Transition to Enterprise Authentication Project

July 12, 2019

The project team is currently working on the implementation of Enterprise Authentication using the Shibboleth Identity Provider (IdP). The service is expected to be available in September 2019. A charter has been posted in the Details section.

The first transition will focus on moving UTLogin customers to Enterprise Authentication. After this transition, UTLogin will be retired. UTLogin customers will be contacted by a transition manager to discuss and schedule their transition(s). Due to the volume of customers to contact, the transition managers will be reaching out to customers between June and October 2019. Additional information about the transition can be found in the Transition section. 

Additionally, the team has been working to configure Active Directory to include all necessary populations for authentication. 

Scope

One goal of the IAM Strategic Roadmap is to deploy a consolidated authentication service that adopts standards-based web single sign-on and is cloud resilient. The University benefits from have a consolidated standardized authentication service to reduces support and integration overhead. Currently, there are several authentication services which cause disparate user experiences and mixed support needs. Lastly, the main authentication service, UTLogin, is at end of life requiring replacement.

The IAM team will transition all authentication customers to Enterprise Authentication. To prepare for this transition, a new instance of the Shibboleth Identity Provider (IdP) will established in order to provide the latest benefits of the software to the university. Active Directory will serve as the directory backend. The transition will first focus on UTLogin v1 customers and, later, legacy Shibboleth customers. At the conclusion of the transition, the UTLogin and legacy Shibboleth services will be retired.

Goals

The primary success criteria for Enterprise Authentication will be: 

  • Goal 1: Deploy UTLogin v2 – Ensure customers who have complex UTLogin v1 deployments have a fully vendor supported environment. 

  • Goal 2: Establish the Enterprise Authentication Service – Ensure the new instance of the Shibboleth Identity Provider (IdP) is architected and deployed to meet customer and disaster recovery requirements with Active Directory as the directory backend.

  • Goal 3: Transition customers to Enterprise Authentication – Complete the transition of all authentication customers to Enterprise Authentication.

Timeline

The Enterprise Authentication is expected to be available in September 2019. Transition of UTLogin customers to Enterprise Authentication will begin in September 2019 and last until December 2020. Please check the Transition section for more details and information as they become available.