• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
UT Shield
Enterprise Technology
  • Home
  • News
    • Announcements
    • Authentication
    • Directory Services
    • Group and Role Management
    • Identity Management
    • Infrastructure
  • Solutions
    • Authentication
    • Directory Services
    • Group and Role Management
    • Identity Management
    • Tools
    • Other Solutions
  • Resources
    • Case Studies
    • Concepts
    • Directory Schema
    • Policies
    • Technical Docs
    • Terminology
    • Vendor Guide
  • About
    • Metrics
    • Opportunities
    • Roadmap
    • Values
  • Help

Authentication Acceptable Use Policy

About Centralized AuthenticationAuthentication Authentication is the act of determining that a person is who they claim to be. For more information, see our Concepts page. Services

Centralized authentication services are provided by Enterprise Technology for use by campus departments and their duly sponsored third-party service providers. Centralized authentication services allow service providers to participate in single sign-on authentication based on the University of Texas Electronic Identity (UT EIDUT EID The University of Texas Electronic Identity (UT EID or EID) is the public records identifier for principals at the university. See our Concepts page for more information.).

Centralized authentication services currently consist of the following offerings:

  • Enterprise Authentication
  • Guest Authentication
  • Multi-Factor Authentication
  • uTexas Enterprise Directory (TEDTED The uTexas Enterprise Directory (TED) is the University’s enterprise directory. See uTexas Enterprise Directory (TED) in the service catalog for more information.)

Authentication protocols

Enterprise Authentication provides a Security Assertion Markup Language (SAMLSAML Security Assertion Markup Language (SAML) is a standard, XML-based language for exchanging authentication and authorization data between identity providers and service providers. This standard is currently used by Enterprise Authentication (as well as hundreds of service providers that integrate with our identity provider).) v2.0-compliant Identity Provider (IdPIdP An Identity Provider (IdP) is a software tool or service that offers user authentication as a service. The IdP manages the user's primary authentication credentials and issues assertions derived from those credentials. At UT Austin, the primary IdP used to authenticate the UT EID and EID Password is Enterprise Authentication, which is managed by the IAM Team. For more information, see our Concepts page.) which authenticates UT EID holders on behalf of Service Providers (SPsSP A Service Provider (SP) is the server/system which hosts the resource. In this context, you (or your vendor) are configuring the SP that provides a service to your customers. Your SP will integrate with our IdP. For more information, see our Concepts page.) and provides trusted SPs with attributes about those identities for the purposes of federating authorizationAuthorization Authorization refers to the act of determining whether an authenticated user is allowed to access a specific resource or take a specific action. For more information, see our Concepts page. and access management.

Guest Authentication is a centralized authentication service suitable for use with low-risk web-based services and applications to allow access without requiring a UT EID. This service allows guests to access protected resources using their Apple ID, Google Account, Microsoft Account, or an account from an identity provider in the InCommon Federation.

Multi-factor authentication is provided by the third-party provider Duo Security. This authentication is integrated with Enterprise Authentication. Multi-factor authentication is also integrated with a number of other services on campus such as the University’s Virtual Private Network (VPN).

The uTexas Enterprise Directory (TED) provides a Lightweight Directory Access Protocol (LDAPLDAP Lightweight Directory Access Protocol (LDAP) is a set of protocols for accessing information directories based on the standards contained within the X.500 standard, but is significantly simpler.) v3 interface which provides trusted TED Service Accounts with the ability to authenticate UT EID holders and obtain attributes about those identities for the purposes of federating authorization and access management.

Sources of identity data

All centralized authentication services rely upon centralized directories which are not, themselves, the systems of record for any identity attributes. Under exceptional circumstances these systems may not reflect the most current, official status of a student or employee.

System Use and Responsibilities

Exclusive, non-transferable use

You agree that non-public information (i.e., information not available through public sources such as the white pages directory) that your service accesses through centralized authentication services will be used only to control access to your application and/or for the specific purposes described in your request for access.

Protection of identity data

You also agree that restricted data obtained via your service and/or it’s credentials will not be presented to users by your application, nor will you divulge it to others, unless specified in your request for access.

