Authentication
Authentication services determine if an end user is who they claim to be. End users may prove their identity using one or more factors of authentication: something you know (e.g., a UT EID and EID password), something you have (e.g., a mobile device or token), and something you are (e.g., biometrics). University departments and offices are encouraged to make use of the authentication service offerings to enable Single Sign-On (SSO) with the UT EID.
Enterprise Authentication is a consolidated, centralized authentication service which supports web-based applications through standard authentication protocols.
- Allows service providers to authenticate UT EID holders.
- Meets Minimum Security Standards for Application Development and Administration § 4.1.5
- Meets UT-IRUSP Standard 4: Access Management § 4.6 Multi-Factor Authentication Requirements.
- Provides single sign-on capability for participating applications.
- Provides multi-factor authentication where appropriate.
- Uses the Austin Active Directory as a back end user data store.
- Supports Security Access Markup Language v2.0 (SAML).
Enterprise Authentication is a common-good service available to University departments at no cost.
Service Level Objectives (SLOs)
Metric | Target |
---|---|
Availability | 99.491% |
Please note that these SLOs are dependent on other campus SLOs and are adjusted as those change.
Service Level Indicators (SLIs)
Service Level Indicators (SLIs) (i.e., whether or not the service met the Service Level Objectives (SLOs) have been met) are published at https://iamservices.utexas.edu/resources/metrics/.
Service Level Agreement (SLA)
Overview
This document defines the service level agreement for Enterprise Authentication.
Service Description
Enterprise Authentication uses the UT Electronic Identifier (UT EID) to provide secure single sign on (SSO) for University web applications using SAML.
Intended Users
Enterprise Authentication can be used by campus departments who wish to provide consistent authentication behavior to the consumers of their service.
Enterprise Authentication can be used by all UT EID holders for UT EID authentication.
Supported computing environment
Campus Departments and Organizations
Enterprise Authentication is the preferred UT EID authentication system for the University.
Service Providers must comply with the Security Assertion Markup Language (SAML) v2.0 OASIS Standard.
UT EID holders
It is expected that customers will use modern, standards-compliant web browsers with the latest security updates installed. Some features, such as U2F and WebAuthn, can only be used in browsers which support those protocols.
Technical Support
Both Tier 1 and Tier 2 technical support is available during normal business hours. Routine requests are typically addressed within one business day.
Tier 1
End users should start with Tier 1 technical support. Any user may contact the UT Service Desk at +1 512-475-9400.
Tier 2
Departmental support staff and the UT Service Desk may escalate issues to the Enterprise Authentication administrators. Customers referred to the Enterprise Authentication administrators will be contacted within one business day.
Maintenance
ITS will notify customers about both scheduled and unscheduled maintenance using the Alerts and Outages page for service availability and service delivery issues. Services may not be available during the maintenance periods.
Scheduled maintenance occurs on Tuesdays from 6:30 a.m. to 7:30 a.m. Please note that maintenance may not occur on every Tuesday. To the maximum extent possible, installation of service, application, and security updates will be performed during scheduled maintenance.
Unscheduled maintenance tasks that require service downtime will be announced as soon as possible on the Alerts & Outages page.
Change notifications and service availability and service delivery issues will be posted to the Alerts & Outages page.
User responsibilities
Users and owners of Enterprise Authentication-protected services agree to be aware of and adhere to the University's Acceptable Use Policy as well as the Information Resources Acceptable Use and Security Policy Agreement, as applicable.
Owners of Enterprise Authentication-protected services agree to:
- Be aware of an adhere to the Authentication Acceptable Use Policy.
- Implement best practices when feasible.
Guest Authentication is a centralized authentication service suitable for use with low-risk web-based services and applications to allow access without requiring a UT EID. This service allows guests to access protected resources using their Apple ID, Google Account, Microsoft Account, or an account from an identity provider in the InCommon Federation. Additionally, existing UT EID holders can authenticate to resources protected by Guest Authentication through the Enterprise Authentication service.
- Allows service providers to authenticate users via third-party accounts, or UT EID.
- Meets Minimum Security Standards for Application Development and Administration § 4.1.5
- Provides single sign-on capability for participating applications.
- Uses Apple, Google, Microsoft, InCommon Federation, and UT Enterprise Authentication as Identity Providers.
- Supports Security Access Markup Language v2.0 (SAML).
Guest Authentication is a common-good service available to University departments at no cost.
Service Level Objectives (SLOs)
Metric | Target |
---|---|
Availability | 99.491% |
Please note that these SLOs are dependent on other campus SLOs and are adjusted as those change.
Service Level Indicators (SLIs)
Service Level Indicators (SLIs) (i.e., whether or not the service met the Service Level Objectives (SLOs) have been met) are published at https://iamservices.utexas.edu/resources/metrics/.
Service Level Agreement (SLA)
Overview
This document defines the service level agreement for Guest Authentication.
