After rolling out PeopleSoft, Penn State used Pathlock to close security gaps with 2FA and user activity logging, protecting sensitive data without disrupting access.
Security Gaps Surface Post Go-Live
When Penn State University implemented PeopleSoft Campus Solutions to manage admissions, financial aid, and student records, they expected a more streamlined experience for users. However, their IT security team quickly uncovered potential vulnerabilities.
The most pressing concern was the absence of two-factor authentication (2FA) to verify user identity. Additionally, security assessments revealed that personally identifiable information (PII), including Social Security numbers, could be accessed without proper role delegation, posing a potential data leakage risk.
These gaps were significant. The team required a solution that could integrate seamlessly with PeopleSoft, enhance authentication, logging, and user accountability, while maintaining uninterrupted access for students, faculty, and staff across Penn State’s globally distributed campuses.
Finding a Solution That Fits Higher Ed
To address these concerns, Penn State launched a thorough evaluation of security solutions. They consulted external experts, peers in the Big Ten, and the Higher Education User Group (HEUG), all in search of an approach that met the university’s security standards and complex operational needs.
That search led them to Pathlock Native for PeopleSoft.
The team had already adopted Duo for 2FA, but needed a way to extend it across all PeopleSoft applications and devices. With Pathlock’s native integration, they were able to do exactly that; rolling out secure, consistent 2FA enforcement across platforms and form factors.
Real-Time Logging and Data Protection
With Pathlock in place, Penn State gained more than authentication. They also activated enhanced user activity logging, which allowed security leaders to monitor behavior patterns and system access in real-time. From access location to device type, the system delivered detailed, actionable insight to IT leadership, supporting both daily monitoring and strategic reporting.
“Given the definite gaps in the ERP application, I don’t know how we could live without the capabilities of the Application Security Platform,” said Matthew Scott, IT Manager at Penn State. “It’s just not optional in today’s environment.”
By strengthening authentication and activity logging, Penn State was able to close long-standing gaps without adding friction to the user experience. Students and staff continue to access the services they need. At the same time, security teams gain the visibility and control required to safeguard sensitive data.
