AWS Public Sector Blog
How Fischer Identity rapidly built a natural-language tool for user permissions queries with AWS
Imagine you’re a university chief information officer (CIO) attending a board meeting, and the chair of the IT security and risk subcommittee asks you who currently has administrative access to the student information system. Or what specific permissions a particular faculty member has across campus systems. For all too many, the answer is: “Let me get back to you on that.”
That’s because obtaining that information usually requires the technical expertise and time to query a database in the right way to get the specific answer needed. It’s not something CIOs can typically do on demand in a boardroom. But what if they could get an accurate answer instantaneously, by asking the question the same way the board member did?
That’s exactly the problem Fischer Identity set out to solve. The company, a leader in identity and access management (IAM) and identity governance for higher education, partnered with the Amazon Web Services (AWS) Product Acceleration education technology (EdTech) team to build a generative AI tool that converts natural language into SQL queries—moving from proof of concept in 5 days and to beta readiness in only 6 months. This post explores how the collaboration produced a text-to-SQL solution that nontechnical security administrators can use to get instant answers.
Making a new interface more user-friendly
Fischer Identity was founded in 2005 out of a concern that the higher education sector was being left behind from an IT security perspective. The sector faces unique identity management challenges because of the many types of users—applicants, students, alumni, faculty, and staff—and strict security and compliance rules, including Family Educational Rights and Privacy Act (FERPA). Today, Fischer Identity works with higher education as well as finance, healthcare, government, and manufacturing clients to protect identities, reduce risk, and stay ahead of evolving compliance demands.
Known for its no-code, flexible, and configurable solutions, Fischer Identity has held the Identity as a Service® (IaaS®) trademark since 2007. Following a redesign of its interface in early 2025 to improve user experience, Fischer Identity sought to incorporate generative AI to make it even easier for clients to access the information they need to make business decisions.
“While working in higher education for almost 30 years before joining Fischer Identity, I kept hearing about CIOs struggling in board meetings or other high-level discussions because they didn’t have a way to get instantaneous access to their data,” said Mark Cox, associate vice president of Strategic IAM Advisory Services at Fischer Identity. “Using the power of AI to solve this problem is a great way to add value for our clients and maintain our leadership in the IAM space for higher education.”
Accelerating development with the AWS Product Acceleration team
As an AWS client since 2018, Fischer Identity has enjoyed regular updates from AWS leaders about new programs and services. “When we told them we were looking into how to incorporate more AI and machine learning (ML) capabilities into our product suite early in 2025, they told us they had an entire department that would come in and help us,” said Bryan Leber, Fischer Identity’s CEO.
That department was the AWS Product Acceleration team—a specialized group dedicated to helping EdTech companies rapidly move from concept to launch. The Fischer Identity team had already begun working on a design and roadmap for the new capabilities, and the AWS Product Acceleration team highlighted which AI components would be necessary to accomplish that vision. After a couple of sessions on requirements gathering, the two teams met in person for a week-long collaborative working session.
“Our teams worked collectively to build out the AI features. By the end of the week, we presented the proof of concept, and the two teams discussed the value that we got out of the process on both sides,” explained Leber. This intensive collaboration allowed Fischer Identity to compress months of development work into a single work week, establishing the technical foundation that would carry the product from proof of concept to beta readiness in only 6 months.
Key to the success of the working session was the technical expertise that AWS contributed, according to Fischer Identity. “They brought some of their senior people with them, and it was really beneficial to have that knowledge and experience in the room with us,” added Cox. It enabled the product development team to surmount technical challenges more quickly because they could tap into the knowledge of AWS staff who had addressed similar problems on other projects.
The product uses several AWS products and services, including Amazon Bedrock for generative AI functionality, AWS Lambda for computing, Amazon Relational Database Service (Amazon RDS) for storing and querying data, and Amazon Simple Storage Service (Amazon S3) for data storage. Because Fischer Identity’s products were built on AWS infrastructure, adding the AI/ML components was relatively straightforward. From the user’s perspective, the interface resembles a chat interface that they’re familiar with from other products.
At a high level, when a user types a question into the chat-based assistant, Claude by Anthropic in Amazon Bedrock converts it into a SQL query that is run against the live data to return the results—all in the blink of an eye. A set of predefined questions is built in, but clients can easily add to or delete questions as needed. Amazon Bedrock Guardrails help filter out inappropriate or unrelated questions, and several security layers protect the data and maintain access restrictions. The tool is also designed to meet FERPA and other compliance standards.
Next steps: From generative to agentic AI
Fischer Identity has rolled out the beta version to a handful of clients and expects to make the product generally available later this quarter. Although it’s too early for concrete results yet, Fischer Identity leadership expects that the new product will improve operational efficiency for their clients, with faster problem-solving and fewer calls to the help desk. Early beta feedback suggests strong adoption, with security administrators and help desk staff particularly enthusiastic about having instant access to permission and access data.
“There are a number of people across the university—from help desk staff to administrative staff to IT staff—who all need to have this data at their fingertips but do not have this kind of access today,” explained Cox. “We think the operational gains for users will be quite impressive.”
Cox described scenarios in which help desk staff will more easily pinpoint why a faculty member’s contact information is not showing up in the online directory, or why a student can no longer access their email account, or who currently has access to what. In the past, getting answers required contacting multiple departments and running custom reports—a process that could take hours or even days. Now, they’ll be able to figure out immediately that there was a predefined qualifier missing from the student or faculty member’s account, for example.
And it’s not only help desk staff who will benefit from having relevant data at their fingertips. The CIO in the board meeting will go from saying, “Let me get back to you on that,” to saying, “Give me a minute and I’ll answer that question for you.”
The Fischer Identity team is already working on using additional AWS products to incorporate more generative and agentic AI capabilities into future product releases. These could include features that watch for errors, handle routine tasks automatically, or fix problems on their own. But when taking advantage of new technologies, Cox cautions, “We seek to do so in a meaningful way that brings value to the client, not simply to change the ‘wow’ factor.”
Ready to accelerate your EdTech product development with AWS? Contact the AWS EdTech team today.