IAM Announcements

Below is an archive of all major IAM announcements.

December 11, 2025, Filed Under: Announcements, Enterprise Authentication Changelog, Guest Authentication

Guest Authentication & OpenID Connect Launch – General Availability December 2025

The Identity and Access Management (IAMIAM Identity and Access Management (IAM) is a set of policies, processes, and technologies designed to ensure that the right individuals (identities) have the right access to resources within an organization. IAM involves managing and securing digital identities, controlling access to systems and data, and maintaining the confidentiality, integrity, and availability of information.) Team is pleased to announce the launch of two new service offerings: Guest AuthenticationAuthentication Authentication is the act of determining that a person is who they claim to be. For more information, see our Concepts page. and Enterprise Authentication – OpenID Connect (OIDCOIDC OpenID Connect 1.0 (OIDC) is an authentication layer built on OAuth 2.0 where the identity provider that runs the authorization server also holds the protected resource that the third-party application aims to access.). Both offerings are now available!!!

WHAT’S NEW

Guest Authentication
- Guest Authentication empowers guests, such as external collaborators, visiting scholars, and other non-EIDUT EID The University of Texas Electronic Identity (UT EID or EID) is the public records identifier for principals at the university. See our Concepts page for more information.-holding users to securely access designated University systems and resources without requiring a standard University account.
- This new service enables university departments and applications to securely provide access to guests and individuals who are loosely affiliated with the University, for whom creating and using an EID would be burdensome. It offers robust security and compliance while streamlining authentication for external collaborators, visiting scholars, and other non-EID-holding users. Guest Authentication allows guests to efficiently access designated university resources, fostering smoother collaboration and engagement across our campus community. Authentication using Google, Microsoft, Apple, and InCommon will all be supported by Guest Authentication. Other authentication providers can be considered upon request.
OpenID Connect (OIDC)
- OIDC simplifies (1) verifying the identity of users based on the authentication performed by an AuthorizationAuthorization Authorization refers to the act of determining whether an authenticated user is allowed to access a specific resource or take a specific action. For more information, see our Concepts page. Server and (2) obtaining user profile information.
- OIDC provides a modern, standardized authentication protocol that enhances security, interoperability, and ease of integration for applications requiring authentication. This addition to Enterprise Authentication extends available authentication protocols that are supported for use by the university community.

For more information or to request Guest Authentication, please see our Authentication solutions page or our Authentication business service on UT ServiceNow.

December 20, 2023, Filed Under: Announcements, Enterprise Group Services Release Notes

Enterprise Group Services in Soft Launch

The IAMIAM Identity and Access Management (IAM) is a set of policies, processes, and technologies designed to ensure that the right individuals (identities) have the right access to resources within an organization. IAM involves managing and securing digital identities, controlling access to systems and data, and maintaining the confidentiality, integrity, and availability of information. Team is excited to announce the soft launch of Enterprise Group Services (EGS). EGS allows university departments to automate the management of application and system authorizationAuthorization Authorization refers to the act of determining whether an authenticated user is allowed to access a specific resource or take a specific action. For more information, see our Concepts page. groups. EGS group membership is managed using Attribute-Based Access Control (ABACABAC Attribute-Based Access Control (ABAC) is a mechanism for managing of user access to information systems based on values of user attributes. Attribute-Based Access Control (ABAC) evaluates the access dynamically, using an algorithm that takes “attributes” as an input, and outputs access decision (allow/deny). The attributes are usually user attributes from the user profile, supplemented with context attributes, such as time of access and user’s current location.) rules with members being added and removed automatically.

EGS represents the culmination of IGA Modernization‘s first phase, focused on Group and Role Management and the implementation of midPoint and Grouper, two major components of the InCommon Trusted Access Platform.

EGS is currently in soft launch and working with selected early adopters. While the team will field requests from other University departments, requests from early adopters will be prioritized.

For more information or to request a group, please see our Group and Role Management solutions page or our Group and Role Management business service on UT ServiceNow.

March 26, 2021, Filed Under: Announcements, Authentication

Upcoming changes to InCommon SAML Federation

WHAT’S CHANGING?

The Identity and Access Management (IAMIAM Identity and Access Management (IAM) is a set of policies, processes, and technologies designed to ensure that the right individuals (identities) have the right access to resources within an organization. IAM involves managing and securing digital identities, controlling access to systems and data, and maintaining the confidentiality, integrity, and availability of information.) team has been working to consolidate authenticationAuthentication Authentication is the act of determining that a person is who they claim to be. For more information, see our Concepts page. services into one service called Enterprise Authentication and subsequently retire UT Shibboleth by August 2021.

The transition for applications directly integrated with UT Shibboleth through the InCommon Federation will not support a phased approach. The IAM team is working with UT System to coordinate a cutover on a pre-determined date, currently scheduled for Thursday, May 27, 2021.

