Automating Identity Access Management in Universities and Colleges

Review the Full Session Transcript

No time to watch the session? No problem. Take a read through the session transcript.

Jason Martin, EDUCAUSE (00:03):
Welcome to our final session for the EDUCAUSE Demo Day Identity and Access Management Solutions. It is October 29th. My name is Jason Martin and I'm your host for this session. Please use the chat to share comments and ask questions for our presenters. If you would like to view close captioning, you can do so by choosing the show captions button at the bottom of the zoom room. If you have any technical issues, please send a message to me by selecting hosts and panelists. And with that, thank you so much for joining and I'll welcome our presenter from b Brian. Over to you.

Bryan Christ, Bravura Security (00:33):
Hey, thank you Jason. Appreciate the introduction and just want to say thank you to everyone that's joined us today for this session. Look forward to sharing with you what we have to demo today. I do want to say that we have a handful of slides and my commitment to you is that we're going to get through 'em really quick. The intention is to get to the demo and show you the functionality. It is somewhat necessary because you're going to be seeing a lot today in the demo. It's going to be necessary for me to sort of set the background and the context. Part of what you'll be seeing is pieces of what we call the preferred security fabric that's represented here on the screen. So we'll be focusing primarily on Bravura Identity, which is our identity automation solution, but there will be components of Bravura Cloud as well that we'll be looking at today.

(01:27):
All of this technology was developed with sort of a front row seat to institutions of learning that we work with. And you can see here on the screen, again, my commitment is to get through this very quickly, so I'm not going to say a lot about each screen, just kind of highlight the key things that are worth talking about. A lot of Zero trust has lost its luster over the years in terms of a buzzword, but what we find out is that organizations are still very much pursuing the principles of zero trust. And so what you're going to see in the demo are controls and features that are designed to really advance those goals. And some of these bullets here on the screen are subsets of that. One of the things that we've observed about universities and colleges is that you have many of the same challenges that other verticals have.

(02:20):
It's just way more amplified. There's no other vertical that I can think of that really does the amount of bulk onboarding, bulk offboarding that we see, especially around semester enrollment. And then you have this thing with alumni where you've got this record that almost never ends because you want to keep around for donor. And so while the challenges sort of look the same, we know that they're massively bigger and more complicated for y'all. We also have observed that there are just a tremendous amount of talent and when you couple that with sometimes restrictive budgets, what ends up coming out of those are things like homegrown systems and ultimately a recognition that it works well today but maybe isn't sustainable. You probably have a lot of institutional knowledge. And so our goal in the functionality that you're going to see today in the demo is to provide a really rich set of features in terms of capabilities that can supplant what you've done in the homegrown world to give you the confidence that you can have that long-term support that you need.

(03:37):
And best of all that it's automated. We think automation is absolutely key to academic enablement. There's sort of a symbiotic relationship between what gets built into a solution like Reve Identity in terms of you provide these great controls for the backend, which makes their life better. You make the experience for your end users, whether that's the student faculty, you give them a good experience, which means that the burden on the backend is alleviated. And again, doing this through an Automation First approach really drives this sort of perpetual symbiotic relationship that we think is just absolutely important for success. Another outcome of this, and we created this slide initially and I looked at it and said, yikes, this is just awful and busy, and decided, you know what? We're not going to change this slide because those that are responsible for regulations and compliance, this sort of visually represents how they feel and we know that from talking to these folks is that some other nights falling asleep is worried about regulatory compliance and things like that.

(04:59):
And so what we're going to make the argument is that if you've got good automation in place, so that's joiner, mover, reliever, giving users the right entitlements based on who they are, their affiliation or role, then you don't really have to worry about compliance because compliance when you boil it all down is concerned with how did somebody, were they authorized for the entitlements they have, how did they get them? Are they still appropriate presently? And so if you're doing all of that, then it just becomes a matter of reporting and answering those questions. Lastly, want to just call your attention to this slide. We have some great resources for you at the end of today's session. We would encourage you to go grab one of these workbooks that we're showing here. Also, I'm not going to have time in today's demo. It's going to be just a lot information, a lot of show and tell, and there's no way I can possibly dive into each of the features at the level that I think will be of interest to many of you.

(06:09):
And so we would encourage you to book a dedicated session with us, and if you do that before November 15th, we'll provide lunch for your team on that session. So with that, what we're going to do is I promised to be quick, hopefully that was quick. I'm going to exit out of this and we're going to just dive right into the product itself. So you can see here the login screen of Bravura Identity. It is a web-based solution. What I'm going to do is I'm going to sort of walk through some of the basic capabilities of the product and as we go through the demo session, we're going to gradually get more complicated, more robust in the scenarios and what we demonstrate till we wrap up at the very end. So first thing I kind of want to show is that it supports localization. So if that's important for your institution, know that we support a number of different languages.

