Authentication
Authentication services determine if an end user is who they claim to be. End users may prove their identity using one or more factors of authentication: something you know (e.g., a UT EID and EID password), something you have (e.g., a mobile device or token), and something you are (e.g., biometrics). University departments and offices are encouraged to make use of the authentication service offerings to enable Single Sign-On (SSO) with the UT EID
Enterprise Authentication is a consolidated, centralized authentication service which supports web-based applications through standard authentication protocols.
- Allows service providers to authenticate UT EID holders.
- Provides single sign-on capability for participating applications.
- Provides mulit-factor authentication where appropriate.
- Uses the Austin Active Directory as a backend user data store.
- Supports Security Access Markup Language v2.0 (SAML).
Any EID holder with an active, valid UT EID is eligible to authenticate using Enterprise Authentication.
University departments may integrate their service providers with Enterprise Authentication at no cost.
Key Metrics
- Production Availability: 99.491%
Please note that this SLA is dependent on other campus SLAs and is adjusted as those change.
Overview
This document defines the service level agreement for Enterprise Authentication.
Service description
Enterprise Authentication uses the UT Electronic Identifier (UT EID) to provide secure single sign on (SSO) for university web applications using SAML.
Intended users
Enterprise Authentication can be used by campus departments who wish to provide consistent authentication behavior to the consumers of their service.
Enterprise Authentication can be used by all UT EID holders for UT EID authentication.
Supported computing environment
Campus Departments and Organizations
Enterprise Authentication is the preferred UT EID authentication system for the university.
Service Providers must comply with the Security Assertion Markup Language (SAML) v2.0 OASIS Standard.
UT EID holders
It is expected that customers will use modern, standards-compliant web browsers with the latest security updates installed. Some features, such as U2F and WebAuthn, can only be used in browsers which support those protocols.
Technical support
Both Tier 1 and Tier 2 technical support is available during normal business hours. Routine requests are typically addressed within one business day.
Tier 1
End users should start with Tier 1 technical support. Any user may contact the UT Service Desk at +1 512-475-9400.
Tier 2
Departmental support staff and the UT Service Desk may escalate issues to the Enterprise Authentication administrators. Customers referred to the Enterprise Authentication administrators will be contacted within one business day.
Maintenance
ITS will notify customers about both scheduled and unscheduled maintenance using the Alerts and Outages page for service availability and service delivery issues. Services may not be available during the maintenance periods.
Scheduled maintenance occurs on Tuesdays from 6:30 a.m. to 7:30 a.m. Please note that maintenance may not occur on every Tuesday. To the maximum extent possible, installation of service, application, and security updates will be performed during scheduled maintenance.
Unscheduled maintenance tasks that require service downtime will be announced as soon as possible on the Alerts and Outages page.
Change notification: ITS will notify customers using the Alerts and Outages page of service availability and service delivery issues for Enterprise Authentication.
User responsibilities
Users and owners of Enterprise Authentication-protected services agree to be aware of and adhere to the university's Acceptable Use Policy as well as the Information Resources Acceptable Use and Security Policy Agreement, as applicable.
Owners of Enterprise Authentication-protected services agree to:
- Be aware of an adhere to the Authentication Acceptable Use Policy.
- Implement best practices when feasible.
UT Austin's Shibboleth services provides authentication services to Service Providers who are unable to utilize Central Web Authentication.
Shibboleth provides familiar UT EID based authentication to end users while customizing and restricting the attribute information provided to Service Providers.
As part of the IAM Roadmap, the IAM Team is consolidating its authentication offerings into a single service. Customers are being migrated off of our legacy authentication providers, UTLogin and UT Shibboleth, and onto Enterprise Authentication.
- Provides a single sign-on for both internal and external users.
- Integrated with the uTexas Enterprise Directory (TED).
- Provides multi-factor authentication where appropriate.
- Reduces development time for access controls.
- Reduces the need for end-users to maintain accounts with multiple organizations.
- Currently supports Service Providers implementing the SAML 2.0 standard.
Shibboleth is centrally funded. There is no charge to the user for this service.
Key Metrics
- Production Availability: 99.3%
Overview
This document defines the service level agreement for Shibboleth.
Service description
UT Austin's Shibboleth services provides authentication services to Service Providers who are unable to utilize Central Web Authentication.
Shibboleth provides familiar UT EID based authentication to end users while customizing and restricting the attribute information provided to Service Providers.
Intended users
Shibboleth can be used by campus departments or organizations who wish to provide consistent authentication behavior to the consumers of their service.
Shibboleth is most commonly utilized when the Service Provider is a 3rd party vendor that is not housed on campus. Central Web Authentication and TED LDAP authentication services are not available for these Service Providers.
Supported computing environment
Service Providers may consult the Shibboleth documentation at the official site: Shibboleth
Users of the services that implement Shibboleth authenticate through a familiar web interface. This login page is supported on the list of preferred secure browsers. The current list of browsers can be found on the university's Web Guidelines page.
Technical support
Both Tier 1 and Tier 2 technical support is available during normal business hours. Routine requests are typically addressed within one business day.
Tier 1
End users should start with Tier 1 technical support. Any user can call the UT Service Desk at 512-475-9400.
Tier 2
Departmental support staff and the UT Service Desk may escalate issues to Tier 2. The Identity Management (IDM) Liaison will refer issues to IDM team members as needed.
Maintenance
ITS will notify customers about both scheduled and unscheduled maintenance using the Alerts and Outages page of service availability and service delivery issues. Services may not be available during the maintenance periods.
Scheduled maintenance may occur Thursday mornings at 9:00am, as needed. To the maximum extent possible, installation of service, application, and security updates will be performed during scheduled maintenance.
Unscheduled maintenance tasks that require service downtime will be announced as soon as possible on the Alerts and Outages page.
Change notification: ITS will notify customers using the Alerts and Outages page of service availability and service delivery issues for Shibboleth.
User responsibilities
Subscribers (users) of the service and identified owners/administrators agree to be aware of and adhere to the university's Acceptable Use Policy.
Departments who implement a service utilizing this service agree to the Authentication Acceptable Use Policy (AUP).
Multi-Factor Authentication (MFA) provides an additional level of security for university applications by adding additional factors of authentication (beyond the UT EID and EID password) to the sign-on process.
Enhances the security of your personal information held within university systems (for example, paycheck bank routing information) by combating password fraud.
Compatible with iOS, Android, Blackberry, Windows and other mobile devices, eliminating the need for a separate one-time password key fob or other device.
Multi-Factor Authentication (MFA) protection for university applications and services is available at no cost to university CSUs.
An MFA account is available at no cost to university faculty, staff, and students.
Key Metrics
Availability is dependent on the service used for Multi-Factor Authentication:
- Enterprise Authentication: 99.491%
- Shibboleth: 99.3%
- UTLogin: 99.42%
Please note that this SLO is dependent on other campus SLOs and is adjusted as those change.
Overview
This document defines the service level agreement for the EID-based Multi-Factor Authentication system.
Service description
Multi-Factor Authentication provides an additional level of security for university applications by adding additional factors of authentication to the regular EID password authentication step.
Intended users
Multi-Factor Authentication (MFA) protection for university applications and services is available at no cost to university CSUs.
An MFA account is available at no cost to university faculty, staff, and students.
Supported computing environment
Application and service owners who have integrated with the Enterprise Authentication, UTLogin, or UT Shibboleth services are supported out-of-the-box.
Application and service owners who have not integrated with those authentication services should contact the MFA Team to see if their environment is supported.
End users of the MFA service may use a number of supported devices including (but not limited to): iOS devices, Android devices, cellular devices which support SMS text messages, telephones which support voice calling features, Touch ID, and supported security keys.
Technical support
Both Tier 1 and Tier 2 technical support is available during normal business hours. Routine requests are typically addressed within one business day.
Tier 1
End users should start with Tier 1 technical support. Any user can call the UT Service Desk at 512-475-9400.
Tier 2
Departmental support staff and the UT Service Desk may escalate issues to the Multi-Factor Authentication team. Customers referred to the Multi-Factor Authentication team will be contacted within one business day.
Maintenance
ITS will notify customers about both scheduled and unscheduled maintenance, as well as service availability and delivery issues, using the Alerts and Outages page. Services may not be available during maintenance periods.
Scheduled maintenance may occur at the following times:
- Thursdays between 6:30 AM and 7:00 AM
- Fridays between 3:00 AM and 6:00 AM
- Sundays between 6:00 AM and 10:00 AM
To the maximum extent possible the installation of service, application, and security updates will be performed during scheduled maintenance periods.
Unscheduled maintenance tasks that require service downtime will be announced as soon as possible on the Alerts and Outages page.
Change notification: ITS will notify customers of service availability and service delivery issues for Multi-Factor Authentication using the Alerts and Outages page.
User responsibilities
Subscribers (users) of the service and identified owners/administrators agree to be aware of and adhere to the university's Acceptable Use Policy for University Employees and the university's Acceptable Use Policy for University Students, as applicable.