Platform Features

Every feature built for higher-ed IT

OnboardConnect is purpose-built around the Slate + Active Directory workflow. No generic iPaaS glue. No scripting. Every capability maps directly to how higher-ed institutions actually operate.

Feature 01

Slate SFTP Sync

OnboardConnect connects to Slate through its built-in Scheduled Export feature — no Slate API credentials, no custom development, no vendor access. Files land on your SFTP endpoint and OnboardConnect takes it from there.

The polling engine checks for new files on the interval you configure, processes each row idempotently, and logs every action. Duplicate rows are safely ignored.

What's included

  • Polls SFTP on a configurable interval (as fast as every 5 minutes)
  • Processes active_students, withdrew_students, graduated_students, and password_reset files
  • Idempotent processing — re-running the same file is always safe
  • Full lifecycle coverage: create, re-enable, disable, move OU, and password reset
  • File receipt confirmation written back to SFTP for Slate record sync
  • Support for both OnboardConnect-hosted and institution-hosted SFTP endpoints

Feature 02

On-Prem + Cloud AD

Whether your institution runs on-premise Windows Server AD, Azure AD / Microsoft Entra ID, or a hybrid of both — OnboardConnect handles it from a single configuration interface.

On-premise domains connect through a lightweight Windows agent installed inside your network. Cloud tenants connect via Microsoft Graph API. Both are managed from the same provisioning rules UI.

What's included

  • On-premise LDAP via lightweight Windows desktop agent — no inbound firewall rules
  • Azure AD / Microsoft Entra ID via Microsoft Graph API
  • Hybrid AD: provision to both on-prem and cloud from a single Slate export
  • Each AD target managed as a named environment in the dashboard
  • Agent health monitoring with alerting on disconnect
  • LDAP bind credentials and Graph API tokens encrypted at rest with AES-256-GCM

Feature 03

Provisioning Rules Engine

Every provisioning decision in OnboardConnect is driven by rules you define — no hardcoded logic, no custom scripts. Rules follow a trigger → conditions → action model that maps directly to your institution's policies.

Rules are evaluated in priority order and support complex conditions across any Slate field. Template variables let you express your username format, OU path, and email convention once and apply it consistently across every student.

What's included

  • Trigger events: file receipt, lifecycle status change, manual run
  • Conditions: filter by program, school, enrollment status, custom Slate fields
  • OU placement rules with template variable support (e.g., Students/{program}/{year})
  • Username format templates (e.g., {first}.{last}{grad_year})
  • Automatic group membership assignment based on program or status
  • Rule priority ordering with conflict detection
  • Dry-run mode to preview changes before applying

Feature 04

Full Lifecycle Automation

Student identity management doesn't stop at enrollment. OnboardConnect handles every stage — from the moment a student deposits to the day they graduate — without any human intervention from your IT team.

Each lifecycle transition maps to a configurable AD action. You decide what happens at each stage; OnboardConnect ensures it happens consistently and immediately every time.

Lifecycle events covered

  • Enrollment confirmed → Create AD account, assign groups, send welcome email
  • Student withdraws → Disable account, log reason, retain for configurable grace period
  • Graduation → Disable active account, move to graduated OU, trigger notification
  • Re-enrollment → Re-enable previously disabled account, update OU and groups
  • Password reset request → Execute via configured reset method, log outcome
  • Account deletion → Permanently remove after retention period expires

Feature 05

Audit Trail & Compliance

Every provisioning event is recorded with a full context snapshot — who triggered it, what changed, when it happened, and what the outcome was. The log is immutable and exportable.

When your auditors, CISO, or accreditation team asks "who has access to what and how did they get it?" — you have an answer, immediately, without digging through scripts or email threads.

What's included

  • Every event timestamped to the millisecond with actor, trigger, and outcome
  • Immutable append-only log — no entry can be modified or deleted
  • Exportable as CSV or JSON for compliance reporting
  • 365-day hot retention in dashboard; cold storage archive beyond that
  • Filter by student, event type, AD environment, or date range
  • Automated alerts for provisioning failures or anomalous activity

Feature 06

Multi-Admin Role Management

OnboardConnect is designed for teams, not individuals. Multiple staff members can access the platform with different permission levels — so the right people can act without granting everyone full control.

Every action is attributed to the named user who performed it. Role boundaries are enforced at the API level — not just the UI — so there's no way to exceed your granted permissions.

Built-in roles

  • Owner Full access including billing, environments, and user management
  • Admin Full provisioning access; cannot modify billing or remove owner
  • Technician Can run provisioning, view logs, and reset passwords; cannot modify rules
  • Read-only Audit log and dashboard access only — no write permissions

Custom roles with granular permission sets available on Enterprise plans. All users invited by email — no shared credentials.

Get Started

Ready to see it live?

We'll walk you through a live provisioning cycle using your own Slate export structure. No commitment required.

Request Access Talk to us