Service Description
Guest Authentication uses the UT Electronic Identifier (UT EID) and other third-party identity providers to provide secure single sign on (SSO) for low-risk University web applications using SAML.
Intended Users
Guest Authentication can be used by campus departments who wish to provide consistent authentication behavior to the consumers of their service.
Guest Authentication can be used by all UT EID holders for UT EID authentication.
Supported computing environment
Campus Departments and Organizations
Guest Authentication is the preferred authentication system for low-risk University resources accessed by guests of the University.
Service Providers must comply with the Security Assertion Markup Language (SAML) v2.0 OASIS Standard.
It is expected that customers will use modern, standards-compliant web browsers with the latest security updates installed.
Technical Support
Both Tier 1 and Tier 2 technical support is available during normal business hours. Routine requests are typically addressed within one business day.
Tier 1
End users should start with Tier 1 technical support. Any user may contact the UT Service Desk at +1 512-475-9400.
Tier 2
Departmental support staff and the UT Service Desk may escalate issues to the Guest Authentication administrators. Customers referred to the Guest Authentication administrators will be contacted within one business day.
Maintenance
ITS will notify customers about both scheduled and unscheduled maintenance using the Alerts and Outages page for service availability and service delivery issues. Services may not be available during the maintenance periods.
Scheduled maintenance occurs on Tuesdays from 6:30 a.m. to 7:30 a.m. Please note that maintenance may not occur on every Tuesday. To the maximum extent possible, installation of service, application, and security updates will be performed during scheduled maintenance.
Unscheduled maintenance tasks that require service downtime will be announced as soon as possible on the Alerts & Outages page.
Change notifications and service availability and service delivery issues will be posted to the Alerts & Outages page.
User responsibilities
Users and owners of Guest Authentication-protected services agree to be aware of and adhere to the University's Acceptable Use Policy as well as the Information Resources Acceptable Use and Security Policy Agreement, as applicable.
Owners of Guest Authentication-protected services agree to:
- Be aware of an adhere to the Authentication Acceptable Use Policy.
- Implement best practices when feasible.
Multi-Factor Authentication (MFA) provides an additional level of security for university applications by adding additional factors of authentication (beyond the UT EID and EID password) to the sign-on process.
- Enhances the security of your personal information held within University systems (for example, paycheck bank routing information) by combating password fraud.
- Meets UT-IRUSP Standard 4: Access Management § 4.6 Multi-Factor Authentication Requirements.
Multi-Factor Authentication (MFA) is a common-good service available to University departments at no cost.
Service Level Objectives (SLOs)
Metric | Target |
---|---|
Availability | 98.900% |
Please note that these SLOs are dependent on other campus SLOs and are adjusted as those change.
Service Level Indicators (SLIs)
Service Level Indicators (SLIs) (i.e., whether or not the service met the Service Level Objectives (SLOs) have been met) are published at https://iamservices.utexas.edu/resources/metrics/.
Service Level Agreement (SLA)
Overview
This document defines the service level agreement for the EID-based Multi-Factor Authentication system.
Service Description
Multi-Factor Authentication provides an additional level of security for University applications by adding additional factors of authentication to the regular EID password authentication step.
Intended Users
Multi-Factor Authentication (MFA) protection for University applications and services is available at no cost to University CSUs.
An MFA account is available at no cost to University faculty, staff, and students.
Supported Computing Environment
Application and service owners who have integrated with the Enterprise Authentication service are supported out-of-the-box.
Application and service owners who have not integrated with those authentication services should contact the MFA Team to see if their environment is supported.
End users of the MFA service may use a number of supported devices including (but not limited to): iOS devices, Android devices, telephones which support voice calling features, Touch ID, and supported security keys.
Technical Support
Both Tier 1 and Tier 2 technical support is available during normal business hours. Routine requests are typically addressed within one business day.
Tier 1
End users should start with Tier 1 technical support. Any user can call the UT Service Desk at 512-475-9400.
Tier 2
Departmental support staff and the UT Service Desk may escalate issues to the Multi-Factor Authentication team. Customers referred to the Multi-Factor Authentication team will be contacted within one business day.
Maintenance
ITS will notify customers about both scheduled and unscheduled maintenance, as well as service availability and delivery issues, using the Alerts and Outages page. Services may not be available during maintenance periods.
Scheduled maintenance may occur at the following times:
- Thursdays between 6:30 AM and 7:00 AM
- Fridays between 3:00 AM and 6:00 AM
- Sundays between 6:00 AM and 10:00 AM
To the maximum extent possible the installation of service, application, and security updates will be performed during scheduled maintenance periods.
Unscheduled maintenance tasks that require service downtime will be announced as soon as possible on the Alerts and Outages page.
Change notification: ITS will notify customers of service availability and service delivery issues for Multi-Factor Authentication using the Alerts and Outages page.
User Responsibilities
Subscribers (users) of the service and identified owners/administrators agree to be aware of and adhere to the University's Acceptable Use Policy for University Employees and the university's Acceptable Use Policy for University Students, as applicable.