Identity Management (IDM) User Guide - CMS
Identity Management (IDM)User GuideVersion 1.001/07/2021Document Number: IDM User Guide Version 1.0Contract Number: HHSM-500-2017-00015I TO HHSM-500-T0001Note: Working copy versions delivered to the client for review will be published as a majorversion. The client has agreed to review these documents as follows: as-is, ongoing, “work-inprogress” drafts and working copy versions.
CMS XLCTable of ContentsTable of Contents1. Introduction . 11.11.21.3Identity Management (IDM) System Overview . 1User Guide Purpose . 1Application (Tier 1) Help Desk Support . 12. Prepare to Access the IDM System . 22.12.22.3Verify the Web Browser is Supported . 2Verify and Adjust the Screen Resolution if Necessary . 2Review Account Creation Instructions . 23. Overview of the IDM System . 34. How to Create a New User Account . 45. How to Sign In . 65.1The IDM Self Service Dashboard at a Glance . 76. How to Request a Role . 96.1How to Request a Role for a New Application . 96.1.1What to do When Users Can’t Verify Their Identity with Online Proofing . 126.1.2What to do When Users Can’t Verify Their Identity with Phone Proofing . 136.2How to Request a Role in an Existing Application . 136.3How to Add Attributes to an Existing Role . 147. How to View and Cancel Role Requests . 167.17.2How to View Role Requests . 16How to Cancel a Role Request . 178. How to Remove Roles and Role Attributes . 188.18.2How to Remove a Role . 18How to Remove Attributes From a Role. 199. IDM User Account Self-Service Features . 209.1.19.1.29.1.39.1.4How to Change an Expired Password . 21How to Reset a Forgotten Password . 22Recover a forgotten User ID . 24How to Unlock a User Account . 2510. How to Manage MFA and Recovery Devices . 2710.110.210.310.4How to View MFA and Recovery Devices . 28How to Add an IVR or a SMS MFA / Recovery Device . 28How to Activate a Pending IVR or a SMS MFA / Recovery Device. 29How to Add a Google Authenticator Mobile App MFA Device . 30User Guide Version 1.0iiIdentity Management (IDM)
CMS XLCTable of Contents10.5 How to Add an Okta Verify MFA Device . 3110.6 How to Edit Email MFA Device Settings . 3210.6.1 How to Remove an MFA Device . 3211. How Manage User Account Profile Information . 3311.111.211.311.411.511.6How to Open and Close the My Profile Function . 33How to View User Profile Information . 33How to View and Modify Personal Contact Information . 34How to View and Modify Business Contact Information . 35How to Change the User Account Password . 36How to Change the User Security Question and Answer . 3612. Instructions for Approvers . 3812.1 How to Open and Close the My Approvals Function. 3812.2 How to View a List of Pending Approval Requests . 3912.2.1 How to View Details for a Specific Pending Approval Request . 3912.3 How to Approve or Reject a Single Request . 4012.4 How to Approve or Reject Multiple Requests on a Single Page . 4012.5 How to Simultaneously Approve and Reject Multiple Requests . 4112.6 How to Export a List of Pending Approvals . 4313. How to View IDM Application Reports . 4413.113.2Description of the IDM Reports Function . 44How to Access the IDM Reports . 4414. Instructions for Help Desks . tion of the Help Desk/Manage Users Functions . 46How to Access the Help Desk Functions . 46How to Choose the Appropriate Search. 46How to Perform an Application Search . 47How to Perform an Enterprise Search . 48How to View a User’s Profile . 49How to View a Summary of a User’s Applications . 50How to Remove a Single Role . 51How to Remove Multiple Roles . 53How to Cancel Pending Requests . 56How to View a User’s MFA Devices . 57How to Update a User’s Email Address . 58How to Reset a User’s Password (Email Reset Method) . 59How to Reset a User’s Password (Temporary Password Method) . 60How to Unlock a User’s Account . 61How to Suspend a User’s Account. 61How to Update a User’s Level of Assurance (LOA) . 62How to Unsuspend a User’s Account. 63How to Create User Audit Reports . 64How to Create Role Request Audit Reports . 66User Guide Version 1.0iiiIdentity Management (IDM)
