Integration

Concepts

When considering the development or acquisition of a new software product, it is important to understand some core identity management concepts. For example: what is the difference between the UT Electronic Identifier (UT EID), the eduPersonPrincipalName (ePPN), and the Institutional Identifier (IID)? Which identifier should you request?

• Identity Concepts
• Questions for Consideration
• The Beer Drinker’s Guide to SAML
• How Shibboleth Works

Requirements

Prior to purchasing a vendor solution, please review our Vendor Requirements to ensure that your solution will work with our Identity Provider (IdP).

Your SAML Service Provider (SP) will generate metadata which provides our IdP with instructions on how to interact with your SP. Please ensure that your metadata can meet our Metadata Requirements.

Request

Please note that the typical turnaround time to onboard a new authentication integration is 4 – 6 weeks. This may increase to 10 – 12 weeks during times of high demand (e.g., before the start of a new semester).

If you are working with a 3rd party vendor, you may provide them with a vendor-friendly questionnaire . (You will use their response to fill out the above Integration Request form.)

Approve

After review, the IAM Team will facilitate the following on your behalf:

• The Acceptable Use Policy will need to be acknowledged and signed by your department.
• The UT Information Security Office (ISO) will review and approve your submitted documents.
• If you are partnering with an external vendor, the UT Information Security Office (ISO) may need to conduct a Vendor Product Security Assessment

Configure, Test, Verify

Once the ISO has approved your integration documentation, we will assign your request to one of our integration engineers who will work with you to configure, test, and verify your integration.

• KB0017849: Shibboleth Service Provider (SP) Examples
• KB0017850: SimpleSAMLphp Examples
• KB0017626: SAML Customer Testing Checklist

Change Requests

If you would like to make a change to an existing authentication integration, please review our Change Request process.

Questions

If you have any questions throughout this process, please e-mail us at iam-integrations@utlists.utexas.edu.