As part of the IAM Roadmap, the IAM Team is consolidating its authentication offerings into a single service. Customers are being migrated off of our legacy authentication providers, UTLogin and UT Shibboleth, and onto Enterprise Authentication.
When considering the development or acquisition of a new software product, it is important to understand some core identity management concepts. For example: what is the difference between the UT Electronic Identifier (UT EID), the eduPersonPrincipalName (ePPN), and the Institutional Identifier (IID)? Which identifier should you request?
Prior to purchasing a vendor solution, please review our Vendor Requirements to ensure that your solution will work with our Identity Provider (IdP).
Your SAML Service Provider (SP) will generate metadata which provides our IdP with instructions on how to interact with your SP. Please ensure that your metadata can meet our Metadata Requirements.
Please note that the typical turnaround time to onboard a new authentication integration is 4 – 6 weeks. This may increase to 10 – 12 weeks during times of high demand (e.g., before the start of a new semester).
If you are working with a 3rd party vendor, you may provide them with a vendor-friendly questionnaire. (You will use their response to fill out the above Integration Request form.)
After review, the IAM Team will facilitate the following on your behalf:
- The Acceptable Use Policy will need to be acknowledged and signed by your department.
- The UT Information Security Office (ISO) will review and approve your submitted documents.
Configure, Test, Verify
Once the ISO has approved your integration documentation, we will assign your request to one of our integration engineers who will work with you to configure, test, and verify your integration.
- KB0017849: Shibboleth Service Provider (SP) Examples
- KB0017850: SimpleSAMLphp Examples
- KB0017626: SAML Customer Testing Checklist
If you would like to make a change to an existing authentication integration, please review our Change Request process.
If you have any questions throughout this process, please e-mail us at firstname.lastname@example.org.