CMS XLCList of FiguresAppendix A: Password Policy . 68Appendix B: IDM Report Categories. 69Appendix C: Requesting Configurable Help Desk Privileges . 71Appendix D: User Audit Report Type Summary . 72Appendix E: Acronyms . 73Appendix F: Approvals . 74List of FiguresFIGURE 1: IDM SYSTEM SIGN-IN WINDOW . 4FIGURE 2: SELF SERVICE DASHBOARD LAYOUT . 7FIGURE 3: THE ROLE REQUEST WINDOW .10FIGURE 4: ROLE REQUEST - RIDP TERMS AND CONDITIONS .10FIGURE 5: ROLE REQUEST - ATTRIBUTE SELECTION .11FIGURE 6: RIDP ONLINE PROOFING ERROR MESSAGE. .12FIGURE 7: EXPERIAN PHONE VERIFICATION CONFIRMATION .12FIGURE 8: PHONE PROOFING RIDP ERROR MESSAGE .13FIGURE 9: MANAGE MY ROLES WINDOW - USER'S EXISTING ROLES .13FIGURE 10: ADD ROLE WINDOW .14FIGURE 11: APPLICATION ROLES WINDOW - ROLE DETAILS VIEW .15FIGURE 12: MY REQUESTS - ROLE REQUESTS PENDING APPROVAL .16FIGURE 13: REQUEST DETAILS WINDOW .17FIGURE 14: MANAGE MY ROLES WINDOW .18FIGURE 15: EDIT ROLE DETAILS WINDOW.19FIGURE 16: IDM SIGN-IN WINDOW WITH SELF-SERVICE LINKS.20FIGURE 17: IDM SELF-SERVICE CHANGE EXPIRED PASSWORD WINDOW .22FIGURE 18: IDM SELF-SERVICE RESET PASSWORD REQUEST .23FIGURE 19: IDM SELF-SERVICE RESET PASSWORD SET NEW PASSWORD .24FIGURE 20: IDM SELF-SERVICE FORGOT USER ID WINDOW .25FIGURE 21: IDM SELF-SERVICE UNLOCK ACCOUNT WINDOW .26FIGURE 22: MANAGE MFA AND RECOVERY DEVICES WINDOW .28FIGURE 23: MY PROFILE - MY INFORMATION .34FIGURE 24: MY PROFILE - PERSONAL CONTACT INFORMATION .34FIGURE 25: MY PROFILE - BUSINESS CONTACT INFORMATION .35FIGURE 26: MY PROFILE - CHANGE PASSWORD FORM .36FIGURE 27: MY PROFILE - CHANGE SECURITY QUESTION FORM .37User Guide Version 1.0ivIdentity Management (IDM)
CMS XLCList of TablesFIGURE 28: MY APPROVALS WINDOW .39FIGURE 29: MY REPORTS WINDOW .44FIGURE 30: MY REPORTS WINDOW WITH SAMPLE REPORT .45FIGURE 31: APPLICATION AND ENTERPRISE SEARCH CAPABILITIES MATRIX .47FIGURE 32: HELP DESK APPLICATION SEARCH FORM .47FIGURE 33: HELP DESK APPLICATION SEARCH RESULTS .48FIGURE 34: HELP DESK ENTERPRISE SEARCH FORM .49FIGURE 35: HELP DESK ENTERPRISE SEARCH RESULTS .49FIGURE 36: USER DETAILS USER PROFILE TAB .50FIGURE 37: ENTERPRISE SEARCH RESULTS - APPLICATIONS TAB .51FIGURE 38: APPLICATION SEARCH RESULTS - APPLICATIONS TAB .51FIGURE 39: APPLICATION SEARCH RESULTS .52FIGURE 40: USER DETAILS APPLICATIONS TAB.53FIGURE 41: LIST OF USER’S ROLES / ATTRIBUTES .55FIGURE 42: USER DETAILS PENDING REQUESTS TAB .57FIGURE 43: USER DETAILS MFA DEVICE SUMMARY .58FIGURE 44: HELP DESK USER AUDIT SEARCH FORM.65FIGURE 45: USER AUDIT REPORT - USER PROFILE EVENTS .65FIGURE 46: USER AUDIT REPORT - USER AUTHENTICATION EVENTS .65FIGURE 47: USER AUDIT REPORT - USER ACCESS EVENTS .66FIGURE 48: HELP DESK ROLE REQUEST AUDIT SEARCH FORM .67FIGURE 49:ROLE REQUEST AUDIT REPORT .67List of TablesTABLE 1: SELF SERVICE DASHBOARD LAYOUT . 7TABLE 2: MFA AND RECOVERY DEVICE SUMMARY .27TABLE 3: IDM REPORT CATEGORIES .69TABLE 4: HELP DESK PRIVILEGES .71TABLE 5: IDM HELP DESK USER AUDIT REPORT TYPE .72TABLE 6: ACRONYMS .73TABLE 7: APPROVALS .74User Guide Version 1.0vIdentity Management (IDM)
CMS XLC1.IntroductionIntroductionThe Centers for Medicare & Medicaid Services (CMS) is a federal agency that ensures healthcare coverage for more than 100 million Americans. CMS administers Medicare and Medicaidand provides funds and guidance for all of the 50 states in the nation, for their Medicaidprograms, and Children’s Health Insurance Program (CHIP). CMS works together with the CMScommunity and organizations in delivering improved and better coordinated care.1.1Identity Management (IDM) System OverviewCMS created the IDM System to provide Business Partners with a means to request and obtaina single User ID which they can use to access one or more CMS applications. The IDM Systemuses a cloud-based distributed architecture that supports the needs of both legacy and newapplications while providing an improved user experience on desktop and laptop computers aswell as tablet and smartphone mobile devices.1.2User Guide PurposeThis user guide provides step-by-step instructions for performing