The SailPoint IdentityIQ (IIQ) application is live at the University of Texas at Austin as of October 11, 2017! All technical environments are functioning and verified. The foundational functions for Group & Role Management are in place. The early adopter applications are on-boarded with their planned features including roles, access requests, provisioning, and reporting.
A big thank you to all of our early adopters in the Moody College of Communication, Intercollegiate Athletics, ITS Systems, ITS Networking, and ITS Applications. We could not have done it without your support.
For more information on the IAM Modernization Program and future phases, please see the Identity and Access Management Modernization Program website.
SailPoint IIQ can provide enhanced security, compliance, efficiency, and functionality for your application and support team. Examples of features SailPoint IIQ can provide are:
- Automated provisioning of access for applications. For instance, if access for an application is managed via an Active Directory group or a TED group, IIQ can automatically add users to that group based on pre-defined assignment criteria and remove users when they no longer meet that criteria.
- Access requests and approval for applications. If access to an application needs approvals prior to being granted, SailPoint IIQ can provide self-service access requests that are automatically routed to defined approvers.
- Reporting on identity information, such as affiliations to the University, for application users and reporting when users no longer have current affiliations.
To learn more about SailPoint IIQ and on-boarding your application, please visit the SailPoint IIQ service page.
Release Notes – EID System – uTexas Identity Manager – Version 2018.1.0
* [EID-3039] – Migrate non-use lock sweep to new Splunk index
* [EID-2940] – Push memberOf attribute values to TED when a record is deleted and re-added
* [EID-2999] – Link to Help Broken
* [EID-3029] – Details of the issue have been withheld
* [EID-3043] – Update Hosts for PNA
* [EID-2912] – Improve TIM fabfile to facilitate TIM maintenance
* [EID-3026] – Details of the issue have been withheld
* [EID-3038] – Details of the issue have been withheld
Release Notes – EID System – uTexas Identity Manager – Version 2017.7.2
* [EID-3036] – Move TED1 to the new multi-master address in QUAL
* [EID-3034] – Turn off TED2 in Qual
* [EID-3035] – Turn off TED2 in Prod
Release Notes – EID System – uTexas Identity Manager – Version 2017.7.0
* [EID-3013] – TIM caches a bad connection when RabbitMQ is not up
* [EID-3020] – Invalid REST EID in Person Update Should throw TIMUserException
* [EID-3021] – TIM REST Update Person Throwing NPE
* [EID-3022] – TIM REST Update Person Throwing TIMNameException instead of TIMRestUserException
** New Feature
* [EID-2941] – Add Web Central Redirects to TIM
* [EID-3012] – Create a way to verify TIM-REST deployed correctly
* [EID-3015] – Adhoc to Recalculate utexasEduPersonSchoolMajorCode for existing Students
* [EID-3017] – Natural and Adabas Changes for Job Class Code and Org Unit
* [EID-3014] – Add RabbitMQ Start/Stop to the TIM OS Patching Fabric Script
* [EID-3023] – Change address of TED Test Master
* [EID-3027] – Upgrade Spring JDBC
* [EID-3028] – TED Notifier Hanging
Release Notes – EID System – uTexas Identity Manager – Version 2017.6.0
* [EID-2959] – TestIdentityRestorerXmlImpl does not properly set password reset flag
* [EID-3009] – (Details of the issue have been withheld)
** New Feature
* [EID-3011] – (Details of the issue have been withheld)
* [EID-2985] – (Details of the issue have been withheld)
* [EID-2932] – Create RabbitMQ feed for merges
* [EID-2972] – Install RabbitMQ on the TIM Servers
* [EID-2982] – (Details of the issue have been withheld)
As you may be aware, UTLogin provides centralized authentication services for more than 250 campus applications and processes more than 55 million authentication requests annually. As with all Identity & Access Management (IAM) services, our goal is for UTLogin to be reliable, secure, and easy-to-use. In the past year, we have not met the reliability expectations of campus (and ourselves) as UTLogin has experienced a number of outages.
I apologize for the disruption these issues have caused you, your customers, and your business processes. We are committed to addressing the root causes of these issues and restoring UTLogin to stable operations.
