Title: eAuthentication Initiative
1eAuthentication Initiative
- eAuthentication Solution Screens Review Meeting
October 7, 2003
2Agenda
- Customer Registration Process
- Customer Registration - Level 1
- Customer Registration - Level 2
- Local Registration Authority (LRA) Role
Assignment - Delegated Authorization Administration
- Questions and Answers
3USDAs eAuthentication Home Page
http//www.eAuth.egov.usda.gov COMING SOON!
4Customer Registration Process
- Customer options for online self-registration
- Option 1 The customer applies for just Level 1
credentials - Requires limited amount of information to
complete customer profile - Requires a minimum 4 character password
- Grants limited access, no identity-proofing
required - Receives an email confirmation with request to
activate customer profile with Level 1
credentials - Option 2 The customer currently has Level 1
credentials and decides to complete the process - to apply for Level 2 credentials
- Requires additional customer information
- Requires password change to minimum 9 characters
- Requires authentication of identity by USDA
employee Local Registration Authority (LRA) - Receive confirmation email
- Option 3 The customer applies for Level 2
credentials without having Level 1 credentials - Requires Customer to complete an expanded User
Profile - Requires a minimum 9 character password
- Requires authentication of identity by USDA
employee - LRA
5Process Flow- Level 1 Assurance
Obtain User ID and Level 1 credential
Access Level 1 Web applications
Customer Creates a User Profile and clicks the
Submit button
6Customer Regisitration Level 1
DRAFT
7Process Flow- Level 2 Assurance
LRA verifies customers identity and updates the
system
Access Level 2 Applications
Customer Creates User Profile and clicks Submit
LRA updates customer profile in the system and
activates level 2 credentials
Customer presents valid government issued ID to
LRA
LRA verifies ID information against customer
profile in the system
8DRAFT
9Customer Registration Key Points
- Email is a required field in this registration
process. The customer will be advised to
establish email accounts from companies like
Yahoo, Hotmail, or their local Internet Service
Provide (ISP) if they do not already have an
established email account elsewhere. - The customer will receive an error message if all
of the required fields are not completed and the
system will not accept the user profile. - Once the customer completes and submits their
user profile online, the customer will receive a
verification email. This verification email will
provide the customer with log on instructions
that will activate their access level
10Process Flow - LRA Processing
The LRA is responsible for completing the
following 3 steps
The LRA searches for the customers name in the
USDA eAuthentication website
The LRA validates the customers user profile
against the customers government issued photo ID
The LRA activates the customers Level 2
credential
11Local Registration Authority Process Step 1
- Search
- Go to USDA eAuthentication web site
http//www.eAuth.egov.usda.gov to access the
application to activate a customer to Level 2 - Click on the My Task tab to access the My Task
for extUsers screen - Click on the task Validate Level 2 Customer
Click on Validate Level 2 Customer to access
search page
This site is protected by WebCAAF - All federal
employees wishing to be LRAs must have WebCAAF
ID and password
12Local Authority Registration Process Step 1
- The Validate Level 2 Customer Search for
- Level 2 Customer page is displayed
- Select Last Name from the Search Option drop
down menu (Last Name is the default) - Select Equals from the drop down menu to
specify the relationship you wish to search
(Equals is the default) - Enter the customers last name using the valid
form of identification that is presented - Click the Add More button to display additional
search criteria (i.e. First Name, User ID, State) - Select First Name from the second Search drop
down menu - Select Equals from the drop down menu to
specify the relationship you wish to search - Enter the customers first name using the valid
form of identification that is presented - Click Search
- The drop down menu allows the LRA to manipulate
the search criteria
13Local Registration Authority Process Step 1
11. Search results are displayed on the
Validate Level 2 Customer Search for Level 2
Customer 12. If the information in the search
results matches the information specified on the
customers identification card, click on the
customers User ID listed on the search results
page to bring up the Customer Profile Note If
search results display more than one entry with
the same name, further confirmation will be
required to validate the customers identity. The
LRA should confirm one or more of the following
(a) Date of Birth, (b) User ID, and/or (c)
Address/State. The LRA must select each customer
one by one until the correct customer is selected
If the LRA entered the incorrect customer
information, the Search Again button will take
the LRA back to the previous screen
DHawes
1
Dana
Hawes
50 Fruitwood.
Cleveland
14Local Registration Authority Process Step 2
Validate
- Compare the customers first and last name on the
government issued photo identification card to
the information listed in the customers profile - Note If the information in the profile does not
match the information provided on the
identification card, advise the customer to
correct their User Profile, or obtain an updated
identification card and then return to the
Service Center to complete the eAuthentication
Registration Process - Validate the customers physical attributes and
resemblance to the government issued photo ID
that is presented - On the Credential Documentation Type pull-down
menu, select the appropriate form of government
issued identification presented by the customer
(Drivers license is the default ID)
The LRAs WebCAAF ID will automatically populate
in the LRA Admin field
15Local Registration Authority Process Step 3
Validate
16. Enter the expiration date that is shown on
the government issued photo ID that is presented
in the Credential Expiration field
Note A Confirmation message will display once
the LRA activates a customer
Activate
- 17. Click Submit to activate the customer to
Level 2 -
16Role Assignment Process
- Once level 2 credentials are activated by the
LRA, the customer can now access online
interactions that require Level 2 Assurance,
except for - If application requires additional information
before user authorization is permitted then, - Application owner determines how to collect
additional information - Application owner establishes some type of
delegated authorization administration - Application owner provides means for users to
access delegated authorization administrator
17Customer Role Request
You have provided valid credentials, but are not
authorized to access this page! Click below to
request access to this USDA web site Click here
Customer attempts to access a role protected
application
Customer is redirected to error page (Active
Response) and is guided through application
defined process
18Role Assignment
DRAFT
- Agency Application
- Administrator is responsible for
- Role Assignment
- Administrator goes to IMS
- Administrator searches for customer
19Role Assignment
DRAFT
3. Agency Application Administrator pulls up
customers profile and then clicks on the
Specific Admin Roles Tab
20Role Assignment
DRAFT
- 4. Administrator selects appropriate Role to
Assign to customer - 5. Administrator clicks on submit to activate the
customer role - 6. Administrator emails the customer to invite
him/her to access protected application - Agency is responsible for creating the proper
procedures for Role Assignments
21Questions and Answers