- Updated internal OIDCOIDC OpenID Connect 1.0 (OIDC) is an authentication layer built on OAuth 2.0 where the identity provider that runs the authorization server also holds the protected resource that the third-party application aims to access. and SAMLSAML Security Assertion Markup Language (SAML) is a standard, XML-based language for exchanging authentication and authorization data between identity providers and service providers. This standard is currently used by Enterprise Authentication (as well as hundreds of service providers that integrate with our identity provider). components to improve security.
- Improved session management to reduce re-authenticationAuthentication Authentication is the act of determining that a person is who they claim to be. For more information, see our Concepts page. frequency.
Change Log – Enterprise Authentication – v20240228184941
- Updated internal OIDCOIDC OpenID Connect 1.0 (OIDC) is an authentication layer built on OAuth 2.0 where the identity provider that runs the authorization server also holds the protected resource that the third-party application aims to access. components to improve security.
Enterprise Group Services in Soft Launch
The IAMIAM Identity and Access Management (IAM) is a set of policies, processes, and technologies designed to ensure that the right individuals (identities) have the right access to resources within an organization. IAM involves managing and securing digital identities, controlling access to systems and data, and maintaining the confidentiality, integrity, and availability of information. Team is excited to announce the soft launch of Enterprise Group Services (EGS). EGS allows university departments to automate the management of application and system authorizationAuthorization Authorization refers to the act of determining whether an authenticated user is allowed to access a specific resource or take a specific action. For more information, see our Concepts page. groups. EGS group membership is managed using Attribute-Based Access Control (ABACABAC Attribute-Based Access Control (ABAC) is a mechanism for managing of user access to information systems based on values of user attributes. Attribute-Based Access Control (ABAC) evaluates the access dynamically, using an algorithm that takes “attributes” as an input, and outputs access decision (allow/deny). The attributes are usually user attributes from the user profile, supplemented with context attributes, such as time of access and user’s current location.) rules with members being added and removed automatically.
EGS represents the culmination of IGA Modernization‘s first phase, focused on Group and Role Management and the implementation of midPoint and Grouper, two major components of the InCommon Trusted Access Platform.
EGS is currently in soft launch and working with selected early adopters. While the team will field requests from other University departments, requests from early adopters will be prioritized.
For more information or to request a group, please see our Group and Role Management solutions page or our Group and Role Management business service on UT ServiceNow.
Change Log – Enterprise Authentication – v20231130185916
- Performed regression testing of the most recent tag (4.3.1_20231128_rocky8_multiarch) of the InCommon Trusted Access Platform (TAPTAP The InCommon Trusted Access Platform (TAP) is an identity and access management suite of software.) Shibboleth Identity Provider (IdPIdP An Identity Provider (IdP) is a software tool or service that offers user authentication as a service. The IdP manages the user's primary authentication credentials and issues assertions derived from those credentials. At UT Austin, the primary IdP used to authenticate the UT EID and EID Password is Enterprise Authentication, which is managed by the IAM Team. For more information, see our Concepts page.) image.
- Updated Enterprise AuthenticationAuthentication Authentication is the act of determining that a person is who they claim to be. For more information, see our Concepts page. to use tested tag.
- Updated OIDCOIDC OpenID Connect 1.0 (OIDC) is an authentication layer built on OAuth 2.0 where the identity provider that runs the authorization server also holds the protected resource that the third-party application aims to access. OPOP An OpenID Provider (OP) is an entity that has implemented the OpenID Connect and OAuth 2.0 protocols, OP’s can sometimes be referred to by the role it plays, such as: a security token service, an identity provider (IDP), or an authorization server. plugin to latest version (3.4.0).
- Updated OIDC Common plugin to latest version (2.2.1).
- Updated Duo OIDC plugin to latest version (1.4.1).
- Added OIDC Config plugin at latest version (1.0.1).
- Added configurations to support OIDC integrations.
- Retired unused integration configurations.
Change Log – Enterprise Authentication – v20230425040445
- Performed regression testing of the most recent tag (4.3.1_20230330_rocky8_multiarch) of the InCommon Trusted Access Platform (TAPTAP The InCommon Trusted Access Platform (TAP) is an identity and access management suite of software.) Shibboleth Identity Provider (IdPIdP An Identity Provider (IdP) is a software tool or service that offers user authentication as a service. The IdP manages the user's primary authentication credentials and issues assertions derived from those credentials. At UT Austin, the primary IdP used to authenticate the UT EID and EID Password is Enterprise Authentication, which is managed by the IAM Team. For more information, see our Concepts page.) image.
- Updated Enterprise AuthenticationAuthentication Authentication is the act of determining that a person is who they claim to be. For more information, see our Concepts page. to use tested tag.
- Updated OIDCOIDC OpenID Connect 1.0 (OIDC) is an authentication layer built on OAuth 2.0 where the identity provider that runs the authorization server also holds the protected resource that the third-party application aims to access. OPOP An OpenID Provider (OP) is an entity that has implemented the OpenID Connect and OAuth 2.0 protocols, OP’s can sometimes be referred to by the role it plays, such as: a security token service, an identity provider (IDP), or an authorization server. plugin to latest version (3.3.0).
- Updated OIDC Common plugin to latest version (2.1.0).
- Updated Duo OIDC plugin to latest version (1.3.0).
