UT Shield

Identity and Access Management

The University of Texas at Austin

Alienware Longhorn Esports Arena and Lounge

Case Study: The University of Texas at Austin’s Identity and Access Management Team Launches Guest AuthenticationAuthentication Authentication is the act of determining that a person is who they claim to be. For more information, see our Concepts page. SSOSSO Single Sign-On (SSO) is a service which allows a user to use one set of credentials to access multiple applications. Service

Background

The Identity and Access Management (IAMIAM Identity and Access Management (IAM) is a set of policies, processes, and technologies designed to ensure that the right individuals (identities) have the right access to resources within an organization. IAM involves managing and securing digital identities, controlling access to systems and data, and maintaining the confidentiality, integrity, and availability of information.) Team at The University of Texas at Austin (UT Austin) is not alone in recognizing a growing need to provide visitors and guests a streamlined authentication solution without a need to create a new University account. This need was especially prominent in facilities such as the Alienware Longhorn Esports Arena and Lounge where a diverse array of users – students, visitors, and esports enthusiasts – required secure and efficient access to the systems.

The Challenges

Traditional University authentication systems are designed primarily for faculty, staff, and students. Since these individuals all have close relationships with the University, it is reasonable to require them to each create a set of University credentials. This approach poses several challenges:

  1. Convenience: Visitors and guests must create and manage separate University credentials.
  2. Security: Extraneous credentials increase risk and potential attack vectors.
  3. Compliance: Applications are subjected to rigorous security standards which are not aligned with their risk profiles.
  4. Logging and Monitoring: Detailed logging and monitoring are essential.

The Solution: Guest Authentication SSO Service

To address these challenges, the IAM Team developed a new Guest Authentication Single Sign-On (SSO) service. This service is designed to allow users to authenticate using their chosen Identity Provider (IdPIdP An Identity Provider (IdP) is a software tool or service that offers user authentication as a service. The IdP manages the user's primary authentication credentials and issues assertions derived from those credentials. At UT Austin, the primary IdP used to authenticate the UT EID and EID Password is Enterprise Authentication, which is managed by the IAM Team. For more information, see our Concepts page.): either their University credentials or one of a variety of social platforms such as Google, Facebook, and LinkedIn.

Key Features

  1. Multiple Providers: Multiple providers reduce the creation of University-specific accounts.
  2. Optimized Security: Multi-Factor Authentication (MFAMFA Authentication makes use of one or more factors of authentication: something you know (e.g., a password), something you have (e.g., your smartphone), or something you are (e.g., a fingerprint). Multi-Factor Authentication (MFA) makes use of two or more factors when authenticating you. For more information, see our Concepts page.) and robust information security standards ensure a secure sign on experience.
  3. Detailed Logging: Comprehensive logging supports security audits and user activity monitoring.
  4. Convenience: Familiar social login options significantly enhances user convenience and reduces barriers to accessing University systems.

Implementation and Launch

The implementation of the Guest Authentication SSO service involved several key steps:

  1. Requirement Analysis: The IAM Team conducted thorough research and stakeholder consultations to understand the specific needs and security requirements.
  2. Development and Integration: The team developed the service, integrating it with both the University’s existing authentication infrastructure and various social IdPs.
  3. Testing and Validation: Rigorous testing was conducted to ensure the system’s security, reliability, and compliance with information security standards.
  4. Deployment: The service was rolled out in phases beginning with the Alienware Longhorn Esports Arena. Feedback from this initial deployment was used to refine and optimize the system prior to broader implementation.

Figure 1. Guest Authentication Identity Provider GUI

Outcomes

The launch of the Guest Authentication SSO service delivered several significant benefits:

  1. Enhanced User Experience: Users appreciated the convenience of signing on with familiar social credentials, resulting in a smoother and faster authentication process.
  2. Improved Security: By reducing the number of University-specific credentials and incorporating robust security measures the system minimized potential security risks.
  3. Compliance and Monitoring: The detailed logging and adherence to information security standards ensured that the system met all regulatory requirements and provided comprehensive data for security audits.
  4. Customer Satisfaction: The Alienware Longhorn Esports Arena reported high levels of satisfaction from its users, noting the seamless integration and ease of access provided by the new service.

Conclusion

The UT Austin IAM Team’s innovative Guest Authentication SSO service exemplifies how Universities can leverage modern identity management solutions to enhance user convenience while maintaining high security standards. By allowing guests to authenticate using a variety of social platforms, the service not only streamlined access but also reinforced the University’s commitment to providing secure and user-friendly systems. The successful deployment at the Alienware Longhorn Esports Arena highlights the potential for broader application across the University, promising further improvements in user experience and security.