• Allows service providers to authenticate UT EID holders.
• Provides single sign-on capability for participating applications.
• Provides mulit-factor authentication where appropriate.
• Uses the Austin Active Directory as a backend user data store.
• Supports Security Access Markup Language v2.0 (SAML).

Any EID holder with an active, valid UT EID is eligible to authenticate using Enterprise Authentication.

University departments may integrate their service providers with Enterprise Authentication at no cost.

Key Metrics

• Target Production Availability: 99.491%

Please note that this SLA is dependent on other campus SLAs and is adjusted as those change.

Overview

This document defines the service level agreement for Enterprise Authentication.

Service Description

Enterprise Authentication uses the UT Electronic Identifier (UT EID) to provide secure single sign on (SSO) for university web applications using SAML.

Intended Users

Enterprise Authentication can be used by campus departments who wish to provide consistent authentication behavior to the consumers of their service.

Enterprise Authentication can be used by all UT EID holders for UT EID authentication.

Supported computing environment

Campus Departments and Organizations

Enterprise Authentication is the preferred UT EID authentication system for the university.
Service Providers must comply with the Security Assertion Markup Language (SAML) v2.0 OASIS Standard.

UT EID holders

It is expected that customers will use modern, standards-compliant web browsers with the latest security updates installed. Some features, such as U2F and WebAuthn, can only be used in browsers which support those protocols.

Technical Support

Both Tier 1 and Tier 2 technical support is available during normal business hours. Routine requests are typically addressed within one business day.

Tier 1
End users should start with Tier 1 technical support. Any user may contact the UT Service Desk at +1 512-475-9400.

Tier 2
Departmental support staff and the UT Service Desk may escalate issues to the Enterprise Authentication administrators. Customers referred to the Enterprise Authentication administrators will be contacted within one business day.

Maintenance

ITS will notify customers about both scheduled and unscheduled maintenance using the Alerts and Outages page for service availability and service delivery issues. Services may not be available during the maintenance periods.

Scheduled maintenance occurs on Tuesdays from 6:30 a.m. to 7:30 a.m. Please note that maintenance may not occur on every Tuesday. To the maximum extent possible, installation of service, application, and security updates will be performed during scheduled maintenance.

Unscheduled maintenance tasks that require service downtime will be announced as soon as possible on the Alerts & Outages page.

Change notifications and service availability and service delivery issues will be posted to the Alerts & Outages page.

User responsibilities

Users and owners of Enterprise Authentication-protected services agree to be aware of and adhere to the university's Acceptable Use Policy as well as the Information Resources Acceptable Use and Security Policy Agreement, as applicable.

Owners of Enterprise Authentication-protected services agree to:

• Be aware of an adhere to the Authentication Acceptable Use Policy.
• Implement best practices when feasible.

Enhances the security of your personal information held within university systems (for example, paycheck bank routing information) by combating password fraud.

Compatible with iOS, Android, Blackberry, Windows and other mobile devices, eliminating the need for a separate one-time password key fob or other device.

Multi-Factor Authentication (MFA) protection for university applications and services is available at no cost to university CSUs.

An MFA account is available at no cost to university faculty, staff, and students.

Key Metrics

Availability is dependent on the service used for Multi-Factor Authentication:

• Enterprise Authentication: 99.491%
• Shibboleth: 99.3%
• UTLogin: 99.42%

Please note that this SLO is dependent on other campus SLOs and is adjusted as those change.

Overview
This document defines the service level agreement for the EID-based Multi-Factor Authentication system.

Service description
Multi-Factor Authentication provides an additional level of security for university applications by adding additional factors of authentication to the regular EID password authentication step.

Intended users
Multi-Factor Authentication (MFA) protection for university applications and services is available at no cost to university CSUs.

An MFA account is available at no cost to university faculty, staff, and students.

Supported computing environment
Application and service owners who have integrated with the Enterprise Authentication, UTLogin, or UT Shibboleth services are supported out-of-the-box.

Application and service owners who have not integrated with those authentication services should contact the MFA Team to see if their environment is supported.

End users of the MFA service may use a number of supported devices including (but not limited to): iOS devices, Android devices, cellular devices which support SMS text messages, telephones which support voice calling features, Touch ID, and supported security keys.

Technical support
Both Tier 1 and Tier 2 technical support is available during normal business hours. Routine requests are typically addressed within one business day.

Maintenance
ITS will notify customers about both scheduled and unscheduled maintenance, as well as service availability and delivery issues, using the Alerts and Outages page. Services may not be available during maintenance periods.

User responsibilities
Subscribers (users) of the service and identified owners/administrators agree to be aware of and adhere to the university's Acceptable Use Policy for University Employees and the university's Acceptable Use Policy for University Students, as applicable.