UT Shield

Identity and Access Management

The University of Texas at Austin

You are here: Home / Archives for Announcements

IAM Announcements

, Filed Under: Announcements

Upcoming changes to Multi-Factor Authentication (MFA)

What’s Changing?

In support of the Multi-Factor Authentication (MFA) Strategy produced by the Information Security Office (ISO), Enterprise Authentication and UT Shibboleth will be configured to enforce multi-factor authentication for current faculty, current staff, current students, future faculty, and future staff regardless of the resource being accessed on June 15, 2020. The Executive Compliance Committee approved the date and approach on April 15, 2020.

Multi-factor authentication provides an additional level of security when using university online services. Cyber-security attacks are on the rise with 20% more university accounts compromised in 2019 as compared to 2018. Additionally, compromised student and guest accounts have risen 51% since 2018. Forecasting from the university’s ISO predicts this growth will only continue without intervention.

More information can be found on the Campus-Wide MFA Implementation project page.

When?

  • May 26, 2020 – Canvas and Zoom
  • June 15, 2020 – All other applications integrated with Enterprise Authentication and UT Shibboleth.

ITS will begin communicating broadly to campus end users in mid-May.

Action Required

Application owners should perform analysis and/or testing of their applications to ensure readiness for this change.        

If you are an application owner and do not think that your application will be prepared for June 15, you must request a temporary reprieve by submitting an ISO Exception Request.

Questions?

If you are an application owner and would like assistance in testing, please contact mfateam@utlists.utexas.edu.

If you have any questions or need further assistance, please contact the Service Desk at 512.475.9400 or help@utexas.edu

, Filed Under: Announcements, Enterprise Authentication Changelog

News from the Transition to Enterprise Authentication Project – October 2019

Enterprise Authentication is LIVE

The implementation of the new Enterprise Authentication service is complete, and the service is now live in production.

The Identity and Access Management (IAM) team is now undertaking the first phase of a project to migrate over 800 integrations from UTLogin to Enterprise Authentication. Transition managers are working to schedule customer transitions with the goal to have all UTLogin transitions complete by the end of 2020 and retire UTLogin in December 2020. The transition focus will then shift to transitioning UT Shibboleth customers.

Ready to Integrate with Enterprise Authentication?

If you are an existing UTLogin customer and have not been contacted by a transition manager, please reach out to the team by emailing iam-integrations@utlists.utexas.edu .

New IAM authentication customers can find information about the integration process and initiate a new integration by visiting https://iamservices.utexas.edu/integration/.

All customers are welcome to visit the Enterprise Authentication ServiceNow page to find more information including answers to frequently asked questions.

Resources

Want to know more about Enterprise Authentication? Visit the Enterprise Authentication ServiceNow page and/or review some of these commonly asked-about topics:

You may also be interested in our other ServiceNow Knowledge Articles.

Connect with the Enterprise Authentication Team

For questions or comments, send an email to entauthn@utlists.utexas.edu.

, Filed Under: Announcements, Enterprise Authentication Changelog

ITS Campus Solutions is Consolidating to Standards-Based Enterprise Authentication

What is changing and why?

The Identity and Access Management (IAM) team is deprecating the agent-based authentication model and adopting standards-based web authentication.

For UT servers and applications using UTLogin, this will involve transitioning to a new Enterprise Authentication service, which provides Security Assertion Markup Language (SAML 2).

The goal of this change is to provide a standards-based authentication method. SAML 2 represents established industry standards, which the majority of software vendors support. Additionally, having fewer authentication methods means a better single sign-on experience and faster integrations.

The IAM team will begin contacting UTLogin customers to develop transition plans in June 2019.

How will this affect me?

For most people who use protected websites and applications, the transition to Enterprise Authentication will not require any attention or action. There may be small changes to the look and feel of the login screens; but, overall, the login process will be the same. Some end users may be asked to authenticate multiple times as our authentication customers migrate to the new service.

This change primarily impacts individuals who manage servers and web applications that use UTLogin. In order to focus on the transition to Enterprise Authentication, the IAM Team will no longer provision new Web Policy Agents (WPAs). Support for existing WPA and SAML customers will not be affected.

The IAM team has been working to develop processes to support transitioning customers to Enterprise Authentication. This includes documentation, training, and outreach. These efforts will continue and become more detailed over the coming months.

