In my role, the most valuable features are two-factor authentication and self-service password reset. The most helpful feature for the institution as a whole is probably the single sign-on. As an IT director, I care about security and ease of use. OneLogin provides a single pane of glass for events that happen within our organization on applications that are connected. We can see logins, sign-outs, password changes, two-factor prompts and failures, failed logins, etc. It's a crucial feature. We scraped those logs and sent them to our SIEM and SOC to look for anomalies and vulnerabilities. Having them in a central place in OneLogin streamlines that process for us. We want to review those logs proactively. In addition to OneLogin's risk analysis, we want to pull it into our SOC and have them take a deeper look. They pull in additional data points to see anomalies in OneLogin, Office 365, and the network. They can piece together some events that we need human eyes on. Having them in one spot makes it easy to get to that point. We use Webhooks for two items. One is the enrollment grace period. The other one is to capture data in our SIEM for our SOC to review. Those are two development Webhooks that we're leveraging. We still run some custom items on our servers to leverage those Webhooks. One is the enrollment grace period. Webhooks can use the data from OneLogin and manipulate it on-premise. That's invaluable. We could not have done our enrollment process without that Webhook. It wouldn't have been as nice of an onboarding experience for our users. It would've been more troublesome for them. Webhooks freed up a tremendous amount of time. We looked at it from the perspective of maintaining this long-term. Enrollment in 2FA isn't a one-and-done. We have students coming every day. It's not like we're done once we get everybody enrolled. Our onboarding is never-ending. There was no way we could maintain that on a user-by-user level. It was going to be a manual process. Webhooks allowed us to provide that pleasant experience without needing to manage this in the future. We didn't initially have SmartFactor when we started the contract, but we saw the value. We don't feel comfortable prompting our users to validate using their two-factor enrolled device each time they log in. We only use SmartFactor when a change in user behavior is detected. For example, maybe they're logging in from a new device or an IP address the system hasn't seen before, which raises their risk score. That's when we prompt for that authentication, for that two-factor authentication. If you're sitting in your office and logging into the same computer simultaneously from the same IP address, there's no need to keep prompting you for the two-factor authentication throughout the week. We only ask for it when something changes. For example, if you take your computer to a coffee shop, you will get prompted because that's unexpected user behavior that the system hasn't seen. It's a good compromise between security and usability. We haven't moved to password list technology, but OneLogin has the capability. We still require a user ID and password as the front entry, followed by two-factor authentication as the validation that you are who you say you are. It has a risk score based on user behavior anomalies, like login location, time, and device, usability and security, and more. There's a good balance. The two-factor authentication offers protection, but we don't want to bombard you with two-factor prompts when you're just trying to do your job. We only want to do it when something has changed about your login behavior. We use the OneLogin Desktop feature in a limited capacity for some self-service kiosks around the organization for payment stations. Students can make payments using a single sign-on via the desktop. Because the application is doing authentication behind it, we haven't extended the OneLogin Desktop to staff or student desktops. One of the main reasons is there's not a great way within the service portfolio that OneLogin has to use the desktop but pick and choose what applications will do single sign-on.