Authentication is the act of determining that a person is who they claim to be. When an end user logs in successfully (for example, using a username and password), the authentication system will then certify to a consuming service that the end user is who they claim to be.
Not to be confused with authorization, authentication only determines the identity of an end user. Authentication makes no decisions whether an end user should have access to a resource.
The IAM Team provides the following authentication solutions to campus.
| UTLogin | uTexas Enterprise Directory (TED) | Shibboleth | |
|---|---|---|---|
| Description | UTLogin is the university’s centralized EID authentication service that provides secure single sign on for university web applications. | The uTexas Enterprise Directory (TED) is a private directory service that contains identity information about university constituents. | Shibboleth uses SAML to provide EID-based authentication for federated Service Providers. |
| Supports Single Sign-on | Yes | No | Yes |
| Support Two Factor Authentication | Yes | No | Yes |
| Technologies & Interfaces | Uses OpenAM web policy agents installed on web/application servers. Supports SAML2 interface. Future releases will support OAuth2 interfaces. | Supports LDAP interface. | Supports SAML2 interface. |
| When to Use | Primary authentication service for web applications hosted on-premise. Should be used whenever possible. | For applications that cannot work with UTLogin or require an LDAP interface for authentication. | For cloud-based applications hosted off-site that are unable to use UTLogin for SAML authentication. |
| Availability | 98.9% per SLA | 98.9% per SLA | 98.9% per SLA |
| Disaster Recovery Capability (in the event of a loss of the primary UT data center) | Service can be restored at secondary UT data center within two (2) hours of an outage. | Service can be restored at secondary UT data center within two (2) hours of an outage. | Service can be restored at secondary UT data center within twenty-four (24) hours of an outage. |
Although the IAM Team does not maintain Active Directory services, the Austin Active Directory is available to customers via ITS Systems.
If you have not done so already, please review the Integration section for more information on how to make a good decision regarding your new product or service and how to go about integrating your new product or service with centrally provided IAM services.