Questions?

Review our project page: Transition to Enterprise Authentication Project

Please send questions to: entauthn@utlists.utexas.edu

, Filed Under: Announcements

Upcoming configuration freeze dates for IAM services

What is changing and when?

To reduce the chance of system instability during the Workday go-live period, the Identity and Access Management (IAM) team will not make configuration changes, perform new integrations, or create new service accounts between October 14, 2018 and December 2, 2018 for the following service offerings:

  • Shibboleth
  • Two-factor authentication
  • uTexas Enterprise Directory (TED)
  • UTLogin

Actions required:

Please submit your configuration requests by September 26, 2018 to ensure your request is processed ahead of the freeze.

Additional information:

If you have an urgent request during the freeze, you may request an exception by following the process published in ServiceNow here.

Questions?

Please send questions to: help@its.utexas.edu.

, Filed Under: Announcements

UTLogin Stability Roadmap – June 2017

Colleagues,

As you may be aware, UTLogin provides centralized authentication services for more than 250 campus applications and processes more than 55 million authentication requests annually. As with all Identity & Access Management (IAM) services, our goal is for UTLogin to be reliable, secure, and easy-to-use. In the past year, we have not met the reliability expectations of campus (and ourselves) as UTLogin has experienced a number of outages.

I apologize for the disruption these issues have caused you, your customers, and your business processes. We are committed to addressing the root causes of these issues and restoring UTLogin to stable operations.

Although the IAM team has implemented fixes and mitigations after each service outage, new issues with different immediate causes continue to appear, pointing to a deeper set of problems that need to be addressed. After analyzing the 20 UTLogin service incidents that occurred from June 2016 to May 2017, we believe that the overall instability issues are caused by a combination of three major factors:

  • Customizations and Non-Standard Configuration – The OpenAM vendor product upon which UTLogin is based was heavily customized during implementation to meet unique UT Austin requirements, directly causing some issues and making diagnosis of other issues more difficult.
  • Aging System Components – The software components of the UTLogin system are at or reaching end-of-life, limiting support options and making issues harder to diagnose and address.
  • Changing Demands on UTLogin – The number and complexity of systems integrated with UTLogin have greatly increased, introducing new demands on the system.

The IAM team has developed a roadmap to address these issues and return UTLogin to stability:

  • Action 1: Stabilize the Current Environment – Put the current system in “critical fix only” mode, strictly manage configuration changes, and stop unproductive investment of time chasing down issues in the current environment. (Status: Complete)
  • Action 2: Simplify & Standardize UTLogin – Upgrade system components to current supported versions, remove customizations and non-standard configurations, minimize external dependencies, and review and simplify the authentication policy model. (Status: In progress. Expected completion for Requirements and Design: September 2017; Implementation timeline will depend on the Design.)
  • Action 3: Measure & Report Progress – Monitor key performance indicators (KPIs) and report progress toward improving stability to UTLogin customers and stakeholders. (Status: In progress. Expected completion for KPI reporting: July 2017)

You can read the complete the UTLogin Stability Roadmap here: http://links.utexas.edu/byjfjw external link.

We appreciate your continued support as we work to keep the University’s online environment safe and secure. If you have any questions, please send them to utlogin@utlists.utexas.edu email.

Sincerely,

Mario


MARIO A. LEAL, Jr., Senior IT Manager
The University of Texas at Austin  |  ITS Applications  |  512-471-6954  |  utexas.edu

Home
News
Integrations
Solutions
Roadmap
Resources
Opportunities
Help
Apollo
Authentication
EID
ID Photo Gateway
OHS Contacts (OHSC)
SailPoint IdentityIQ (IIQ)
Student Photo Roster
UT Directory (WHIPS)
uTexas Enterprise Directory (TED)
uTexas Identity Manager (TIM)
Virtual ID Cards
IT@UT
IT Maintenance Calendar
Service Alerts
IAM Committee
IT Leadership Council (ITLC)
Campus IT Policies
Information Security Office (ISO)
Information Technology Services (ITS)
Financial and Administrative Services (FAS)
ITS

P.O. Box 7407
Austin, TX 78713-7407
+1 512-475-9400
help@utexas.edu
Donate