(07:15):
What you're seeing here is our adaptive authentication framework. So I'll go ahead and plug in my user here to log in. And what I mean by adaptive is we can treat your different user populations differently. So each one of these screens can adapt to challenge users. A student maybe we want to treat them differently in terms of factors of authentication. We want to treat faculty or staff differently. We can do that. Employees, contractors, whatever, we can challenge 'em in the ways that are most appropriate for them. One of the things you're going to see is I'm going to go ahead and just use Okta as an example. This is a bit of a kitchen sink demo environment. So we support dual Okta hyper, we have our own app. And so what I want to make mention of is these aren't just authentication systems for us in the world of identity.

(08:12):
We also can provision and deprovision users out of those same systems. So you want us to create a new duo account, we can create a duo account, we want us to deprovision a duo account. We can do that. And so I think it would also be worth mentioning that this is by no means an exhaustive list of what you're going to see in terms of factors of authentication. One of the big ones that is we know is important is we support saml. So many of your really well-known technologies for authenticating are based on saml. And so we support our product as both an SP and an IDP if that were necessary. But I'm going to go ahead and say let's authenticate with Okta. I'm going to grab my phone here. So I'm phone here and I'm going to say push to verify. So unlock my phone, wait for my little push notification to come through. Yeah, that was me. And then it's going to prompt me for my password. Again, this is not wooden.

(09:16):
This is a very dynamic authorization flow. Once a user logs in, there's a number of things that they can do on their own behalf. What I'm going to focus on primarily for this particular scenario is the ability to view my profile. So I can come in here and I can see on the right hand side, I can see all the entitlements I hold. So entitlements is a word that we use to encapsulate anything that you can grant to a user. So that could be a login account on a system. So I can see here that Bob has an account on active directory, some group memberships that are associated with active directory. He's got an account on Azure ad that duo account, Okta account. These are all things that we can provision and deprovision we provide out of the box connectors for. We'll look at that here in just a minute.

(10:05):
Overall, on the left hand side, there are some boxes of information. We know that privacy is a really big issue in universities and colleges, and so each one of these boxes is beholden to access control. So what Bob sees of himself may be different than, let's say there's a manager or a department head and you want to give them some limited access to see Bob's profile. You can do that knowing that you can place access controls around these information boxes. And these information boxes are extensible. If you want to add, I did a demonstration for a university about a year ago where they said, Hey, we want our users to be able to choose their favorite mascot so that I added choose your favorite mascot. And then that surfaced in the box there. The other thing that I want to show here is that there are these digital forms.

(11:00):
So we include about 20 forms out of the box digital forms for doing very common things. Again, this is a result of us having worked with a number of institutions looking back and saying, well, what's common? What are the things that users typically need to do? And so this case I could update my contact information, I could, we have that catalog type of experience when it comes to accounts. So let's say I need to request an account on a Linux system. I can do that and if approved, we would go through the provisioning process for that. Again, our vibrant connector ecosphere. So these are certain things that I can do on my behalf. These request forms, just like the information boxes you saw above, they are subject to access controls. So I'm going to show you how that's different here because Bob just happens to be a department manager, and that means that to the extent that you allow Bob to, Bob can do things on behalf of his subordinates.

(12:08):
So I've got already a search in here so that Bob can pull up his subordinates. I'll go ahead and click on Benny here. And what I want to call your attention to is the fact that not only can we see some information about Benny, and again, subject to access controls, we could whittle this way down if we wanted to, but I have a whole nother set of digital forms that I can invoke for doing things on behalf of my direct report. Now I'm using this kind of model here of a manager and employee, but none of this stuff really changes in terms of whether it's a faculty in a department head kind of role or whether somebody needs to in the admissions office needs to do something on behalf of a student. It doesn't really matter for us. Those are just types of identities, the same access controls, the same kinds of forms are applicable in that particular dynamic.

