The Statewide Identity Management System was created to provide a common authentication and authorization mechanism to the various statewide applications. This includes the ability for users to self-service their password changes, as well as central and distributed management of users across the state. The system provides both single sign-on capabilities to participating applications, and also a single credential for those applications that are using the system for authentication without the Single Sign-On component.
All communication with the Statewide Identity Management System utilizes SSL. Due to the fact that the IdM's certificates are signed by a certificate authority, it should not be necessary to import any certificates to enable SSL communication provided Java 1.6 or later, and a current web browser are used.
In particular, the SSDT has tested the latest versions of VRF (18.104.22.168) from Edustuctures and have verified that the VRF will communicate with the State IdM without loading any custom certificates into VRF or the Java keystores.
IdM passwords are set to expire at 180 days. There will be a warning shown on a login attempt beginning at 30 days out that the password is about to expire when signing into a Single Sign-On application.
If a user is unable to log into an application, frequently the issue can be resolved by the user following the self-service password change prompts and setting a new password for their account in the IdM Admin Console
When changing the password, you cannot reuse the last password, and the password must be at least 8 characters in length and include 1 digit.
Modifying User Information
In IdM, the username and the e-mail address must be the same. If you attempt to change either or both of these, the user account will not be changed completely. It may appear correct in the ODE Identity Management Console, but some of the attributes will not transition to the modified account. The best and safest way to change these is to disable the old account and create an entirely new account with the required access. Other attributes (name, organization, etc.) can usually be modified without any issues.
Troubleshooting Account Issues
If you are having a problem with logging into a Single Sign-On application using your IdM Single Sign-on Account, the following procedures should be followed to resolve the problem:
Cannot remember password
- Navigate to the ODE Identity Management Console.
- Follow the Forgot Password link on the left side under the Help Section to change your password. You will need to enter your userid and respond to the challenge questions that you answered the first time you changed your password in IdM.
- Enter a new password.
- If you cannot remember the answers to your challenge questions, or cannot remember your userid, you will need to contact an administrator in order to have your password reset. Depending upon your organization, this individual may be at the school, district, or ITC level.
If you receive a message stating that your account is locked when trying to log into the Single Sign-On Account Administration, or any Single Sign-On application, you can follow the Forgot Password procedures to reset your password which will result in unlocking your account for the Administrative Console. If you have not answered the challenge questions associated with your account, you will need to contact an administrator to have your account unlocked.
Cannot log into application
Not all applications using the Statewide Identity Management System make use of the Single Sign-On capability. In these instances, these applications use the system for their authentication and authorization, but may or may not provide the same level of feedback on an unsuccessful login that the Single Sign-On application do, so it may be difficult to determine if an account is locked, or a password is expired. In most cases, resetting your password should solve the majority of login issues encountered.
Additional Related Documents
Provided below are several documents that are pertinent to the system and management of users within the system. As documents are updated, the latest changes will be posted to this location.
- Administrative documents
IdM Bulkload Template.xls - Template spreadsheet to be used to bulk load users into the IdM System
Note: Accounts that already exist in the system cannot be updated through the bulk load process. This is for new account creation only.
- Provisioning EMIS-R in IDM.pdf - Provisioning a user to EMIS-R within the IdM System
- EMISFFE access is no longer handled through IdM. Users will need to have an account created in EMISFFE by their OECN ITC in order to access EMISFFE.
Provisioning the EMIS Flat File Editor in IDM.pdf - Provisioning a user to the EMIS Flat File Editor within the IdM System
- End User documents
- End User IdM Account Management Procedures.pdf - A tutorial for end users on managing your IdM Account
- Recorded Training Session(s)
- Recorded Elluminate Training Session: August 7, 2008 Password: idm123456
For assistance with IdM related questions, first contact your district or ITC personnel.
ITC personnel with IdM related questions should contact the system administrators at firstname.lastname@example.org