the most common tasks usingthe IDM System. The tasks a user can perform varies depending on their role and includes, butis not limited to, creating an account, logging in to the IDM System, requesting a role, identityproofing, managing role requests, performing account management functions, and generatingreports.1.3Application (Tier 1) Help Desk SupportApplication Help Desk contact information is located on the CMS Tier 1 Help Desk Supportwebsite.Note: When the IDM System experiences a planned or unplanned outage, application loginservices continue to function normally, however new user registration, role request andaccount management services will not be available. If an outage exists, the system willdisplay a message that informs users about the outage and where they can obtain additionalinformation.User Guide Version 1.01Identity Management (IDM)
CMS XLC2.Prepare to Access the IDM SystemPrepare to Access the IDM SystemUsers who access the IDM System using a desktop or laptop computer may need to performsoftware updates or configure web browser settings and privacy settings. Users who access theIDM user interface (UI) with a mobile computing device such as a smartphone or tabletgenerally have less control over updates and privacy settings. The procedures discussed in thissection may not apply to mobile device users.2.1Verify the Web Browser is SupportedThe IDM UI was tested for compatibility with current versions of the following modern webbrowsers: Microsoft Edge (Legacy) 1 Microsoft Internet Explorer (IE 11) Google Chrome Mozilla Firefox SafariAll of the web browsers listed above are configured by default to receive regular securityupdates and patches. Even in cases where the user’s organization manages operating systemand application software updates, users who access the IDM System UI with one of these webbrowsers should not encounter compatibility issues.2.2Verify and Adjust the Screen Resolution if NecessaryThe IDM System UI is best viewed on a display resolution of 1366 x 768. Many moderndesktop, laptop, and mobile computing devices have default display settings that exceed theIDM System minimum. If adjustments are necessary, use the display settings adjustmentprocedure that is appropriate for your device.2.3Review Account Creation InstructionsAll users should receive account creation instructions from their organization or their CMScontact prior to creating an account on the IDM System. Not every CMS application requires thesame information, so it is important for the user to review any instructions that were provided bytheir organization or CMS contact before starting the account creation process.1Microsoft Edge (Legacy) is the default web browser on Windows 10 PCs, and many users still havethis as their default web browser. The New Microsoft Edge browser was released on January 15,2020 and it was installed automatically for some users as part of Windows 10 updates.User Guide Version 1.02Identity Management (IDM)
CMS XLC3.Overview of the IDM SystemOverview of the IDM SystemThe following terms are introduced in this section: Role - A name, usually a function or title, given to a collection of access privileges orpermissions within an application. A role defines what the user is allowed to do by virtueof having been assigned or granted that role. Each application defines the accessprivileges and permissions assigned to each role. For example, “Submitter” couldidentify a role that has permission to upload documents to an application. Role Attribute - A characteristic of a role that typically represents a functional limitationof the scope of a role’s access privileges. For example, a submitter with the attribute ofMaryland might only be permitted to upload documents to a specific folder relevant tothe State of Maryland.The IDM System provides the means for users to be approved to access many other CMSsystems and applications. IDM governs access to CMS systems by managing the creation ofuser IDs and passwords, setting up multi-factor authentication (MFA), and the assignment ofroles within CMS applications. IDM generally supports three types of users along with their mostcommon features or functions:Application End Users: Create an account, sign-in to IDM, request a role, perform identity proofing, sign in to anapplication, manage their profile, and perform self-service functions such as recover aforgotten user ID, reset a forgotten password, reset an expired password, and unlockaccount.Application Approvers: In addition to End User functions, they approve or reject role requests. Some applicationapprovers may also be granted the capability to reset passwords and unlock accountsfor users under their management.Application (Tier 1) Help Desk Users: In addition to End User functions, they search and view accounts and user accountdetails, reset passwords, unlock accounts, suspend a user’s account, and update auser’s email address. Some Application (Tier 1) Help Desk users may also be grantedthe capability to approve and reject requests for application approver roles; and toupdate a user’s Level of Assurance (LOA).IDM (Tier 2) Help Desk Users: In addition to the functions performed by all other types of users, they can also createuser audit reports, role audit reports, and unsuspend a user’s account.User Guide Version 1.03Identity Management (IDM)
CMS XLC4.How to Create a New User AccountHow to Create a New User AccountThe following terms are introduced in this section: Security Question and Answer (SQA) - The security question is a question to whichthe user provides a unique answer. They both become part of the user’s account andare used to authenticate the user when they access IDM’s self-service functions. User Account - A user account generally refers to the User ID and all the profileinformation that is associated to it. In the narrowest sense, the user account is the UserID.Users create a new user account using the New User Registration buttonlocated on the Sign-In window.1) Navigate to https://home.idm.cms.gov/. The Sign-In window appears.Figure 1: IDM System Sign-In Window2) Click the New User Registration button. The User Registration window appears.3) Enter the First Name and Last Name. Middle Name and Suffix are optional.4) Enter the Date of Birth.5) Enter the E-mail Address and the Confirm E-mail Address. The Email Address andthe Confirm E-mail Address must match. Please ensure that the email address is validbecause the IDM System uses email to communicate with users for many reasonsincluding sign in, security, and self-service.6) Click the Terms & Conditions button. Read the IDM System terms and conditions thenclick the Close Terms & Conditions button.User Guide Version 1.04Identity Management (IDM)
CMS XLCHow to Create a New User Account7) Click the checkbox to acknowledge agreement with the terms and conditions, then clickthe Next button. The User Contact Information window appears.8) If the home address is outside the 50 U.S. states or the U.S. territories, select theForeign Address radio button.9) Enter the Home Address, City, State, Zip Code and Phone Number.10) Click the Next button. The User Account Credentials window appears.11) Enter the desired User ID, Password and Confirm Password. The Password and2Confirm Password must match.12) Select a Security Question from the list.13) Type the security question answer into the Answer dialog box.14) Click the Submit button to submit the account registration request. The system willdisplay a message that indicates the account was successfully created.15) Click the Return button. The screen refreshes and the IDM System Sign-In windowappears.Note: CMS policy requires that the combination of each user’s first name, last name, andemail address be unique in the IDM System. If an error occurs for this combination it maymean that the combination of information entered is already in use. Users should try enteringthe information again or call their Application Help Desk for assistance.2Passwords must conform the guidance provided in Appendix A: Password PolicyUser Guide Version 1.05Identity Management (IDM)
