UT Shield

IAM Announcements

Below is an archive of all major IAM announcements.

, Filed Under: Announcements, Directory Services

UT Directory now requires log in with UT EID starting Dec. 14

The Identity and Access Management Team is re-posting the following communication from the university’s Information Security Office to campus staff.

Dear Colleagues,

The UT Directory, also known as the University White Pages Directory, now requires login with UT EIDUT EID The University of Texas Electronic Identity (UT EID or EID) is the public records identifier for principals at the university. See our Concepts page for more information. and password and Duo for multifactor authenticationAuthentication Authentication is the act of determining that a person is who they claim to be. For more information, see our Concepts page. and is only accessible to members of the university community.

This change is intended to increase security and privacy and combat aggressive data mining from outside organizations for the purpose of socially engineering phishing and vishing scams that target members of the university community. When Duo for multi-factor authentication was applied to most UT services in May 2020, attempts to phish credentials related to Duo increased with the goal of compromising the user’s account. Visit the ITS project page for more information.

Employees can reference the Change Information in the University Directory article in the askUS Knowledge Base for more information on UT Directory data.

A similar message has been sent to students. Students may contact Texas One Stop for help updating their personal information in the UT Directory.

Any university community member with an EIDUT EID The University of Texas Electronic Identity (UT EID or EID) is the public records identifier for principals at the university. See our Concepts page for more information. can find or reset their EID, manage their password, and get other forms of help with their EID by visiting the UT EID Self-Service Tools page.

What is phishing?

The act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft is called “phishing

What is vishing?

Vishing is when you receive a call from someone, either a real person or an automation, encouraging you to take an action or give them sensitive data.

For more information on protecting your data, visit the Information Security Office website, https://security.utexas.edu/

Information Security Office
The University of Texas at Austin
security@utexas.edu
https://security.utexas.edu

, Filed Under: Announcements, Authentication, Multi-Factor Authentication

Upcoming changes to Multi-Factor Authentication (MFA)

What’s Changing?

In support of the Multi-Factor Authentication (MFA) Strategy produced by the Information Security Office (ISOISO The Information Security Office (ISO) is the University’s information security team.), Enterprise AuthenticationAuthentication Authentication is the act of determining that a person is who they claim to be. For more information, see our Concepts page. and UT Shibboleth will be configured to enforce multi-factor authentication for current faculty, current staff, current students, future faculty, and future staff regardless of the resource being accessed on June 15, 2020. The Executive Compliance Committee approved the date and approach on April 15, 2020.

Multi-factor authentication provides an additional level of security when using university online services. Cyber-security attacks are on the rise with 20% more university accounts compromised in 2019 as compared to 2018. Additionally, compromised student and guest accounts have risen 51% since 2018. Forecasting from the university’s ISO predicts this growth will only continue without intervention.

More information can be found on the Campus-Wide MFA Implementation project page.

When?

  • May 26, 2020 – Canvas and Zoom
  • June 15, 2020 – All other applications integrated with Enterprise Authentication and UT Shibboleth.

ITSITS Information Technology Services (ITS) will begin communicating broadly to campus end users in mid-May.

Action Required

Application owners should perform analysis and/or testing of their applications to ensure readiness for this change.        

If you are an application owner and do not think that your application will be prepared for June 15, you must request a temporary reprieve by submitting an ISO Exception Request.

Questions?

If you are an application owner and would like assistance in testing, please contact mfateam@utlists.utexas.edu.

If you have any questions or need further assistance, please contact the Service Desk at 512.475.9400 or help@utexas.edu

, Filed Under: Announcements, Authentication, Enterprise Authentication Changelog

News from the Transition to Enterprise Authentication Project – October 2019

Enterprise AuthenticationAuthentication Authentication is the act of determining that a person is who they claim to be. For more information, see our Concepts page. is LIVE

The implementation of the new Enterprise Authentication service is complete, and the service is now live in production.

The Identity and Access Management (IAMIAM Identity and Access Management (IAM) is a set of policies, processes, and technologies designed to ensure that the right individuals (identities) have the right access to resources within an organization. IAM involves managing and securing digital identities, controlling access to systems and data, and maintaining the confidentiality, integrity, and availability of information.) team is now undertaking the first phase of a project to migrate over 800 integrations from UTLogin to Enterprise Authentication. Transition managers are working to schedule customer transitions with the goal to have all UTLogin transitions complete by the end of 2020 and retire UTLogin in December 2020. The transition focus will then shift to transitioning UT Shibboleth customers.

Ready to Integrate with Enterprise Authentication?

If you are an existing UTLogin customer and have not been contacted by a transition manager, please reach out to the team by emailing iam-integrations@utlists.utexas.edu .

New IAM authentication customers can find information about the integration process and initiate a new integration by visiting https://iamservices.utexas.edu/integration/.

All customers are welcome to visit the Enterprise Authentication ServiceNow page to find more information including answers to frequently asked questions.

Resources

Want to know more about Enterprise Authentication? Visit the Enterprise Authentication ServiceNow page and/or review some of these commonly asked-about topics:

You may also be interested in our other ServiceNow Knowledge Articles.

Connect with the Enterprise Authentication Team

For questions or comments, send an email to entauthn@utlists.utexas.edu.

, Filed Under: Announcements, Authentication, Enterprise Authentication Changelog

ITS Campus Solutions is Consolidating to Standards-Based Enterprise Authentication

What is changing and why?

The Identity and Access Management (IAMIAM Identity and Access Management (IAM) is a set of policies, processes, and technologies designed to ensure that the right individuals (identities) have the right access to resources within an organization. IAM involves managing and securing digital identities, controlling access to systems and data, and maintaining the confidentiality, integrity, and availability of information.) team is deprecating the agent-based authenticationAuthentication Authentication is the act of determining that a person is who they claim to be. For more information, see our Concepts page. model and adopting standards-based web authentication.

For UT servers and applications using UTLogin, this will involve transitioning to a new Enterprise Authentication service, which provides Security Assertion Markup Language (SAMLSAML Security Assertion Markup Language (SAML) is a standard, XML-based language for exchanging authentication and authorization data between identity providers and service providers. This standard is currently used by Enterprise Authentication (as well as hundreds of service providers that integrate with our identity provider). 2).

The goal of this change is to provide a standards-based authentication method. SAML 2 represents established industry standards, which the majority of software vendors support. Additionally, having fewer authentication methods means a better single sign-on experience and faster integrations.

The IAM team will begin contacting UTLogin customers to develop transition plans in June 2019.

How will this affect me?

For most people who use protected websites and applications, the transition to Enterprise Authentication will not require any attention or action. There may be small changes to the look and feel of the login screens; but, overall, the login process will be the same. Some end users may be asked to authenticate multiple times as our authentication customers migrate to the new service.

This change primarily impacts individuals who manage servers and web applications that use UTLogin. In order to focus on the transition to Enterprise Authentication, the IAM Team will no longer provision new Web Policy Agents (WPAs). Support for existing WPA and SAML customers will not be affected.

The IAM team has been working to develop processes to support transitioning customers to Enterprise Authentication. This includes documentation, training, and outreach. These efforts will continue and become more detailed over the coming months.

Questions?

Review our project page: Transition to Enterprise Authentication Project

Please send questions to: entauthn@utlists.utexas.edu