(13:14):
So that's sort of an overview of doing something on my own behalf, so that self-service model, but also we've empowered somebody to do something on someone else's behalf. So I'm going to kind of transition away from this particular piece here. What I want you to see is the affiliation engine. So we've spent some time building out some features that we think are uniquely interesting to two institutions of learning. See if I can get logged in. So I'll just flip tab over here to another actor. In our environment, rusty Pipes. Rusty Pipes is somewhat of an actor in our environment that's been delegated a level of authority. So we have within our product a concept called roles or affiliations. We've found that that terminology gets blended depending on who you're talking to. For us, we treat affiliations or roles as collections of entitlement. So if you remember what I said a minute ago about an entitlement for us is simply something like an account on a target system or a group membership.

(14:35):
And I'll add a little bit of clarity here too. For US groups can also be application roles. So in a lot of systems you'll have something called an application role, and it's really just a container by you put a user into that application role and by virtue of being a member of that container, they inherit some level of additional capabilities within that solution. So we just sort of normalize that vocabulary and we just call those groups. So it doesn't matter whether a group is on active directory or whether it's an application role in something like an ERP system, we don't really care. It's a container. You put somebody in it, they inherit permissions by virtue of the membership in the container. So roles are a collection of entitlements or affiliations, and these can be accounts, they can be groups and they can even be other roles or affiliations.

(15:33):
And so we have specifically designed this experience so that it comprehends and it caters to universities, community colleges, colleges and such. So you can see over here on the left hand side, I've sort of just pinned a search here where I say I want to just see all the affiliations in the system. So you can see we've modeled up quite a few, but so we've empowered Rusty to configure an affiliation. So if I come in here to click on staff affiliation, then I can say, Hey, I want to update this thing, and this first screen is not really all that important, but the second one is, so if I'm configuring a student or this is the staff, lemme go back and do the student one because it's a little more rich in terms of its configuration here.

(16:31):
There we go. So you're going to see that by granting someone the student affiliation, they're going to get access to a number of managed groups. So the student group, the commissary group, the library access group, and they're going to get an active directory account. So that's sort of what gets bundled up with the affiliation. Now, one of the things that we know is very, it's a bit of a struggle for organizations like yours, which is this idea that a student can be faculty. And so we call those overlapping entitlements where maybe because I'm a student I get library access, but because I'm also faculty, I get library access. And so we also understand that just because you are no longer a student, but you're still employed by the institution, that you should still have that library access. So we understand this concept of what we call overlapping entitlements, which plays out as overlapping affiliations.

(17:49):
And so I wanted to kind of just make sure that I touched on that subject because I could apply both affiliations to a user and they would get the exact right amount of entitlements that they should get because of those two in a Venn diagram sort of way. And if I were to remove one of those, we would understand that those overlapping entitlements should still remain because of the other affiliation. So as someone who can configure an affiliation, rusty could come in here and select other groups, other accounts that they want this affiliation to contain. This is where it gets really interesting though. Affiliations can be assigned to users in multiple ways, so I can assign it automatically. So the rules say that, Hey, as long as this person, and we're actually getting in our environment here where this affiliation group is derived from banner, but we say, okay, if they're a student and that's their affiliation group, then automatically we're going to assign them this affiliation.

(19:01):
We also have this concept of provisioning times. So normally access is granted on a specific date that is configured when, and we'll walk through this on the user side when I give them, like I said, a start time on when they're going to get the affiliation, but I can say, you know what? Within the configuration itself, I want to stagger that. I don't necessarily want the affiliation to start on the exact date. Maybe I want it to start two weeks later or two weeks earlier. Or also the same thing with deprovisioning. I don't want it to start, I want to stagger it just a little bit. I can do that with this rules-based system. So this would be as maybe automatic, but I could also say, Hey, you know what? I want to add another rule here. I'll just make this an or concept here, is that I want to allow users to self request an affiliation, but I'm going to say that they're only able to do that as long as they have been admitted and there applicants.

(20:15):
And so based on this rule, there are two ways now that someone with the system could be provisioned with the student affiliation, and that would be automatically based on the criteria I set up in that rule group or through self assignment as long as they match the criteria that I've permitted and those rules below, and you can get pretty complicated with this. Some of the larger universities we deal with, they've got a lot of really interesting design rules in place. The last thing I want to show you on the configuration side is what we call the disablement mirror. And the disablement mirror, you think of it sort of like those staggered offset times. I could set a disablement mirror, which basically says when that deadline hits and they we're supposed to remove this particular affiliation from a user, what we can do is if I were to set the disablement window for let's say 30 days, instead of removing that affiliation and those entitlements, we would simply suspend those entitlements for that period.

