IB Solutions Logo IB Solutions
contact
Back to clients

Pratt Institute: Higher Education SSO Integration

Multi-role authentication system connecting students, faculty, and staff to institutional resources through unified identity management

Pratt Institute: Higher Education SSO Integration
Company: Pratt Institute
Industry: Higher Education
Website:
Provided services:
Web Development Technical Management

At a Glance

  • 3 user types - students, faculty, and staff with distinct permission levels
  • Automatic lifecycle - users provisioned on enrollment, updated on role changes
  • Role-based access - protected resources based on institutional role
  • Multi-role handling - staff who are also students managed correctly

Lead Web Engineer responsible for building a custom SAML Single Sign-On integration for Pratt Institute’s Craft CMS website (via Solspace Inc.). Pratt is a renowned art and design school in New York, and their website needed to serve distinct audiences: prospective students, current students, faculty, and staff, each requiring different access levels and content visibility.

The Challenge

Higher education websites serve multiple audiences with different needs. Pratt’s website required:

  • Multiple user types: Students, faculty, and staff each needed distinct permissions and access to role-specific content
  • Automatic lifecycle management: Users should be provisioned when they join the institution and deprovisioned when they leave
  • Institutional directory integration: User data (roles, departments, enrollment status) needed to sync from their central identity system
  • Seamless experience: No separate credentials or manual account requests

What I Built

Custom SAML Authentication Plugin:

  • Integrated with Pratt’s institutional identity provider using SAML 2.0 protocol
  • Parsed user attributes to determine role (student, faculty, or staff) during authentication
  • Handled the complexity of users with multiple roles (e.g., a staff member who is also a part-time student)

Role-Based Permission System:

  • Mapped institutional roles to Craft CMS user groups with appropriate permissions
  • Enabled content visibility rules based on user type
  • Protected administrative and faculty-only resources from student access

Automatic User Provisioning:

  • Created new Craft CMS accounts on first login based on identity provider data
  • Updated user attributes (name, email, department) on subsequent logins
  • Handled role changes when users’ institutional status changed

Outcome

The integration gave Pratt’s community seamless access to website resources using their existing institutional credentials. Students accessing course materials, faculty managing departmental content, and staff using administrative tools all authenticate through a single system with appropriate permissions automatically applied.

Business Impact:

  • No separate credentials for website access
  • User lifecycle managed automatically based on institutional status
  • Protected content only accessible to appropriate roles
  • IT team maintains centralized identity control

This removed the friction of separate credentials and manual user management while maintaining centralized identity control aligned with institutional security policies.

Interested in Similar Work?

If you're looking for similar solutions or want to discuss your project, I'd be happy to help.

Implemented solutions:

Used technologies: