UT Shield

Identity and Access Management

The University of Texas at Austin

Roadmap

The Identity and Access Management (IAM) roadmap is available for download as a PDF:

IAM-Roadmap-Quarterly-Review-20230228Download

Download Adobe Acrobat Reader to view.

This most recent update to the file occurred on March 17, 2023.

About the Roadmap

Oversight of the IAM Roadmap is provided by the Identity and Access Management Committee (IAMC), a permanent standing committee of the IT Leadership Council (ITLC). The IAM Committee is charged with overseeing campus IAM technologies and infrastructure as well as IAM-related projects and initiatives. The committee is also charged with championing IAM-related best practices and guidelines for the campus community.

For more information, please email eidteam@utlists.utexas.edu.

Terminology

Terminology used as part of the IAM Roadmap is defined below:

A

Active Directory (AD)

A directory service from Microsoft which implements Internet standard directory and naming protocols. See Austin Active Directory (Austin AD) in the service catalog for the university’s local implementation.

AffiliationAffiliation An affiliation is an attribute which designates, at a high level, how an individual is related to the university. For example, and individual may be a current student, a future faculty member, a former employee, or all three.

An affiliation is an attribute which designates, at a high level, how an individual is related to the university. For example, and individual may be a current student, a future faculty member, a former employee, or all three. For more information, see the knowledge article KB0014971: What are affiliations, classes, and entitlements?

Application Programming Interface (APIAPI An Application Programming Interface (API) is a set of routines, protocols, and tools for building software applications.)

A set of routines, protocols, and tools for building software applications.

Austin Active Directory (Austin AD)

The Active Directory service offered and supported by ITSITS Information Technology Services (ITS) Campus Solutions for the university. See Austin Active Directory (Austin AD) in the service catalog for more information.

E

Enterprise AuthenticationAuthentication Authentication determines whether the user is who they claim to be.

A standards-based, consolidated web authentication service for the university, allowing for single sign-on (SSOSSO Single Sign-On (SSO) is a service which allows a user to use one set of credentials to access multiple applications.) across participating university web applications.

Entitlements

An entitlementEntitlement An entitlement is an attribute which defines what an account is allowed or authorized to do. is an attribute which defines what an account is allowed or authorized to do. For more information, see the knowledge article KB0014971: What are affiliations, classes, and entitlements? for more information.

F

Fiscal Year

The fiscal year at the university runs from September 1 through August 31 of the following calendar year. Broken down into quarters:

Q1: September – November
Q2: December – February
Q3: March – May
Q4: June – August

Fit-Gap

A fit-gap analysis determines the extent to which a solution meets the established needs and requirements and identifies areas where those requirements are not met.

G

Guest Authentication

A future offering which will allow individuals not closely tied to the university (e.g., admissions applicants, job applicants, alumni) to authenticate using an identity (e.g. Google, Microsoft) other than their UT EIDUT EID The University of Texas Electronic Identity (UT EID or EID) is the public records identifier for principals at the university. See EID in the service catalog for more information.. See the Guest Authentication Project for more information.

I

Identity Governance & Administration (IGAIGA The Identity Governance & Administration (IGA) is a sub-team of the IAM Team who handle identity management and authorization.)

A sub-team of the IAM Team who handle identity management and authorizationAuthorization Authorization determines whether an authenticated user is allowed to access a specific resource or take a specific action..

Identity Life Cycle

This concept covers the entire lifetime of an identity from creation to deletion and every possible step in between.

IdentityIQ (IIQIIQ SailPoint IdentityIQ (IIQ) provides group- and role-based authorization management services for the university. See Identity Lifecycle Management for more information.)

SailPoint IdentityIQ (IIQ) provides group- and role-based authorization management services for the university. See Identity Lifecycle Management for more information.

InCommon Federation

The university’s authentication offerings are part of the InCommon federation, which allows the university to collaborate with other members of the InCommon federation.

Information Security Office (ISOISO The Information Security Office (ISO) is the university’s information security team.)

The university’s information security team.

L

LEARN Federation

The university’s authentication offerings are part of the Lonestar Education And Research Network (LEARN) federation, which allows the university to collaborate with other members of the LEARN federation.