CMS XLC5.How to Sign InHow to Sign InThe following terms are introduced in this section: Multi-factor Authentication (MFA) - MFA is an additional layer of security thatfunctions as a “second” password. It is transmitted as a numeric code to the user’s email(by default) or phone and is good for one sign in only. MFA is required for most users ofCMS applications. See Section 10 How to Manage MFA and Recovery Devices formore information about MFA.Note: Email is automatically set up as the default MFA factor for all users that are required tolog in with MFA. The procedures described in this user guide use the Email factor whendescribing login procedures and the procedures to use IDM Self-Service account functions.Users are encouraged to add additional factors using the procedures described in Section10 How to Manage MFA and Recovery Devices.Use the following procedure to sign in.1) Navigate to https://home.idm.cms.gov The Sign-In window appears as illustrated byFigure 1: IDM System Sign-In Window.2) Enter the User ID and Password.3) Read the Terms & Conditions, click the checkbox to acknowledge agreement, and thenclick the Sign In button. The Verification Code Request window appears.4) Click the Send me the Code button. The screen refreshes and the Code Requestwindow appears. 35) Enter the Verification Code.46) (Optional) Click the checkbox to select the option “Do not challenge me on this devicefor the next 30 minutes”. If the checkbox is selected, users will bypass the MFAverification if they sign out and sign back into the system again within 30 minutes of theirinitial sign in.7) Click the Verify button. The IDM Self Service Dashboard appears.3Users who have multiple MFA devices registered to their profile can choose which one they wish touse. A list of devices will only be visible if the user has two or more active MFA devices.4Users who have multiple MFA factors should follow the directions for the MFA factor they havechosen to use. If the MFA factor uses push notifications, a verification code is not required.User Guide Version 1.06Identity Management (IDM)
CMS XLCHow to Sign InNote: Users whose accounts where migrated from the legacy Enterprise IdentityManagement (EIDM) System or whose accounts where uploaded with a new applicationshould update the answer to their security question using the procedures in Section 11.6How to Change the User Security Question and Answer.Note: It is recommended that all users add additional MFA and/or Recovery devices using theprocedures in Section 10 How to Manage MFA and Recovery Devices.5.1The IDM Self Service Dashboard at a GlanceThe IDM Self Service Dashboard provides access to functions that allow users to manage theiruser profile, request new applications, and manage roles for applications to which they havebeen granted access.Figure 2: Self Service Dashboard LayoutTable 1: Self Service Dashboard LayoutReferenceName1IDM Self ServiceHome ButtonThis button returns the user to the IDM Self ServiceDashboard.2IDM Self-ServiceFunction ButtonsThese buttons provide user access to the functions that areaccessed through the IDM Self Service Dashboard.3My RequestsCounterThis counter displays the number of pending requests thatthe user has submitted. It also provides 1-click access to alist of those requests.User Guide Version 1.0Description7Identity Management (IDM)
CMS XLCHow to Sign InReferenceName4Dropdown Menu5Self ServiceTaskbarUser Guide Version 1.0DescriptionThis menu displays user’s identity and provides access tothe Log Out function when clicked.This taskbar appears whenever a user accesses one of theSelf Service functions. It enables the user to move betweenthe various Self Service functions.8Identity Management (IDM)