Although the IAM team has implemented fixes and mitigations after each service outage, new issues with different immediate causes continue to appear, pointing to a deeper set of problems that need to be addressed. After analyzing the 20 UTLogin service incidents that occurred from June 2016 to May 2017, we believe that the overall instability issues are caused by a combination of three major factors:
- Customizations and Non-Standard Configuration – The OpenAM vendor product upon which UTLogin is based was heavily customized during implementation to meet unique UT Austin requirements, directly causing some issues and making diagnosis of other issues more difficult.
- Aging System Components – The software components of the UTLogin system are at or reaching end-of-life, limiting support options and making issues harder to diagnose and address.
- Changing Demands on UTLogin – The number and complexity of systems integrated with UTLogin have greatly increased, introducing new demands on the system.
The IAM team has developed a roadmap to address these issues and return UTLogin to stability:
- Action 1: Stabilize the Current Environment – Put the current system in “critical fix only” mode, strictly manage configuration changes, and stop unproductive investment of time chasing down issues in the current environment. (Status: Complete)
- Action 2: Simplify & Standardize UTLogin – Upgrade system components to current supported versions, remove customizations and non-standard configurations, minimize external dependencies, and review and simplify the authentication policy model. (Status: In progress. Expected completion for Requirements and Design: September 2017; Implementation timeline will depend on the Design.)
- Action 3: Measure & Report Progress – Monitor key performance indicators (KPIs) and report progress toward improving stability to UTLogin customers and stakeholders. (Status: In progress. Expected completion for KPI reporting: July 2017)
You can read the complete the UTLogin Stability Roadmap here: http://links.utexas.edu/byjfjw.
We appreciate your continued support as we work to keep the University’s online environment safe and secure. If you have any questions, please send them to firstname.lastname@example.org.
MARIO A. LEAL, Jr., Senior IT Manager
The University of Texas at Austin | ITS Applications | 512-471-6954 | utexas.edu
In order to enhance the stability of UTLogin, the Realm Policy Manager (RPM) was disabled on Thursday, June 9, 2017.
The UTLogin RPM allowed realm administrators to manage and make changes to their own realms. Unfortunately, it was determined that the mechanism by which these changes took place could, under certain circumstances, cause production outages among all UTLogin customers. Thus, the decision was made to disable RPM functionality.
If you would like to request a change to your realm, you may do so using the UTLogin Realm Change Request form.
The UTLogin team is currently working hard on making a number of infrastructural changes, software updates, and re-thinking some architectural best practices to stabilize the UTLogin service. We anticipate being able to restore the delegated administrative functions of the RPM in the future, though possibly in a different form.
To keep up-to-date on UTLogin releases, please ensure that you are subscribed to our utlogin-announce mailing list and keep an eye here for future release news.
** Development Task
* [UTL-320] – Enhancements to improve system stability
* [UTL-344] – Consider changing “cluster” in consumer documentation to “VIP”
* [UTL-349] – Change Horizontal Padding on Error Messages
* [UTL-374] – Enhancements to improve system stability
Release Notes – EID System – uTexas Identity Manager – Version 2017.5.0
** Development Task
* [EID-2992] – New Entitlement for OLLI at TCC
* [EID-3008] – Details of the issue have been withheld
** New Feature
* [EID-2979] – Integration to IIQ – Person Data
* [EID-2980] – Details of the issue have been withheld
* [EID-2879] – Add IP Address into Logon Info/Password Changes Info
* [EID-2988] – Transition Instance of Nexus
* [EID-2973] – Details of the issue have been withheld
* [EID-2984] – Decrease TED batch size
* [EID-2991] – Details of the issue have been withheld
* [EID-2996] – Clean up exception handling to simplify REST interface
* [EID-2997] – Details of the issue have been withheld
* [EID-3000] – Details of the issue have been withheld
* [EID-3006] – Create officeLocation field for Person Update API
* [EID-3007] – Ensure that all partitions of the Update Person API are modular
** Access Request
* [UTL-336] – Update footer links to CIO website
** Development Task
* [UTL-275] – URLs that Point to Web Central Must Be Updated
* [UTL-333] – Update “Why am I here?” link to new location
* [UTL-318] – UTLogin-Duo integration not properly handling cases where user has only hardware token
* [UTL-368] – Pressing enter does not produce the same results as a button click
* [UTL-130] – Avoid breaking the login page error message Change Password link across a line break
* [UTL-338] – In RPM, Disable Save Button When Clicked for a period of time
* [UTL-348] – Update 2FA Page Help Link
* [UTL-353] – UTLogin changes to SAML context for UT System wide SSO