(21:19):
So let's say it was 30 days, we would suspend the entitlement. We wouldn't remove the entitlement, but we would take it away temporarily from the user for that 30 days. And then if that 30 days rolls around, then we would actually eliminate the set of entitlements. I want you to see what this looks like on the other end of equation. So this is Rusty sort of configuring an affiliation, but we've also empowered Rusty to do things on behalf of others. So I'm going to find we've got an actor in here, Aldo Benon, pull up Aldo, and I just want to show you that, so Aldo has this student affiliation. The start time for that affiliation was on three five because of the affiliation, Aldo got access to the commissary to library access group membership and students. And we can also see here that the starting end date of the affiliation, no end date.

(22:29):
So if I were rusty, I could come in here and say, you know what? I know this thing. Let's say it had an end date, doesn't have an end date, but let's say it had an end date. What I could do if I wanted to just sort of ignore that, I know that it normally has an end date, but there's a reason that I want to allow Aldo to continue to have that affiliation regardless of what the end time or start time, I could just say, you know what? Just let's just ignore what we call the validity window altogether and we could provision that and the system would honor those rules. So that's sort of the affiliation engine that we've built into the product. And so now what I want to do is, so we've gone from sort of a basic user what they can do.

(23:19):
I've gone a little bit higher up in the food chain with Rusty who can configure things like roles and affiliations. I want to show you a bird's eye view, what the product configuration looks like. So this is one of the product administrator accounts. There's a default called super user, but I want you to see that the product is a very low code, no code approach when it comes to what we call target systems. These are things where we can provision and de-provision accounts or group memberships. It is also what we call serves as a system of record where we can look at things like a banner or an active directory and we could look for changes in the systems of record and respond through automation via the work that the connector does. I'll just take a real quick look at Active directory. I want to show you how it's configured.

(24:13):
Again, it's just a screen of check boxes and form fields. Again, I'm not going to code anything for active directory. I can get pretty granular in terms of what am I going to focus in in terms of user population. I can narrow down the focus of the connector to a particular OU or group. 99% of everything we do does not require an agent on the target system. So we interact within what we call push mode, which is a set of credentials, sufficiently permission for the operation. It's supposed to do breve identity because it's part of the breve security fabric comes with a limited license of our PAM product privilege access management, and that's for the purpose. If you wanted to have this periodically randomized with kind of a look mono hands approach, we can do that. And then I want to draw your attention to what we call resource operations.

(25:05):
Every connector as we have about 140 native connectors. And so when I say native connector, these are ones that we have built ourself for, things like mainframe, S-A-P-A-S 400, Linux active directory, supporting domains and forests, L dos, blah, blah, blah, blah. So we have all of these connectors and each connector supports some set of what we call primitive operations. These are various CRUD operations with respect to creating accounts, deleting accounts, disabling accounts, changing passwords on cash, get the idea the very rich in their capabilities. And so for configuring years and years ago when I did my first training on this project, I learned to configure an active directory target in like 30 minutes, and it's only gotten easier since it. So I wanted to sort of pull back the curtain on that and then also show you what we do in terms of attributes. So attributes are super important to target systems, whether that's active directory or a SQL or banner or whatever.

(26:03):
We can bring in and map just about every attribute that a system exposes to us. So as long as our connector is aware of it, we can bring a property in and we can map that internally. Why is that important? Because you might have, and I'll show you this here in any given system, you might have various attributes that effectively provide similar information. So we map those internally. So I'm going to pick on email because pretty ubiquitous, but you can see here that we are gathering email from about a dozen different systems. The attributes on those target systems look a little bit different. So the thing that we're using is our data feed calls it email address, Okta calls it login, Azure ad calls it mail, and then we allow you on a per attribute basis to prioritize those. So in this case, for whatever reason, Okta is considered the most canonical value. So if we see an email address from Okta, again for whatever reason, we will consider that the most authoritative and we'll sort of use this ranking process and that becomes the defacto attribute for that target system.

(27:26):
I think that's probably it in terms of what I wanted to show on the administrative side. I just wanted to give you an idea that a lot of the configuration, most of it requires a low code, no code approach. The next thing I want to show in everything you've seen so far in Bravura Identity is part that connector ecosphere, the auto assignment of roles and groups and the logic, all of that, we collectively call the security data engine and the security data engine allows us to gather really just interesting information about your identity posture. So what I'm showing you here is a dashboard that we present through Bravura Cloud to for example, a help desk analyst. So at a bird's eye view, they can log in and they can get sort of a holistic view of what's going on in your environment. So how many people are we seeing in scope, how many groups, how many target systems?

