Authentication

Enterprise Authentication

The IAMIAM Identity and Access Management (IAM) is a set of policies, processes, and technologies designed to ensure that the right individuals (identities) have the right access to resources within an organization. IAM involves managing and securing digital identities, controlling access to systems and data, and maintaining the confidentiality, integrity, and availability of information. Team offers Enterprise Authentication, a campus-wide, web-based single sign-on service powered by:

• Security Assertion Markup Language (SAMLSAML Security Assertion Markup Language (SAML) is a standard, XML-based language for exchanging authentication and authorization data between identity providers and service providers. This standard is currently used by Enterprise Authentication (as well as hundreds of service providers that integrate with our identity provider).) 2.0 Identity Provider (IdPIdP An Identity Provider (IdP) is a software tool or service that offers user authentication as a service. The IdP manages the user's primary authentication credentials and issues assertions derived from those credentials. At UT Austin, the primary IdP used to authenticate the UT EID and EID Password is Enterprise Authentication, which is managed by the IAM Team. For more information, see our Concepts page.)
• OpenID Connect (OIDCOIDC OpenID Connect 1.0 (OIDC) is an authentication layer built on OAuth 2.0 where the identity provider that runs the authorization server also holds the protected resource that the third-party application aims to access.) 1.0

Benefits of Enterprise Authentication

• Helps your application comply with the Information Resources Use and Security Policy (UT-IRUSPIRUSP The University’s implementation of UTS 165 Information Resources Use and Security Policy is the UT Information Resources Use and Security Policy (UT-IRSUP).):
  • Standard 4: Access Management
  • Standard 15: Passwords
• Aligns with the Minimum Security Standards for Application Development and Administration (4.1.5).

For additional requests and support, consult the Authentication knowledge articles in UT ServiceNow.

Guest Authentication

Guest Authentication is a centralized service for low-risk web-based services and applications. It allows access without requiring a UT EIDUT EID The University of Texas Electronic Identity (UT EID or EID) is the public records identifier for principals at the university. See our Concepts page for more information..

Supported Accounts

• Apple ID
• Google Account
• Microsoft Account
• Accounts from identity providers in the InCommon Federation

Key Features

• Existing UT EID holders can authenticate to resources protected by Guest Authentication through the Enterprise Authentication service.

For additional requests and support, consult the Authentication knowledge articles in UT ServiceNow.

Multi-Factor Authentication (MFAMFA Authentication makes use of one or more factors of authentication: something you know (e.g., a password), something you have (e.g., your smartphone), or something you are (e.g., a fingerprint). Multi-Factor Authentication (MFA) makes use of two or more factors when authenticating you. For more information, see our Concepts page.)

If your service or application requires Multi-Factor Authentication (MFA) but cannot use Enterprise Authentication, the IAM Team may be able to assist.

Benefits of MFA

• Helps your service or application comply with UT-IRUSP Standard 4.6 Multi-factor Authentication Requirements .

For additional requests and support, consult the Authentication knowledge articles in UT ServiceNow.