Leading EdFinTech company GradRight needed a CIAM solution that could provide frictionless, secure authentication experiences to a diverse set of customers. Learn why GradRight chose Descope to stop bots attacks on login flows and implement personalized user journeys for students, banks, and universities.
GradRight is building a digital DIY ecosystem for higher education. By cultivating a community with all primary stakeholders in the higher education selection process, GradRight helps:
Students find the right program at the right cost.
Universities admit the right students at the right time.
Banks fund the right students at the right cost.
By removing the need for agents and counselors with its AI-powered ecosystem, GradRight makes higher education accessible and affordable for every student.
“Over 230 million students are enrolled in universities across the world. Tuition fees have been increasing and the ability to pay towards higher education has been decreasing. As we move forward as a society, we feel that sustainable higher education is very important, not just any access to higher education. And that is what we enable the ecosystem to achieve.” – Sasidhar Sista, Co-Founder.
GradRight has processed over $1.75 billion in loan requests and served over 55,000 students over the last two years through its platform. In September 2023, the company raised INR 50 crores in Series A funding led by IvyCap Ventures.
Customer identity at the center
Since GradRight serves a diverse set of stakeholders and provides a conduit to high-value financial transactions, proper management of customer identities is paramount. Depending on whether they are dealing with a student, lender, or university admin, the user experience and security requirements and expectations often change.
“We are a B2C company on one side and a B2B company on the other side. We work with students, which can be considered B2C. And we work with universities and banks, which forms the B2B front. Customer experience and customer identity are very important to us in the entire journey, which is an extended months-long journey in our context.” – Sasidhar Sista, Co-Founder.
Seeking a flexible CIAM solution
The GradRight team started considering an external CIAM solution after facing multiple bot attacks on their login pages. These bot attacks generated multiple OTPs – sometimes hundreds of them – for the same student, resulting in a subpar experience, rising SMS costs, and security concerns.
“We realized that paradigms and processes exist out there for solving the bot problem. But, to really understand them as a company and carve out a solution for each of them in-house would be a crazy expensive activity.” – Sasidhar Sista, Co-Founder.
Before beginning the search, GradRight documented clear priorities and requirements that an authentication and identity management vendor would need to fulfill. The most important requirement was a one-stop solution: something that could consider the nuances of different “customers” and fulfill their authentication needs in a reliable manner. And while each customer segment was unique, one common goal was to achieve a balance between security and user experience.
“I think one continual challenge we faced was that experience and security were not coexisting. Either a system was very secure, which is fantastic, but it didn’t provide a seamless experience. Or it went the other way. We didn’t want to be biased towards security or UX – we felt it was important to find a provider who could effectively bring both things together without compromise.” – Sasidhar Sista, Co-Founder
There were additional considerations to keep in mind while engaging with banks and universities, since any hiccups here could have far-reaching ramifications. Staying compliant with several higher education laws and regulations in the US was also a must.
“We need to have robust systems while dealing with banks and universities. It’s on us to ensure that who we say is a student is actually that student. A $100,000 loan can’t be sent to the wrong student.” – Sasidhar Sasta, Co-Founder
The Descope experience
GradRight chose Descope as their CIAM solution to deliver frictionless, secure, and personalized onboarding experiences to their diverse set of customers. Descope’s workflow engine was the ideal medium to define and implement the bespoke journeys that students, lenders, and university admins would require without adding custom coding.
“The Flows feature is exceptional and super intuitive. While we try to enhance customer experience, our own experience with Descope has been delightful. Whether it’s a magic link, biometrics, a WhatsApp based SMS, or a combination of any of them for any group of users – it was flawless with Descope.” – Sasidhar Sista, Co-Founder
Flows were also the perfect way to solve GradRight’s bot problem. By adding conditional steps that checked for bots and creating branching journeys based on the risk level, bot attacks could be swiftly mitigated without impacting the experience of real users.
The most enduring benefit of Descope Flows has been how resilient and future-proof it has made GradRight’s authentication systems. By abstracting out user journeys as no / low code workflows, the GradRight team can easily modify auth flows with time, add extra security controls when required, and adapt to changing auth protocols and preferences in the future.
The simplification of the authentication process that’s exposed to the developers has saved GradRight a lot of time and engineering resources. User journeys can be changed without re-deploying the app or touching the codebase.
“If I estimate even for one of the projects we implemented with Descope compared to what it would cost us to build it, I think we would have saved at least 30 to 40 times the money that we’re spending on Descope. CTOs or product heads of any B2C or B2B company should definitely keep Descope in mind as they explore conversations around CIAM.” – Sasidhar Sista, Co-Founder
Descope is a flexible, drag-and-drop CIAM platform that helps organizations easily add authentication, authorization, and identity management to their apps. Customers use us for initiatives such as passwordless authentication, SSO, identity federation, strong MFA, and fraud prevention.