If your system displays data to users that has been restricted from release by the subject of the data, the system must indicate to the user that the data is release-restricted.

Other applicable policies and statutes

You agree to use this service in a manner consistent with this policy and with other university rules governing acceptable use of information technology, including confidential data.

You also agree to comply with all applicable state and federal laws. The Family Educational Rights and Privacy Act of 1974 (FERPAFERPA The Family Educational Rights and Privacy Act of 1974 (FERPA) is a federal law which pertains to the release of and access to educational records.) restricts access to student records. These legal restrictions apply to all users of centralized authentication services.

Confidentiality of records

All account holders are responsible for maintaining the confidentiality of records made available through centralized authentication services.

Best Practices

Where applicable, all customers of centralized authentication services are expected to make use of best practices.

Liability

All sponsoring departments are responsible for the actions taken by their sponsored third-party service providers on their behalf.

Failure to comply

Failure to comply with this policy may result in the immediate discontinuation of service or disciplinary actions without notice. Failure to comply with applicable laws could result in civil actions or criminal charges.

Security Requirements

Exclusive, non-transferable use

A sponsoring department with access to centralized authentication services must not provide that access to other applications or for purposes other than those included in the original request for access.

Logging and monitoring

All centralized authentication services are subject to logging and security monitoring.

Access controls

Any attempts to circumvent centralized authentication services access rules, policies, and mechanisms is strictly prohibited.

Servers, applications, and other resources with access to centralized authentication services must be protected from unauthorized physical and electronic access.

Excessive usage

The use of centralized authentication services must be responsible, efficient, and non-disruptive.

In the event of excessive consumption of centralized authentication services, administrators will work with specified contacts to address the cause(s). If the cause(s) cannot be resolved, administrators reserve the right to suspend access privileges without notice.

Use of encryption

The sponsoring department agrees that user passwords, service shared secrets, and other non-public information will be transmitted only via approved encryption methods. This includes communications between the departmental application and centralized authentication services, and also any communications involved in making use of the data retrieved from centralized authentication services.

Reporting security incidents

Departments and their sponsored third-party service providers agree that they will immediately report any breach of security to the Information Security Office (ISOISO The Information Security Office (ISO) is the University’s information security team.) and the centralized authentication services administrators.

Policy Acknowledgement Renewal

Acknowledgement of this policy must be renewed on an annual basis. Renewal is required in order to maintain access to centralized authentication services.

Further Information

For more information about centralized authentication services, please visit the Identity and Access Management Services page.

For more information about UT Austin’s information technology policies, please visit https://it.utexas.edu/policies.

For more information about the Information Security Office’s policies, standards, and guidelines, please visit https://security.utexas.edu/policies.

Change Log

  • November 4, 2020 – Updated links, removed references to UTLogin.
  • January 10, 2022 – Removed references to UT Shibboleth and consolidation of authentication services.
  • March 11, 2025 – Changed Information Technology Services (ITSITS Information Technology Services (ITS)) to Enterprise Technology. Updated several links.

Primary Sidebar

Recent News

  • Release Notes – IGA Infrastructure – Release 2025.2.2
  • Release Notes – SailPoint IdentityIQ (IIQ) – Version 2025.2.0
  • Release Notes – Enterprise Group Services – Release 2025.2.3
  • Release Notes – midPoint – Release 2025.3.1
  • Release Notes – IGA Infrastructure – Release 2025.2.1

Footer

Home
News
Solutions
Resources
About
Help
Authentication
Directory Services
Group and Role Management
Identity Management
Tools
Other Solutions
Alerts & Outages
Campus IT Policies
Campus Solutions
Enterprise Technology
Information Security Office (ISO)
IT@UT
Enterprise Technology Logo

P.O. Box 7407
Austin, TX 78713-7407
+1 512-475-9400
help@utexas.edu

UT Home | Emergency Information | Site Policies | Web Accessibility | Web Privacy | Adobe Reader

© The University of Texas at Austin 2025