What is changing and why?
The Identity and Access Management (IAM) team is deprecating the agent-based authenticationAuthentication Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to a system’s resources. model and adopting standards-based web authentication.
For UT servers and applications using UTLogin, this will involve transitioning to a new Enterprise Authentication service, which provides Security Assertion Markup LanguageSAML Security Assertion Markup Language (SAML) is a standard, XML-based language for exchanging authentication and authorization data between identity providers and service providers. This standard is currently used by Enterprise Authentication (as well as hundreds of service providers that integrate with our identity provider). (SAMLSAML Security Assertion Markup Language (SAML) is a standard, XML-based language for exchanging authentication and authorization data between identity providers and service providers. This standard is currently used by Enterprise Authentication (as well as hundreds of service providers that integrate with our identity provider). 2).
The goal of this change is to provide a standards-based authentication method. SAML 2 represents established industry standards, which the majority of software vendors support. Additionally, having fewer authentication methods means a better single sign-on experience and faster integrations.
The IAM team will begin contacting UTLogin customers to develop transition plans in June 2019.
How will this affect me?
For most people who use protected websites and applications, the transition to Enterprise Authentication will not require any attention or action. There may be small changes to the look and feel of the login screens; but, overall, the login process will be the same. Some end users may be asked to authenticate multiple times as our authentication customers migrate to the new service.
This change primarily impacts individuals who manage servers and web applications that use UTLogin. In order to focus on the transition to Enterprise Authentication, the IAM Team will no longer provision new Web Policy Agents (WPAs). Support for existing WPA and SAML customers will not be affected.
The IAM team has been working to develop processes to support transitioning customers to Enterprise Authentication. This includes documentation, training, and outreach. These efforts will continue and become more detailed over the coming months.
Questions?
Review our project page: Transition to Enterprise Authentication Project
Please send questions to: entauthn@utlists.utexas.edu
