Authentication is the act of determining that a person is who they claim to be.
When an end user logs in successfully (for example, using a username and password), the authentication system (the identity provider) will then certify to a consuming service (the service provider) that the end user is who they claim to be.
Not to be confused with authorization, authentication only determines the identity of an end user. Authentication makes no decisions whether an end user should have access to a resource. The identity provider may, however, provide the service provider with information which allows the service provider to make an authorization decision.
Enterprise Authentication
The IAM Team offers the Enterprise Authentication service for campus-wide, web-based single sign-on. Enterprise Authentication is powered by a Security Assertion Markup Language (SAML) 2.0 Identity Provider (IdP).
Enterprise Authentication helps your application to comply with the Information Resources Use and Security Policy (UT-IRUSP), specifically:
Enterprise Authentication is also a recommended standard (4.1.5) in the Minimum Security Standards for Application Development and Administration .
For additional requests and support, please see the Authentication knowledge articles in UT ServiceNow.
Multi-Factor Authentication (MFA)
If you need to protect your service or application behind Multi-Factor Authentication (MFA) and you are unable to use Enterprise Authentication we may be able to help!
Our MFA service helps your service or application comply with UT-IRUSP Standard 4.6 Multi-factor Authentication Requirements.
For additional requests and support, please see the Authentication knowledge articles in UT ServiceNow.
Guest Authentication
Guest Authentication is a centralized authentication service suitable for use with low-risk web-based services and applications to allow access without requiring a UT EID. This service allows guests to access protected resources using their Apple ID, Google Account, Microsoft Account, or an account from an identity provider in the InCommon Federation. Additionally, existing UT EID holders can authenticate to resources protected by Guest Authentication through the Enterprise Authentication service.
Service Availability Metrics
The IAM Team has set a Service Level Objective (SLO) of 99.491% availability for Enterprise Authentication and 99.795% availability for Multi-Factor Authentication.
| Year | Enterprise Authentication | Multi-Factor Authentication (MFA) |
|---|---|---|
| 2024 | 99.972% | 99.983% |
| 2023 | 99.818% | 100.000% |
| 2022 | 99.815% | 99.795% |
| 2021 | 99.968% | 99.950% |
| 2020 | 99.940% | 99.256% |
| 2019 | 99.989% | 100.000% |
For more data, please see our Metrics page.
Change Log
- Change Log – Enterprise Authentication – v20250115145930
- Change Log – Enterprise Authentication – IDP v5 Upgrade
- Change Log – MFA Portal – v20240507041603
- Change Log – Enterprise Authentication – v20240517134704
- Change Log – Enterprise Authentication – v20240311151427