CMS XLC6.How to Request a RoleHow to Request a RoleThe following terms are introduced in this section: Remote Identity Proofing (RIDP) - Describes the process that is used to confirm aperson’s identity. Most users will be required to complete RIDP as part of the process ofbeing approved for a role. RIDP is also called Identity Verification. Users may have threeopportunities to verify their identity. Verification occurs in the following order:oOnline Proofing - An identity verification procedure that uses Experian’scomputer-based Identity Verification service.oPhone Proofing - An identity proofing procedure that uses Experian’s telephonebased Identity Verification service. Phone proofing is only available if the user isunable to verify their identity using online proofing.oManual Proofing - An identity proofing procedure that is performed by anApplication (Tier 1) Help Desk in accordance with their policies. Manual proofingis not offered by every application and is only available if the user is unable tofirst verify their identity through online proofing and phone proofing.Note: Users with foreign addresses will not be eligible for online proofing or phone proofing.6.1How to Request a Role for a New ApplicationNote: The Transformed Medicaid Statistical Information System (T-MSIS) application will beused in this section as an example of the typical procedure for requesting roles and foradding role attributes. The procedure for other applications may vary slightly.Users request a role for a new application using the Role Request button that is located on theSelf Service Dashboard.1) Click the Role Request button.The Role R
1.1 Identity Management (IDM) System Overview CMS created the IDM System to provide Business Partners with a means to request and obtain a single User ID which they can use to access one or more CMS applications. The IDM System uses a cloud-based distributed architecture that supports the needs of both legacy and new
The following sections provide an overview of the options for identity management (IdM) and access control in Red Hat Enterprise Linux. After reading these sections, you will be able to approach the planning stage for your environment. 1.1. INTRODUCTION TO IDM This module explains the purpose of Identity Management (IdM) in Red Hat Enterprise .
Apr 29, 2021 · System Login: https://mcref.cms.gov Access is now controlled by IDM Effective January 18, 2021, the Enterprise Identity Management (EIDM) system was upgraded to the Identity Management (IDM) system All existing accounts were brought over as-is Restricted to IDM PS&R SO / BSO / MCReF Approved Cost Report Filer
Identity Management (IdM) IdM is the process of managing the identification, authentication, and authorization of entities Identification: making an identity claim Authentication: providing evidence for an identity claim Authorization: determining and enforcing access pscr.gov 9
SAP NetWeaver Identity Management Distribution of users and role assignments for SAP and non-SAP systems Definition and rule-based assignment of meta roles Central Identity store Approval Workflows Identity Mgmt. monitoring & Audit HCM Integration e.g. Order2Cash e.g. on-boarding HCM Identity virtualization and identity as service through .
Identity Management (IdM) encompasses the maintenance tasks associated with the lifecycle of electronic identities: provisioning, de-provisioning, and handling changes in between. The IdM system also makes those identities, and a set of attributes for each identity,
Learning Zone for registration (https://lz.lausd.net) Search for ITAM-102 in the Class Offerings 4/16/2018 Group 1* sites complete online IDM assessment and go live 4/30/2018 Group 2* sites complete online IDM assessment and go live 5/14/2018 Group 3* sites complete online IDM assessment and go
Identity, Credential, and Access Management (ICAM) Identity Manager User Guide - Access Role User: OCIO MobileLinc_IT-Support-OCIO-IT 5 P a g e USDA For Official Use Only 2. Log into Identity Manager 2.1 Access the Identity Manager User Interface To access EEMS Identity Manager, go to the following URL: https://www.eauth.usda.gov
An Introduction to Random Field Theory Matthew Brett , Will Penny †and Stefan Kiebel MRC Cognition and Brain Sciences Unit, Cambridge UK; † Functional Imaging Laboratory, Institute of Neurology, London, UK. March 4, 2003 1 Introduction This chapter is an introduction to the multiple comparison problem in func-
