We unified access for over 800 portals serving 100,000+ users. Discover how we built a custom, centralized Identity Provider using Duende IdentityServer and Blazor to modernize educational operations.

Building a Custom IdP for School District Association

Product

Centralized web-based authentication and identity provider for multi-portal environments

Vertical

Education

Client

School District Association

Buyer persona

Operations and IT staff of the School Districts Association responsible for portal access, user management, and platform stability

Provided services

Architecture design, application development, identity infrastructure modernization, migration support

Technology

ASP.NET Blazor, Duende IdentityServer, Oqtane CMS, OAuth 2.0 / OIDC, MS SQL, HTML, CSS, JavaScript

The Challenge: Fragmented Authentication Across Hundreds of Portals

The School Districts Association supported a complex digital ecosystem of over 800 portals serving 100,000+ users, including school district staff, administrators, and members.

This ecosystem had grown organically over time and relied on:

– DNN-based infrastructure.

– Custom-built authentication logic duplicated across portals.

– Multiple user databases and validation paths.

– Third-party identity components layered on top of an already complex setup.

As a result, authentication flows were hard to maintain and risky to change, and integrations between portals were brittle and inconsistent. At the same time, user administration required manual effort across systems. Ultimately, scaling or modernizing the infrastructure increased technical debt.

The client needed a way to simplify identity management without disrupting existing portals or user workflows.

The Objective: One Identity Provider, Many Portals

The association’s goal was to modernize authentication while preserving operational continuity. Specifically, they needed a solution that could:

– Act as a standards-compliant Identity Provider.

– Centralize authentication, registration, and user administration.

– Support OIDC/OAuth 2.0 for seamless integration with existing and future applications.

– Enable migration from DNN to a modern CMS without forcing content rewrites.

– Integrate with an existing membership database used as the source of truth.

– Reduce reliance on third-party identity plugins

In short, the client wanted one secure identity backbone that could serve all portals: current and future.

The Solution: A Centralized Identity Server with Modern CMS Integration

We designed and implemented a custom Identity Provider built around Duende IdentityServer and a Blazor-based application, positioned as the single authentication authority for the entire ecosystem.

Core architecture highlights:

  • Duende IdentityServer as the authentication broker.
  • Custom Blazor application for login, registration, and user management.
  • OIDC-based integrations with all portals and systems.
  • Oqtane CMS introduced as a modern replacement for DNN in multi-tenant environments

How the system works

Centralized Identity Provider

We built a dedicated identity application using ASP.NET Blazor and Duende IdentityServer.

It handles:

  • Login and registration flows.
  • Token issuance via OAuth 2.0 / OIDC.
  • User administration and validation workflows.
  • Integration with the existing membership database

All custom authentication logic was consolidated into this single system, eliminating duplication across portals.

Oqtane CMS migration and integration

To modernize content delivery without disrupting users:

  • Oqtane CMS replaced DNN for self-administered school district portals.
  • Each Oqtane portal authenticates via OIDC redirects to the centralized Identity Provider.
  • Oqtane APIs enable automated provisioning of tenants and entities/
  • Existing content structures were preserved, avoiding costly content migrations.

Integration with existing platforms

The solution was designed to work with the client’s current infrastructure:

  • The main website continues to use Episerver but authenticates via OIDC.
  • The LMS integrates directly with the Identity Provider, removing the need for third-party identity plugins.
  • The legacy AS400-based membership database remains the system of record, while IdentityServer handles authentication and authorization.

The Results: Simpler Architecture, Stronger Security, Easier Growth

The new identity architecture fundamentally transformed how authentication is handled across the organization.

Key outcomes include:

  • Centralized authentication: one identity provider for all portals and applications.
  • Reduced complexity: no more duplicated login logic or fragmented user flows.
  • Improved security posture: standards-based OAuth 2.0 / OIDC implementation.
  • Operational efficiency: user administration handled from a single system.
  • Future-ready foundation: new portals and applications can be integrated quickly.

What was once a fragile, hard-to-maintain setup is now a clean, resilient, and scalable identity ecosystem.

Long-term value

With this solution in place, the School Districts Association now has a modern identity platform ready to support growth beyond 100,000 users. The client also gets a clear path away from legacy CMS constraints, full control over authentication without vendor lock-in. and an architecture aligned with modern security and compliance expectations

The Identity Provider is now a strategic platform component supporting every digital initiative the association launches next.

Tech Stack

Blazor

Blazor

Duende IdentityServer

Duende IdentityServer

Oqtane CMS

Oqtane CMS

MS SQL

MS SQL

HTML

HTML

CSS

CSS

JavaScript

JavaScript

I agree to use cookies to provide the best possible user experience for this site. I understand that I can change these preferences at any time.
Privacy