AuthenticationAuthentication Authentication is the act of determining that a person is who they claim to be. For more information, see our Concepts page. is the act of determining that a person is who they claim to be.
When an end user logs in successfully (for example, using a username and password), the authentication system (the identity provider) will then certify to a consuming service (the service provider) that the end user is who they claim to be.
Not to be confused with authorizationAuthorization Authorization refers to the act of determining whether an authenticated user is allowed to access a specific resource or take a specific action. For more information, see our Concepts page., authentication only determines the identity of an end user. Authentication makes no decisions whether an end user should have access to a resource. The identity provider may, however, provide the service provider with information which allows the service provider to make an authorization decision.
The University’s authentication solutions can be found under Authentication in the service catalog.
Enterprise Authentication
The IAMIAM Identity and Access Management (IAM) is a set of policies, processes, and technologies designed to ensure that the right individuals (identities) have the right access to resources within an organization. IAM involves managing and securing digital identities, controlling access to systems and data, and maintaining the confidentiality, integrity, and availability of information. Team offers the Enterprise Authentication service for campus-wide, web-based single sign-on. Enterprise Authentication is powered by a Security Assertion Markup Language (SAMLSAML Security Assertion Markup Language (SAML) is a standard, XML-based language for exchanging authentication and authorization data between identity providers and service providers. This standard is currently used by Enterprise Authentication (as well as hundreds of service providers that integrate with our identity provider).) 2.0 Identity Provider (IdPIdP An Identity Provider (IdP) is a software tool or service that offers user authentication as a service. The IdP manages the user's primary authentication credentials and issues assertions derived from those credentials. At UT Austin, the primary IdP used to authenticate the UT EID and EID Password is Enterprise Authentication, which is managed by the IAM Team. For more information, see our Concepts page.).
Enterprise Authentication helps your application to comply with the Information Resources Use and Security Policy (UT-IRUSPIRUSP The University’s implementation of UTS 165 Information Resources Use and Security Policy is the UT Information Resources Use and Security Policy (UT-IRSUP).), specifically:
Enterprise Authentication is also a recommended standard (4.1.5) in the Minimum Security Standards for Application Development and Administration .
For additional requests and support, please see the Authentication knowledge articles in UT ServiceNow.
Multi-Factor Authentication (MFAMFA Authentication makes use of one or more factors of authentication: something you know (e.g., a password), something you have (e.g., your smartphone), or something you are (e.g., a fingerprint). Multi-Factor Authentication (MFA) makes use of two or more factors when authenticating you. For more information, see our Concepts page.)
If you need to protect your service or application behind Multi-Factor Authentication (MFA) and you are unable to use Enterprise Authentication we may be able to help!
Our MFA service helps your service or application comply with UT-IRUSP Standard 4.6 Multi-factor Authentication Requirements.
For additional requests and support, please see the Authentication knowledge articles in UT ServiceNow.
Guest Authentication
Guest Authentication is a centralized authentication service suitable for use with low-risk web-based services and applications to allow access without requiring a UT EIDUT EID The University of Texas Electronic Identity (UT EID or EID) is the public records identifier for principals at the university. See our Concepts page for more information.. This service allows guests to access protected resources using their Apple ID, Google Account, Microsoft Account, or an account from an identity provider in the InCommon Federation. Additionally, existing UT EID holders can authenticate to resources protected by Guest Authentication through the Enterprise Authentication service.
Service Availability Metrics
The IAM Team has set a Service Level Objective (SLO) of 99.491% availability for Enterprise Authentication and 99.795% availability for Multi-Factor Authentication.
| Year | Enterprise Authentication | Multi-Factor Authentication (MFA) |
|---|---|---|
| 2023 | 99.818% | 100.000% |
| 2022 | 99.815% | 99.795% |
| 2021 | 99.968% | 99.950% |
| 2020 | 99.940% | 99.256% |
| 2019 | 99.989% | 100.000% |
For more data, please see our Metrics page.
Change Log
- Change Log – MFA Portal – v20240507041603
- Change Log – Enterprise Authentication – v20240517134704
- Change Log – Enterprise Authentication – v20240311151427
- Change Log – Enterprise Authentication – v20240228184941
- Change Log – Enterprise Authentication – v20231130185916
