Instructure is the O.G. champions of open edtech. The makers of Canvas, Mastery, and Parchment (solutions for learning, assessment, and credentialing). Host of the world's largest online community of educators.
Founded in 2008, Instructure is a global leader in learning technology powering education for millions of students and educators worldwide. It serves 8,000+ customers and is named No. 1 LMS in the world, preparing educators and learners for the challenges and opportunities ahead. They must maintain a vigilant and proactive approach to monitoring compliance-related activities, allowing them to promptly identify and address any deviations from established standards. Regular audits and assessments must be conducted to validate adherence to relevant frameworks. With continuous global expansion and increased audit requirements, Instructure needed a scalable, automated approach to access governance.
As Instructure continued to scale its global operations, the complexity of managing user access across cloud systems, internal tools, and critical infrastructure increased dramatically. Their SOC 2 compliance program required quarterly User Access Reviews (UARs), but the manual process email approvals, spreadsheets, screenshots, and copy-paste evidence had reached a breaking point. Reviewer fatigue grew, access validations were inconsistent, and audit preparation cycles consumed valuable IT and GRC resources.
Instructure needed a solution that not only automated reviews but also strengthened overall Identity Governance practices by eliminating privilege creep, reducing risk, and ensuring clean, defensible audit trails.
BalkanID partnered with Instructure to modernize and fully automate their access review lifecycle. Leveraging BalkanID’s purpose-built UAR engine, Instructure was able to replace fragmented processes with a centralized, intelligent, and auditor-friendly workflow designed for scale, accuracy, and operational efficiency.
BalkanID UAR enabled Instructure to:
Instead of manually orchestrating review rounds, BalkanID automatically launched, tracked, and completed UAR campaigns across hundreds of users and entitlements at the cadence required for SOC 2 and internal policy.
Using risk analytics and contextual insights, reviewers could instantly spot:
BalkanID transformed the experience for managers and technical reviewers:
This reduced time spent per reviewer and dramatically cut down on confusion and back-and-forth communication
Every action: approval, revocation, justification, timestamp, and reviewer identity, was automatically logged.
Auditors received:
Instructure integrated new applications using BalkanID’s no-code connectors and CSV onboarding, allowing GRC and IT teams, not developers to expand UAR coverage rapidly as the environment evolved.
"With BalkanID, we set-up user access campaigns for our AWS platform for hundreds of users in less than a week. The interface is intuitive and easy to administer, and we are able to filter on specific groups and permissions to customize our campaigns for high risk access levels. I’m excited to see this solution now available in a self-service model at an affordable price for other companies to benefit from."
Deepa Talreja
‍Senior Director of GRC at Instructure.
