. Not only did we introduce role-based access control (RBAC), so that we could dynamically assign the right level of access for individuals transitioning between jobs or roles within the University, but we also established full user lifecycle management across both campus access control and IT systems. The project entailed a direct database integration between the University’s physical security system, Genetec, and Saviynt’s IGA platform. It also involved building an internal API gateway so that identity data in Saviynt could be linked to card credentials, group memberships, and identifying photographs.

Small Project Team, Big Results

My lean team was able to drive this significant leap forward, advancing security and operational efficiency and giving new users the rapid access they need to start working and learning—without any of the delays and administrative burden that we dealt with in the past. 

Before Saviynt, managing access across our campus was complex and time-consuming. Now everything is in one place.

The Art and Science of Implementation

We started our identity modernization journey by bringing in Saivynt to replace an outdated on-premises identity management system. This was accomplished in tandem with an ERP update, as part of a broader cloud-first transformation. 

This foundation made the next steps easier. Because we had already built technical rules—like RBAC and request-based authorization processes—in Saviynt, we could just re-use them for the Genetec integration. Saviynt’s flexible platform made the first phase of the rollout of our universal card system smooth. We didn’t have to re-invent the wheel—we could simply extend what we were already doing. 

Once we had defined business rules and connection points, we needed to map out how data should flow between systems. We implemented an approval structure for entitlement requests that uses metadata to route the requests to the appropriate supervisor. This keeps the authorization process structured and efficient, but also allows us to meet governance requirements.

Support from our integration team and managed services partners were key for making this implementation work. So was Saviynt’s flexibility, which allows us to move forward without a need for customization.   

Winning Innovations

RBAC isn’t standard for managing physical access. The controls used for campus buildings aren’t typically molded around pre-defined roles, but instead are built manually, from the ground up. 

When an international firm conducted an external audit on the design of our access controls, they did interviews and an in-depth analysis. They recognized that our approach—leveraging Saviynt for RBAC—was cutting-edge. They hadn’t seen anything else like it in higher education. 

We’ve reduced enormous amounts of manual effort.

If the system is healthy, with jobs running on time, and data feeds working in sequence, it operates hands-free. We don’t need to do anything beyond routine monitoring.

Advice from the trenches

There are always challenges modernizing identity and access control systems, especially when the transformation is as sweeping as this one. I’m excited to see other teams following a similar path, especially in higher education, where efficiencies are essential. 

Here’s my advice for those just starting to think about merging universal card and digital access controls:

1. Make sure you have a robust user lifecycle framework. 

Break down identity types and look for ways to augment your existing workflows, rather than introducing new ones. If you’re already processing data, why process it twice? Efficient workflows prevent unnecessary delays. For instance, include both digital access control and card information at the same time whenever you’re modifying user records. This approach minimizes redundancy and maximizes efficiency.

2. Deeply understand your use cases, business requirements, and governance needs. 

Without a strong governance structure, even the best solution can stall due to lack of approval. Ensure organizational buy-in from the start.

3. Surround yourself with knowledgeable people.

Maintain strong collaborative relationships with both internal teams and partners. Consult with key stakeholders regularly to align expectations and streamline processes. 

4. Simplify physical access controls wherever possible.

Instead of treating each door as a separate entity, group access points logically. Establish broad policies as often as you can while maintaining strict controls for sensitive areas. This approach balances security with operational efficiency, reducing the need for manual adjustments.

5. Choose the right partner with the right platform.

Our RFP process was thorough and deep. We knew we needed a flexible platform that would enable us to leverage intelligent automation, but we also needed one that wouldn’t require hands-on development effort or extensive customization. Saviynt’s low-code configurability made it possible for us to quickly and easily connect all the data sources we needed to build out this revolutionary implementation.

Digital transformation is a gift that keeps on giving. When you create efficient, scalable workflows, you’re able to work smarter instead of harder. With this implementation, we’ve created a new model for managing identity and access—one that’s dynamic, efficient, and built for the future.

To learn more about what we’ve achieved, read the full case study here.