Transition to Enterprise Authentication Project

July 21, 2020

The project team has successfully implemented Enterprise Authentication. The transition of customers from UTLogin to Enterprise Authentication is underway. After this transition, UTLogin will be retired. Subsequently, the project team will begin work on transitioning customers of the legacy "UT Shibboleth" service to Enterprise Authentication.

In collaboration with the service owners, the project team has helped to successfully transition over 90% of the services from UTLogin to Enterprise Authentication. The project team is on track to complete all the transitions by Fall 2020. 

Additional information about the transition can be found in the Transition section.

Scope

One goal of the IAM Strategic Roadmap is to deploy a consolidated authentication service that adopts standards-based web single sign-on and is cloud resilient. The University benefits from having a consolidated standardized authentication service to reduce support and integration overhead. Currently, there are several authentication services which cause disparate user experiences and mixed support needs. Lastly, the main authentication service, UTLogin, is at end of life requiring replacement.

The IAM team will transition all authentication customers to Enterprise Authentication. To prepare for this transition, a new instance of the Shibboleth Identity Provider (IdP) software will be established in order to provide the latest benefits of the software to the university. Austin Active Directory will serve as the directory backend. The transition will first focus on UTLogin v1 customers and, later, UT Shibboleth customers. At the conclusion of the transition, the UTLogin and UT Shibboleth services will be retired.

Goals

The primary success criteria for Enterprise Authentication will be: 

  • Goal 1: Deploy UTLogin v2 – Ensure customers who have complex UTLogin v1 deployments have a fully vendor-supported environment. 

  • Goal 2: Establish the Enterprise Authentication Service – Ensure the new instance of the Shibboleth Identity Provider (IdP) is architected and deployed to meet customer and disaster recovery requirements with Active Directory as the directory backend.

  • Goal 3: Transition customers to Enterprise Authentication – Complete the transition of all authentication customers to Enterprise Authentication.

Timeline

The Enterprise Authentication was made available in September 2019. Transition of UTLogin customers to Enterprise Authentication began in September 2019 and is expected to last until Fall 2020. Please check the Transition section for more details and information as they become available.