(28:30):
The other really interesting thing here is compliance checks. We'll focus on that for just a minute, but this is an extensible framework. So I'll pick on email consistency. So this particular rule, it's based on open policy agent, open policy agent and GraphQL. So GraphQL Bravura Cloud takes the information that's in the security data engine. So that would be identity that has its footprint in your environment either through the connectors or through some we call connector proxy. But either way, we're gathering that stateful information from your environment through identity, which then gets normalized up into cloud through GraphQL. And so that allows us to do things like put in place rules. So maybe you have a password policy for 90 days and you want to put a compliance rule in that says, Hey, show surface users that haven't changed their password in 90 days. In this case, we've got a rule here that checks for the consistency in an email.

(29:39):
I've got to spill the beans on that. We're going to come back to this here in just a second. So this dashboard will allow me to kind of drill into people. I did a search earlier for an actor in our environment named Morris, and I can see sort of an overview of Morris's account. Again, bird's eye dashboard. There's another group of people in your organization that are going to have a different need for analytics, which is going to be something like your SecOps team, which maybe we've got this extensible dashboard. And the reason I'm calling again, attention to the fact that it's extensible is because what we're showing here isn't included intended to be a one size fits all. So for example, we've got a provisioning a widget here that will give me some insight into how long is it taking me? Let me go back.

(30:32):
On average what this dashboard is telling me is this taking me 76 hours to provision identities way too long so I could drill down and then I can see in terms of my affiliation population, how does that break down? Where is it really bad? So faculty's taking 278 hours to provision. So I need to work on that. I need to address that. I can actually see here in this particular dashboard, users in the system that don't have affiliations, and I can see that in sort of a graphical view. Here's an example of some of those users. This information can be exported into a CSV file if you have some reason that you want to look at the data that way, go back to the home. We also have one again here for deprovisioning. Again, these are not intended to be fixed and wooden. We're just kind of giving you an idea.

(31:29):
You can design your own little widgets, and so I've got a library here that I could import new widgets from and add them to the dashboard. You can see that creating one is really quite easy. In this case, we just have a query statement down here that queries that data that was gathered by the security data engine and turns it into a viewable metric on the analytics dashboard. The last thing, and I think this might be a good time, I'm going to show you kind of one last really interesting piece of the fabric and we do have a short survey. So I'm going to ask if Jason, if you'll go ahead and just sort of fire that off in the background. We'll let folks answer that poll at their leisure. I will call attention everyone to the fact that there's like four questions. So if you don't immediately see all four, please scroll down and see all.

(32:39):
But so what we're going to do is we're now going to take a look at the AI component that we have recently introduced that is also part of Bravura Cloud. So Bravura Cloud is comprised of this dashboarding here that you saw for that bird's eye view, the help desk. It's also comprised of this extensible framework for creating analytic widgets that will surface interesting information that your organization cares about from the data that the security data engine is gathering. And then we now have also an AI piece that will help you with really sort of these common place things that you don't really want to bother the back office with. So the traditional way to get some of these things that I'm going to show you here is you'll have to file a ticket or something. So I've got a number of prompts here that I just want to demonstrate.

(33:36):
I'm also going to just kind of a little bit of a caveat here. Disclaimer, I'm going to be formatting this stuff in askie table format. I'm going to feed that into the prompt. The reason is is that AI can be a little creative and I just want a consistent display for the purposes of this demo, but it's not necessary to put it in this. So say, Hey, show me a list of groups that are being managed by Bravura identity. I want to see the groups that seemed like they're related to education by word association. So I'll just go ahead and ask the RA cloud AI to look at that data. And what it's going to do is we have this concept of called assistant. So this assistant is our identity expert assistant and we've trained it on how to do some things. And so it's kind of formulating an attack plan and it's coming up with some groups here. Exam takers looks like it's one that is of interest. So I'm going to say, you know what? Let me see more about this exam taker. So I'm going to just give it another prompt. Hey, just show me the first 10 members of the exam takers group. Give it a second to respond this. Again, this is our identity expert.

(34:52):
And so you can imagine how this is empowering, right? I'm really giving the ability to anyone that it seems like should have a right to do this, to do some work that would normally be, again, pretty, you would have to jump through some hoops. You'd have to maybe put a ticket in or call the help desk or something like that. So this is a really sort of simple illustration of said, Hey, show me some groups that are being managed that look like they have something to do with education. And then I've said, okay, let me just see a real quick glimpse of who's in that. What I actually want to do is I want to take this a bit further and let's say that the admissions office has been collecting a list of names in a CSV file. I think there's a data integrity problem, and so they want to just kind of verify the enrollment of this list that they've got.

