eAuthentication Initiative

1
eAuthentication Initiative

• eAuthentication Solution Screens Review Meeting

October 7, 2003
2
Agenda

• Customer Registration Process
• Customer Registration - Level 1
• Customer Registration - Level 2
• Local Registration Authority (LRA) Role
  Assignment
• Delegated Authorization Administration
• Questions and Answers

3
USDAs eAuthentication Home Page
http//www.eAuth.egov.usda.gov COMING SOON!
4
Customer Registration Process

• Customer options for online self-registration
• Option 1 The customer applies for just Level 1
  credentials
• Requires limited amount of information to
  complete customer profile
• Requires a minimum 4 character password
• Grants limited access, no identity-proofing
  required
• Receives an email confirmation with request to
  activate customer profile with Level 1
  credentials
• Option 2 The customer currently has Level 1
  credentials and decides to complete the process
• to apply for Level 2 credentials
• Requires additional customer information
• Requires password change to minimum 9 characters
• Requires authentication of identity by USDA
  employee Local Registration Authority (LRA)
• Receive confirmation email
• Option 3 The customer applies for Level 2
  credentials without having Level 1 credentials
• Requires Customer to complete an expanded User
  Profile
• Requires a minimum 9 character password
• Requires authentication of identity by USDA
  employee - LRA

5
Process Flow- Level 1 Assurance
Obtain User ID and Level 1 credential
Access Level 1 Web applications
Customer Creates a User Profile and clicks the
Submit button
6
Customer Regisitration Level 1
DRAFT
7
Process Flow- Level 2 Assurance
LRA verifies customers identity and updates the
system
Access Level 2 Applications
Customer Creates User Profile and clicks Submit
LRA updates customer profile in the system and
activates level 2 credentials
Customer presents valid government issued ID to
LRA
LRA verifies ID information against customer
profile in the system
8
DRAFT
9
Customer Registration Key Points

• Email is a required field in this registration
  process. The customer will be advised to
  establish email accounts from companies like
  Yahoo, Hotmail, or their local Internet Service
  Provide (ISP) if they do not already have an
  established email account elsewhere.
• The customer will receive an error message if all
  of the required fields are not completed and the
  system will not accept the user profile.
• Once the customer completes and submits their
  user profile online, the customer will receive a
  verification email. This verification email will
  provide the customer with log on instructions
  that will activate their access level

10
Process Flow - LRA Processing
The LRA is responsible for completing the
following 3 steps
The LRA searches for the customers name in the
USDA eAuthentication website
The LRA validates the customers user profile
against the customers government issued photo ID
The LRA activates the customers Level 2
credential
11
Local Registration Authority Process Step 1

• Search
• Go to USDA eAuthentication web site
  http//www.eAuth.egov.usda.gov to access the
  application to activate a customer to Level 2
• Click on the My Task tab to access the My Task
  for extUsers screen
• Click on the task Validate Level 2 Customer

Click on Validate Level 2 Customer to access
search page
This site is protected by WebCAAF - All federal
employees wishing to be LRAs must have WebCAAF
ID and password
12
Local Authority Registration Process Step 1

• The Validate Level 2 Customer Search for
• Level 2 Customer page is displayed
• Select Last Name from the Search Option drop
  down menu (Last Name is the default)
• Select Equals from the drop down menu to
  specify the relationship you wish to search
  (Equals is the default)
• Enter the customers last name using the valid
  form of identification that is presented
• Click the Add More button to display additional
  search criteria (i.e. First Name, User ID, State)
• Select First Name from the second Search drop
  down menu
• Select Equals from the drop down menu to
  specify the relationship you wish to search
• Enter the customers first name using the valid
  form of identification that is presented
• Click Search

• The drop down menu allows the LRA to manipulate
  the search criteria

13
Local Registration Authority Process Step 1
11. Search results are displayed on the
Validate Level 2 Customer Search for Level 2
Customer 12. If the information in the search
results matches the information specified on the
customers identification card, click on the
customers User ID listed on the search results
page to bring up the Customer Profile Note If
search results display more than one entry with
the same name, further confirmation will be
required to validate the customers identity. The
LRA should confirm one or more of the following
(a) Date of Birth, (b) User ID, and/or (c)
Address/State. The LRA must select each customer
one by one until the correct customer is selected
If the LRA entered the incorrect customer
information, the Search Again button will take
the LRA back to the previous screen
DHawes
1
Dana
Hawes
50 Fruitwood.
Cleveland
14
Local Registration Authority Process Step 2
Validate

• Compare the customers first and last name on the
  government issued photo identification card to
  the information listed in the customers profile
• Note If the information in the profile does not
  match the information provided on the
  identification card, advise the customer to
  correct their User Profile, or obtain an updated
  identification card and then return to the
  Service Center to complete the eAuthentication
  Registration Process
• Validate the customers physical attributes and
  resemblance to the government issued photo ID
  that is presented
• On the Credential Documentation Type pull-down
  menu, select the appropriate form of government
  issued identification presented by the customer
  (Drivers license is the default ID)

The LRAs WebCAAF ID will automatically populate
in the LRA Admin field
15
Local Registration Authority Process Step 3
Validate
16. Enter the expiration date that is shown on
the government issued photo ID that is presented
in the Credential Expiration field
Note A Confirmation message will display once
the LRA activates a customer
Activate

• 17. Click Submit to activate the customer to
  Level 2

16
Role Assignment Process

• Once level 2 credentials are activated by the
  LRA, the customer can now access online
  interactions that require Level 2 Assurance,
  except for
• If application requires additional information
  before user authorization is permitted then,
• Application owner determines how to collect
  additional information
• Application owner establishes some type of
  delegated authorization administration
• Application owner provides means for users to
  access delegated authorization administrator

17
Customer Role Request
You have provided valid credentials, but are not
authorized to access this page! Click below to
request access to this USDA web site Click here
Customer attempts to access a role protected
application
Customer is redirected to error page (Active
Response) and is guided through application
defined process
18
Role Assignment
DRAFT

• Agency Application
• Administrator is responsible for
• Role Assignment
• Administrator goes to IMS
• Administrator searches for customer

19
Role Assignment
DRAFT
3. Agency Application Administrator pulls up
customers profile and then clicks on the
Specific Admin Roles Tab
20
Role Assignment
DRAFT

• 4. Administrator selects appropriate Role to
  Assign to customer
• 5. Administrator clicks on submit to activate the
  customer role
• 6. Administrator emails the customer to invite
  him/her to access protected application
• Agency is responsible for creating the proper
  procedures for Role Assignments

21
Questions and Answers