M

Multi-Factor Authentication (MFAMFA Authentication makes use of one or more factors of authentication: something you know (e.g., a password), something you have (e.g., your smartphone), or something you are (e.g., a fingerprint). Multi-Factor Authentication (MFA) makes use of two or more factors when authenticating you.)

Authentication makes use of one or more factors of authentication: something you know (e.g., a password), something you have (e.g., your smartphone), or something you are (e.g., a fingerprint). Multi-factor authentication makes use of two or more factors when authenticating you.

P

Proof of Concept (POCPOC A Proof of Concept (POC) is the implementation of a functional prototype for the purposes of validating that a technology or approach is possible.)

The implementation of a functional prototype for the purposes of validating that a technology or approach is possible.

R

RabbitMQ

The Message Broker service offered by ITS Campus Solutions.

Remember Me

Functionality implemented by the university’s Multi-Factor Authentication solution which reduces the number of times an individual needs to authenticate. For more information, see the knowledge article KB0017380: What is the “remember me” feature?

S

SailPoint

SailPoint is the 3rd party vendor which supports IdentityIQ (IIQ).

Security Assertion Markup Language (SAMLSAML Security Assertion Markup Language (SAML) is a standard, XML-based language for exchanging authentication and authorization data between identity providers and service providers. This standard is currently used by Enterprise Authentication (as well as hundreds of service providers that integrate with our identity providers).)

A standard, XML-based language for exchanging authentication and authorization data between identity providers and service providers. This standard is currently used by Enterprise Authentication (as well as hundreds of service providers that integrate with our identity providers).

Shibboleth

The Shibboleth consortium provides the Shibboleth Identity Provider (IdPIdP An Identity Provider (IdP) is a software tool or service that offers user authentication as a service. At UT Austin, the primary IdP used to authenticate the UT EID and EID Password is Enterprise Authentication, which is managed by the IAM Team.) and Shibboleth Service Provider (SPSP A Service Provider (SP) is the server/system which hosts the resource. In this context, you (or your vendor) are configuring the SP that provides a service to your customers. Your SP will integrate with our IdP.) software packages which power the SAML-based authentications at university performed via the Enterprise Authentication service.

Simplest Functional Product (SFPSFP The Simplest Functional Product (SFP) is a product which provides the absolute bare-minimum of desired functionality. Similar to a proof of concept (POC).)

A product which provides the absolute bare-minimum of desired functionality. Similar to a proof of concept (POC).

Single Sign-On (SSO)

A service which allows a user to use one set of credentials to access multiple applications.

T

Technical Support Contact (TSC)

A technical support individual designated for a particular college, school, or unit.

U

University of Texas Electronic Identity (UT EID or EID)

The public records identifier for principals at the university. See EID in the service catalog for more information.

uTexas Enterprise Directory (TEDTED The uTexas Enterprise Directory (TED) is the university’s enterprise directory. See uTexas Enterprise Directory (TED) in the service catalog for more information.)

The university’s enterprise directory. See uTexas Enterprise Directory (TED) in the service catalog for more information.

uTexas Identity Manager (TIMTIM The uTexas Identity Manager (TIM) is the university’s identity manager. See uTexas Identity Manager (TIM) in the service catalog for more information.)

The university’s identity manager. See uTexas Identity Manager (TIM) in the service catalog for more information.

W

White Pages Service (WPSWPS The White Pages Service (WPS) is a directory back-end which supports the university’s web-based public directory.)

The directory back-end which supports the university’s web-based public directory.

Home
News
Integrations
Solutions
Roadmap
Resources
Opportunities
Help
Apollo
Authentication
EID
OHS Contacts (OHSC)
SailPoint IdentityIQ (IIQ)
uTexas Enterprise Directory (TED)
uTexas Identity Manager (TIM)
White Pages Service (WPS)
Alerts & Outages
Campus IT Policies
IAM Committee
Information Security Office (ISO)
Information Technology Services (ITS)
IT@UT
IT Leadership Council (ITLC)
ITS Campus Solutions
ITS

P.O. Box 7407
Austin, TX 78713-7407
+1 512-475-9400
help@utexas.edu*