This site requires JavaScript to be enabled
Welcome Guest|
Recent searches
IE BUMPER

Authentication

Authentication services determine if an end user is who they claim to be. End users may prove their identity using one or more factors of authentication: something you know (e.g., a UT EID and EID password), something you have (e.g., a mobile device or token), and something you are (e.g., biometrics). University departments and offices are encouraged to make use of the authentication service offerings to enable Single Sign-On (SSO) with the UT EID

Authentication Self Help
  • Enterprise Authentication

    Enterprise Authentication is a consolidated, centralized authentication service which supports web-based applications through standard authentication protocols.

    Available to:Faculty and Staff,Students,Guest,Public
    Features
    • Allows service providers to authenticate UT EID holders.
    • Provides single sign-on capability for participating applications.
    • Provides mulit-factor authentication where appropriate.
    • Uses the Austin Active Directory as a backend user data store.
    • Supports Security Access Markup Language v2.0 (SAML).
    Cost

    Any EID holder with an active, valid UT EID is eligible to authenticate using Enterprise Authentication.

    University departments may integrate their service providers with Enterprise Authentication at no cost.

    Service Level Objectives

    Key Metrics

    • Production Availability: 99.491%

    Please note that this SLA is dependent on other campus SLAs and is adjusted as those change.

    Overview

    This document defines the service level agreement for Enterprise Authentication.

    Service description

    Enterprise Authentication uses the UT Electronic Identifier (UT EID) to provide secure single sign on (SSO) for university web applications using SAML.

    Intended users

    Enterprise Authentication can be used by campus departments who wish to provide consistent authentication behavior to the consumers of their service.

    Enterprise Authentication can be used by all UT EID holders for UT EID authentication.

    Supported computing environment

    Campus Departments and Organizations

    Enterprise Authentication is the preferred UT EID authentication system for the university.

    Service Providers must comply with the Security Assertion Markup Language (SAML) v2.0 OASIS Standard.

    UT EID holders

    It is expected that customers will use modern, standards-compliant web browsers with the latest security updates installed. Some features, such as U2F and WebAuthn, can only be used in browsers which support those protocols.

    Technical support

    Both Tier 1 and Tier 2 technical support is available during normal business hours. Routine requests are typically addressed within one business day.

    Tier 1

    End users should start with Tier 1 technical support. Any user may contact the UT Service Desk at +1 512-475-9400.

    Tier 2

    Departmental support staff and the UT Service Desk may escalate issues to the Enterprise Authentication administrators. Customers referred to the Enterprise Authentication administrators will be contacted within one business day.

    Maintenance

    ITS will notify customers about both scheduled and unscheduled maintenance using the Alerts and Outages page for service availability and service delivery issues. Services may not be available during the maintenance periods.

    Scheduled maintenance occurs on Tuesdays from 6:30 a.m. to 7:30 a.m. Please note that maintenance may not occur on every Tuesday. To the maximum extent possible, installation of service, application, and security updates will be performed during scheduled maintenance.

    Unscheduled maintenance tasks that require service downtime will be announced as soon as possible on the Alerts and Outages page.

    Change notification: ITS will notify customers using the Alerts and Outages page of service availability and service delivery issues for Enterprise Authentication.

    User responsibilities

    Users and owners of Enterprise Authentication-protected services agree to be aware of and adhere to the university's Acceptable Use Policy as well as the Information Resources Acceptable Use and Security Policy Agreement, as applicable.

    Owners of Enterprise Authentication-protected services agree to:

  • Shibboleth

    UT Austin's Shibboleth services provides authentication services to Service Providers who are unable to utilize Central Web Authentication.

    Shibboleth provides familiar UT EID based authentication to end users while customizing and restricting the attribute information provided to Service Providers.

    As part of the IAM Roadmap, the IAM Team is consolidating its authentication offerings into a single service. Customers are being migrated off of our legacy authentication providers, UTLogin and UT Shibboleth, and onto Enterprise Authentication.

    Available to:Faculty and Staff
    Features
    • Provides a single sign-on for both internal and external users.
    • Integrated with the uTexas Enterprise Directory (TED).
    • Provides multi-factor authentication where appropriate.
    • Reduces development time for access controls.
    • Reduces the need for end-users to maintain accounts with multiple organizations.
    • Currently supports Service Providers implementing the SAML 2.0 standard.
    Cost

    Shibboleth is centrally funded. There is no charge to the user for this service.

    Service Level Objectives

    Key Metrics

    • Production Availability: 99.3%

    Overview

    This document defines the service level agreement for Shibboleth.

    Service description

    UT Austin's Shibboleth services provides authentication services to Service Providers who are unable to utilize Central Web Authentication.

    Shibboleth provides familiar UT EID based authentication to end users while customizing and restricting the attribute information provided to Service Providers.

    Intended users

    Shibboleth can be used by campus departments or organizations who wish to provide consistent authentication behavior to the consumers of their service.