(35:46):
So I'll just go ahead and I've said, Hey, show me the, whoops, that's not what I want to do. Oh yeah, it is. Let's see, I've lost my place. Verify the enrollment of the students of the attached roster. So it's sort of formulating how to tackle that. And so it's going to go through the exam taker membership and it's going to compare it to what was in that CSV file. And then what I've actually trained this particular assistant to do is to call into attention something that just kind of doesn't exactly, it looks a bit off. So there's a typo, right? So there's a G where a D should be, and so I can maybe should investigate that. And so it's really good at surfacing, Hey, look, there's some missing students. There's some name variations. So this Michael instead of Mike, so I can dive into that.

(36:48):
So one of the things I can do is I can say, you know what? I do want to dive into that. Let me see a dashboard link for that exam takers group. So if you remember, we looked at the exam takers a minute ago, or I'm sorry, we looked at the dashboarding a minute ago and I've just asked it to give me that I, so then I could click on it and it will whisk me away to, and I'm currently signed out, but I'll take care of that really quickly. You're actually getting me a chance to see Bravura Safe in action.

(37:32):
Get in here to the exam takers. Again, this is that dashboard that you looked at earlier. I can look at its members, so I can see here's that user that yep, should have, it was spelled with a G in the spreadsheet. It actually does have a D in it. And then I could even say, if I didn't want to just look at the group, I could say, you know what? Just go ahead and want to focus on that. Can you give me a link for that particular user? So while it's doing that, I'll sort of talk about some of the other things that are really interesting for the B Cloud AI assistance. So if you remember when I was going through a Bravura Identity, and I mentioned that we have 140 native connectors that we've built ourself. I think I mentioned, or I should have mentioned, that we have about a dozen universal connectors.

(38:31):
So these come in different language bindings, different layer seven transport. So for example, we have a skim connector that supports skim one, skim two. We have a connector that connects to things like maybe a database view is a way that we want to engage. We have a very generic Python connector that's really good with restful APIs. And so one of the things that we know is a challenge for universities and colleges is this idea that I've got lots of systems and when I do my first deployment, we want this sort of teach Amanda Fish principle. Maybe we've got 50 integrated systems. We want you to help us with the first 10 in a project, but we really want to tackle the remaining ourselves. So one of the things that we have done with the brera cloud AI is we have trained it on our universal connectors. So lemme just go ahead and skip on over to that. So I could actually say something like, Hey, create a reverse security fabric connector for GitLab and let it think here for a minute. And I think at this point it's going to invoke the connector assistant, which we have, and then it's going to use its world knowledge of GitLab, specifically its API. So it's doing a little bit of background work here.

(40:23):
Again, this takes just a minute, but I guarantee you as little as it takes, it's a whole lot faster than doing it yourself. So you can see it's starting to build out one of our universal connectors for GitLab, and I want to call your attention to this. I'm not a Python guy, but you can see here this thing like ad group attributes, some of the other ones in here, these list groups. So if you remember when I showed in Bravura Identity, we have these things called primitive operations. So what you're seeing here is the VE cloud AI using that universal connector that we've trained it on, coupled with GitLab's documentation for their API, and it's building out as much of the primitive connector operations. My colleagues have said that they've had this connector actually work in one shot, some in a couple of shots. The punchline is you might have to refine it just a little bit, but man, it sure is easier than having to build something from scratch.

(41:27):
So what maybe would have taken several days to get right? You might be able to refine it in just a couple of and have a working connector for that brand new target system and then you just need to configure policies and such. With that, that does conclude the demo that I had in store for everyone today. Again, there is so much more that we can drill down into on all of this stuff that I've shown. So really, if you've liked something you've seen today, we'd encourage you to book one of those demo sessions and we'll happy to go through whatever agenda you have and talk to you more about our feature set, Jason. So that's really it as far as what I had teed up. I'll turn it back over to you.

Jason Martin, EDUCAUSE (42:30):
Fantastic, thank you. Thank you, Brian. Thank you, Carolyn and Haley in the background as well. Thank you all for a wonderful day and for a great final session. A couple things for your attention, please remember to visit the demo day. All of the resources and recordings from today's demos will be made available to you. You'll have access to that for up to a year. You can feel free to share that with your colleagues as well. Also, in addition, we do want to remind you of our final demo day of the calendar year, which will be on November 21st, focusing on unified communication systems. You can register for that now and we'll see you then. Thank you all so much. Thank you again, and we really appreciate it. Have a good one.