Multifactor Authentication
Documents
- Multifactor Authentication and APD iConnect Access Presentation
- Provider Access to iConnect Flow Chart
Staff Account Management (for owners/operators)
Self Service Account Management (for all users)
- Self-Service Password Resets in CyberArk(Added 4/12/2024)
- Self-Service Phone Number Updates in CyberArk (Added 4/12/2024)
Videos
Important Account Security Information
APD’s Identity Proofing Administrative Security System (or “ID PASS”) is APD’s system for requesting user login accounts for access to APD systems.
The ID PASS system allows WSCs or Service Provider Business Owners to submit electronic applications for user login accounts for employees of the business.
APD Information Security will create user login accounts for Business Owners (and Sole Proprietors). Thereafter, Business Owners may request login accounts appropriate for their employees via the ID PASS system. Business Owners may also use ID PASS to delegate “Business Agents,” who may request user login accounts appropriate for business employees. This will facilitate the needs of larger organizations where the work of requesting business employee login accounts can be distributed among trusted members of the business. For example, HR staff might make good Business Agents to act in the Business Owner’s stead.
Business Owners and their Agents will be able to manage their employees’ login accounts as follows:
- Submit an application for a new employee’s login account
- Specify/modify the system roles that are appropriate for the employee’s access
- Terminate an employee’s login account
All APD system users (including Business Owners and Sole Proprietors) will undergo an Identity Proofing session through the ID PASS system as a part of the user login account creation process. The Identity Proofing session in the ID PASS system consists of a series of questions and multiple-choice answers that facilitate identity verification of the individual for whom the user login account is requested. In the rare case when an individual is unable to pass the Identity Proofing session, there will be an alternative manual process where the individual may prove their identity using a government-issued photo ID and verification of residential address.
Upon successful enrollment through the ID PASS system, a new user login account will be created. This will not be the same login account currently used for access to existing APD systems, but this new user login account will be used for all APD system access in the future, and older systems will be migrated to the new user login account, one by one. The goal is to have only one user login account per person for all APD systems, but it will take time and patience before that goal is fully realized.
The new user login account will utilize “Multi Factor Authentication” (“MFA” for short). This means each login to a system will require both a password and an authentication code delivered to the user’s phone via either voice call, or SMS text message. The enrollment process through the ID PASS system will allow the user to specify which phone number(s) the individual would like to use for receiving authentication text messages or voice calls.
In addition, there is an alternative to receiving an authentication text message or voice phone call. Using a smartphone (iPhone/Android), a user may install a Mobile Authenticator app, which will also handle the extra authentication in place of text message or voice call.
Also, self-service for forgotten passwords, locked login accounts, and password changes will be easier and more secure, facilitated by Multi Factor Authentication.