Integration

As part of the IAM Roadmap, the IAM Team is consolidating its authentication offerings into a single service. Customers are being migrated off of our legacy authentication providers, UTLogin and UT Shibboleth, and onto Enterprise Authentication.

Transitioning from UTLogin? Email us at iam-integrations@utlists.utexas.edu.

Pre-Requisites

Review Concepts

When considering the development or acquisition of a new software product, it is important to understand some core identity management concepts. For example: what is the difference between the UT Electronic Identifier (UT EID), the eduPersonPrincipalName (ePPN), and the Institutional Identifier (IID)? Which identifier should you request?

• See Identity Concepts
• The Beer Drinker’s Guide to SAML (Duo Security)
• How Shibboleth Works (Shibboleth Consortium)

Review Requirements

In order to function with our IdP, your SAML SP will need to meet some requirements.

• IAM Requirements
• KB0017671: Metadata Requirements

Onboarding Process

If you are interested in allowing customers to sign in to your web-based application, site, or service you will need to follow the below process:

Please note that the typical turnaround time to onboard a new authentication integration is 4 – 6 weeks. This time may increase to 10 – 12 weeks during times of high demand (e.g., before the start of a new semester).

1. Request – Once you have completed the above steps, you may submit an Integration Request Form. This form will create a ticket in UT ServiceNow. Our Integration Engineers will review your request and work with you to clarify any questions our team may have about your request.
   • Submit the Integration Request Form.
2. Approve – In order to move forward, the following approvals will be needed:
   • The Acceptable Use Policy will need to be acknowledged and signed by your department.
   • The UT Information Security Office (ISO) will review and approve your submitted documents.
3. Configure, Test, and Verify – Once the ISO has approved your integration documentation, we will assign your request to one of our integration engineers who will work with you to configure, test, and verify your integration.
   • KB0017671: Customer Metadata Requirements
   • KB0017849: Shibboleth Service Provider (SP) Examples
   • KB0017850: SimpleSAMLphp Examples
   • KB0017626: SAML Customer Testing Checklist

Change Requests

If you would like to make a change to an existing authentication integration, please review our Change Request process.

Questions

If you have any questions throughout this process, please e-mail us at iam-integrations@utlists.utexas.edu.