/
Access Management

Access Management

Apr 12, 2024

Public-facing User: Single Sign-on and Automated Provisioning

Public-facing UT Austin user access and provisioning will be handled through single sign-on. Students, faculty, and staff will access the Online Space Booking (OSB) portals by signing in with their UT EID and EID password.

During the sign-in process, three authentication checks will happen:

  1. Confirm the user is still current with UT Austin.
  2. Check a set of attributes (their affiliations with UT Austin) and group the user into the appropriate account type.
  3. Associate the user with the correct account in Momentus (ex: if they are staff or faculty, the user will be added as a contact to the department account; if they are a student and do not have a department, the user will be added as a contact to the UT Students account).

The account type assignment will determine the following:

  1. Which rooms the user is restricted from requesting/reserving.

The setup in Momentus is as follows:

  1. Users are assigned Account Types based on their UT Austin affiliations.
    1. Users can have only one account type per org; however, they can have multiple affiliations at UT Austin and different account types assigned, depending on the OSB org (e.g., LBJ vs. CNS) they are accessing.
    2. Examples of Account Types: MSB Faculty, CNS Undergraduate Students, UT Austin Staff and Faculty
  2. Account Types are added to Booking Restrictions
    1. A set of account types that share the same space restrictions.
  3. Booking Restrictions are assigned to Spaces
    1. Only one booking restriction can be added to a space.

Manually Managing User Account Types

  1. If a group of users needs to be manually managed, contact the UT Momentus Administrator to create the Account Type and Booking Restriction.
  2. Once the Account Type and Booking Restrictions have been created, assign the account type to the user.
    1. The Do Not Override - Type option must be checked to ensure the manually assigned Account Type remains when the user logs in.

Back-office User: Single sign-on and Pre-provisioning

Adding and Managing Users

  1. Department admins can add and inactivate users within their org.
  2. When adding a new user, assign the appropriate role, dashboard(s), and view(s).
    1. Create the user's Personnel Account when creating the new user.
    2. Important: Do not create a new user if the user already exists in the system. Instead, edit the existing public user's Access Level to become an internal user and then edit the roles/access


User Log-in Process

  1. The user will log into Momentus back-office using SSO.
  2. If a user is no longer current with UT Austin, they cannot access the back office.

Confluence Documentation | Web Privacy Policy | Web Accessibility