On the day of the cutover, the University of Texas at Austin’s identity provider in the InCommon Federation will be updated from UT Shibboleth to Enterprise Authentication.

Delays in the propagation of the change may be expected for up to 24 hours. If you manage or utilize an application in the InCommon Federation, you should verify functionality following the cutover.

Additional communications will be sent via distribution list prior to cutover leading up to the May 27, 2021 date. These communications will remind customers of the change and urge them to verify proper service functionality following the change.

IMPACT AND RISK

Applications could experience a brief impact to service availability on Thursday, May 27, 2021 depending on how frequently the application’s metadata is being refreshed. The IAM team anticipates that most applications will be minimally impacted.

WHEN?

This change will take effect on Thursday, May 27, 2021.

ACTION REQUIRED

If your team manages web applications that authenticate using an InCommon Federation integration, you are encouraged to validate login functionality after you receive a confirmation from the IAM team of the completed change on May 27, 2021.

If you experience issues that persist beyond 24 hours post cutover, please reach out to the UT Service Desk.

QUESTIONS?

You may reference the UT Shibboleth to Enterprise Authentication Transition Plan KB article for more information about the UT Shibboleth retirement.

For an overview and general information about InCommon federated identity, please see the InCommon Federation services documentation

If you have any further questions or need technical assistance, please contact the UT Service Desk at 512.475.9400 or help@utexas.edu.

December 14, 2020, Filed Under: Announcements, Directory Services

UT Directory now requires log in with UT EID starting Dec. 14

The Identity and Access Management Team is re-posting the following communication from the university’s Information Security Office to campus staff.

Dear Colleagues,

The UT Directory, also known as the University White Pages Directory, now requires login with UT EIDUT EID The University of Texas Electronic Identity (UT EID or EID) is the public records identifier for principals at the university. See our Concepts page for more information. and password and Duo for multifactor authenticationAuthentication Authentication is the act of determining that a person is who they claim to be. For more information, see our Concepts page. and is only accessible to members of the university community.

This change is intended to increase security and privacy and combat aggressive data mining from outside organizations for the purpose of socially engineering phishing and vishing scams that target members of the university community. When Duo for multi-factor authentication was applied to most UT services in May 2020, attempts to phish credentials related to Duo increased with the goal of compromising the user’s account. Visit the ITS project page for more information.

Employees can reference the Change Information in the University Directory article in the askUS Knowledge Base for more information on UT Directory data.

A similar message has been sent to students. Students may contact Texas One Stop for help updating their personal information in the UT Directory.

Any university community member with an EIDUT EID The University of Texas Electronic Identity (UT EID or EID) is the public records identifier for principals at the university. See our Concepts page for more information. can find or reset their EID, manage their password, and get other forms of help with their EID by visiting the UT EID Self-Service Tools page.

What is phishing?

The act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft is called “phishing

What is vishing?

Vishing is when you receive a call from someone, either a real person or an automation, encouraging you to take an action or give them sensitive data.

For more information on protecting your data, visit the Information Security Office website, https://security.utexas.edu/

Information Security Office
The University of Texas at Austin
security@utexas.edu
https://security.utexas.edu

April 28, 2020, Filed Under: Announcements, Authentication, Multi-Factor Authentication

Upcoming changes to Multi-Factor Authentication (MFA)

What’s Changing?

In support of the Multi-Factor Authentication (MFA) Strategy produced by the Information Security Office (ISOISO The Information Security Office (ISO) is the University’s information security team.), Enterprise AuthenticationAuthentication Authentication is the act of determining that a person is who they claim to be. For more information, see our Concepts page. and UT Shibboleth will be configured to enforce multi-factor authentication for current faculty, current staff, current students, future faculty, and future staff regardless of the resource being accessed on June 15, 2020. The Executive Compliance Committee approved the date and approach on April 15, 2020.

Multi-factor authentication provides an additional level of security when using university online services. Cyber-security attacks are on the rise with 20% more university accounts compromised in 2019 as compared to 2018. Additionally, compromised student and guest accounts have risen 51% since 2018. Forecasting from the university’s ISO predicts this growth will only continue without intervention.

More information can be found on the Campus-Wide MFA Implementation project page.

When?

May 26, 2020 – Canvas and Zoom
June 15, 2020 – All other applications integrated with Enterprise Authentication and UT Shibboleth.

ITSITS Information Technology Services (ITS) will begin communicating broadly to campus end users in mid-May.

Action Required

Application owners should perform analysis and/or testing of their applications to ensure readiness for this change.

If you are an application owner and do not think that your application will be prepared for June 15, you must request a temporary reprieve by submitting an ISO Exception Request.

Questions?

If you are an application owner and would like assistance in testing, please contact mfateam@utlists.utexas.edu.

If you have any questions or need further assistance, please contact the Service Desk at 512.475.9400 or help@utexas.edu