Guest Authentication Project

May 15, 2019

The project team reconvened in Spring 2019 and selected features offered by the vendor, Cirrus Identity, to rollout with early adopters. If you are interested in becoming an early adopter of the Guest Authentication Service, please reach out to the Identity and Access Management team. 

The Guest Authentication Project will provide an alternate method of authentication for external users who need to access online university resources. The recommended solution is to make external identities consumable by campus applications using a centrally provided gateway.

Project Goals

One goal of the IAM Strategy Roadmap is to develop authentication tools that create a better balance between usability and security. The University benefits from online collaboration with a variety of external users, from prospective students, alumni, and job applicants to international visitors and research collaborators. While the UT EID was designed for members of the UT community, it is also widely used by external users. However, the process of creating a UT EID and remembering a UT EID and password can be problematic for users who only have an occasional need to access campus resources. Requiring UT EID authentication for these users delivers a poor user experience and also leads to calls to the Help Desk for password resets. Many of these external users already have accounts with other identity providers such as Google and Microsoft.

Scope

The Guest Authentication Project will be completed in three phases and will address the following:

Phase 1 - Requirements, Solution Assessment, and Procurement - - COMPLETE

  • Gather requirements for authentication gateway, identity providers, discovery service, invitation service, integration with local identity management systems, and account linking.
  • Identify identity providers to be included in the implementation.
  • Identify a lightweight authentication solution for users who are not comfortable using a social account (e.g., Facebook, LinkedIn) to access UT resources. This could be a third party identity provider that is not linked to a social account provider.
  • Complete a solution assessment and selection.

Phase 2 - Guest Authentication Service Early Adoption - - IN PROGRESS

  • Complete high level design of overall guest authentication solution.
  • Identify and incorporate early adopter applications.
  • Establish Guest Authentication Service.

Phase 3 - Guest Authentication Service Rollout

  • Complete transition and adoption of Guest EID consumers.
  • Retire Guest EIDs.