    Shibboleth is most commonly utilized when the Service Provider is a 3rd party vendor that is not housed on campus. Central Web Authentication and TED LDAP authentication services are not available for these Service Providers.

    Supported computing environment

    Service Providers may consult the Shibboleth documentation at the official site: Shibboleth

    Users of the services that implement Shibboleth authenticate through a familiar web interface. This login page is supported on the list of preferred secure browsers. The current list of browsers can be found on the university's Web Guidelines page.

    Technical support

    Both Tier 1 and Tier 2 technical support is available during normal business hours. Routine requests are typically addressed within one business day.

    Tier 1

    End users should start with Tier 1 technical support. Any user can call the UT Service Desk at 512-475-9400.

    Tier 2

    Departmental support staff and the UT Service Desk may escalate issues to Tier 2. The Identity Management (IDM) Liaison will refer issues to IDM team members as needed.

    Maintenance

    ITS will notify customers about both scheduled and unscheduled maintenance using the Alerts and Outages page of service availability and service delivery issues. Services may not be available during the maintenance periods.

    Scheduled maintenance may occur Thursday mornings at 9:00am, as needed. To the maximum extent possible, installation of service, application, and security updates will be performed during scheduled maintenance.

    Unscheduled maintenance tasks that require service downtime will be announced as soon as possible on the Alerts and Outages page.

    Change notification: ITS will notify customers using the Alerts and Outages page of service availability and service delivery issues for Shibboleth.

    User responsibilities

    Subscribers (users) of the service and identified owners/administrators agree to be aware of and adhere to the university's Acceptable Use Policy.

    Departments who implement a service utilizing this service agree to the Authentication Acceptable Use Policy (AUP).

  • Multi-Factor Authentication

    Multi-Factor Authentication (MFA) provides an additional level of security for university applications by adding additional factors of authentication (beyond the UT EID and EID password) to the sign-on process.

    Available to:Students,Faculty and Staff
    Features

    Enhances the security of your personal information held within university systems (for example, paycheck bank routing information) by combating password fraud.

    Compatible with iOS, Android, Blackberry, Windows and other mobile devices, eliminating the need for a separate one-time password key fob or other device.

    Cost

    Multi-Factor Authentication (MFA) protection for university applications and services is available at no cost to university CSUs.

    An MFA account is available at no cost to university faculty, staff, and students.

    Service Level Objectives

    Key Metrics

    Availability is dependent on the service used for Multi-Factor Authentication:

    • Enterprise Authentication: 99.491%
    • Shibboleth: 99.3%
    • UTLogin: 99.42%

    Please note that this SLO is dependent on other campus SLOs and is adjusted as those change.

    Overview
    This document defines the service level agreement for the EID-based Multi-Factor Authentication system.

    Service description
    Multi-Factor Authentication provides an additional level of security for university applications by adding additional factors of authentication to the regular EID password authentication step.

    Intended users
    Multi-Factor Authentication (MFA) protection for university applications and services is available at no cost to university CSUs.

    An MFA account is available at no cost to university faculty, staff, and students.

    Supported computing environment
    Application and service owners who have integrated with the Enterprise Authentication, UTLogin, or UT Shibboleth services are supported out-of-the-box.

    Application and service owners who have not integrated with those authentication services should contact the MFA Team to see if their environment is supported.

    End users of the MFA service may use a number of supported devices including (but not limited to): iOS devices, Android devices, cellular devices which support SMS text messages, telephones which support voice calling features, Touch ID, and supported security keys.

    Technical support
    Both Tier 1 and Tier 2 technical support is available during normal business hours. Routine requests are typically addressed within one business day.

    Tier 1
    End users should start with Tier 1 technical support. Any user can call the UT Service Desk at 512-475-9400.

    Tier 2
    Departmental support staff and the UT Service Desk may escalate issues to the Multi-Factor Authentication team. Customers referred to the Multi-Factor Authentication team will be contacted within one business day.

    Maintenance
    ITS will notify customers about both scheduled and unscheduled maintenance, as well as service availability and delivery issues, using the Alerts and Outages page. Services may not be available during maintenance periods.

    Scheduled maintenance may occur at the following times:

    • Thursdays between 6:30 AM and 7:00 AM
    • Fridays between 3:00 AM and 6:00 AM
    • Sundays between 6:00 AM and 10:00 AM

    To the maximum extent possible the installation of service, application, and security updates will be performed during scheduled maintenance periods.

    Unscheduled maintenance tasks that require service downtime will be announced as soon as possible on the Alerts and Outages page.

    Change notification: ITS will notify customers of service availability and service delivery issues for Multi-Factor Authentication using the Alerts and Outages page.

    User responsibilities
    Subscribers (users) of the service and identified owners/administrators agree to be aware of and adhere to the university's Acceptable Use Policy for University Employees and the university's Acceptable Use Policy for University Students, as applicable.