Transition to Enterprise Authentication Project

October 28, 2020

The transition from UTLogin to Enterprise Authentication is nearly complete with only two (2) customers remaining. On November 10, 2020, the remaining UTLogin integrations will be inactivated (the final stage of a customer transition) and the team will monitor UTLogin for any authentication activity. If there are no reported issues or authentication activity, UTLogin will be turned off on December 14, 2020. The team will then decommission UTLogin in January 2021.

Subsequently, the project team has begun work on transitioning customers off of the legacy "UT Shibboleth" service to Enterprise Authentication. 

Scope

One goal of the IAM Strategic Roadmap is to deploy a consolidated authentication service that adopts standards-based web single sign-on and is cloud resilient. The University benefits from having a consolidated standardized authentication service to reduce support and integration overhead. Currently, there are several authentication services which cause disparate user experiences and mixed support needs. Lastly, the main authentication service, UTLogin, is at end of life requiring replacement.

The IAM team will transition all authentication customers to Enterprise Authentication. To prepare for this transition, a new instance of the Shibboleth Identity Provider (IdP) software will be established in order to provide the latest benefits of the software to the university. Austin Active Directory will serve as the directory backend. The transition will first focus on UTLogin v1 customers and, later, UT Shibboleth customers. At the conclusion of the transition, the UTLogin and UT Shibboleth services will be retired.

Goals

The primary success criteria for Enterprise Authentication will be: 

  • Goal 1: Deploy UTLogin v2 – Ensure customers who have complex UTLogin v1 deployments have a fully vendor-supported environment. 

  • Goal 2: Establish the Enterprise Authentication Service – Ensure the new instance of the Shibboleth Identity Provider (IdP) is architected and deployed to meet customer and disaster recovery requirements with Active Directory as the directory backend.

  • Goal 3: Transition customers to Enterprise Authentication – Complete the transition of all authentication customers to Enterprise Authentication.

Timeline

The Enterprise Authentication was made available in September 2019. Transition of UTLogin customers to Enterprise Authentication began in September 2019 and is expected to last until Fall 2020. Please check the Transition section for more details and information as they become available.