NCID Citizen Identity Project The N.C. Department of Information Technology is updating the N.C. Identity Management (NCID) service through the Citizen Identity Project. This involves enhancing security, improving self-service and moving external user identities from the department’s on-prem infrastructure to a modern cloud-based service. The information below provides project status information to state and local government agency employees who have public-facing applications that use NCID and that will be affected by this project. Project Goals Adopt security best practices by separating external users (citizen and business accounts) from internal work force users (state and local government employee accounts). Currently, all types of user identities are stored together in one repository. Improve self-service options whereby citizen and business users can unlock accounts themselves and resolve and reset forgotten passwords without having to contact the NCDIT Service Desk. Allow and enable NCID logins using personal social credentials. For example, individuals could use their Gmail account credentials to register with NCID. Since people use their social logins more frequently, they tend to remember these credentials. As a result, people can minimize forgetting and resetting their passwords, and they can unlock their own accounts. Enable multi-factor authentication (MFA) for both external and internal work force users. Currently, only internal work force individuals use MFA. MFA provides an additional layer of security by requiring users to authenticate with their user ID and password combination as well as an additional code that is sent to their validated email address or phone number. Support user identity proofing confirmation. This is required by some applications that allow external user identities. Identity proofing is a security approach to confirm that a person logging in is who they say they are. User identity can be verified by a) physical identification documents, such as a driver’s license, b) knowledge-based security questions, such as asking the user to pick their past address from a list of addresses, c) biometrics. Implement high-availability functionality. This provides system redundancy that enables agency applications to failover with negligible downtime in the event of system interruption. Project Status Date Activity March 2022 Business requirements document, design discussions, establish connectivity for development environments January to February 2022 Requirements-gathering workshops December 2021 Project kick-off meeting October 2021 Contract awarded to Simeio Solutions LLC Upcoming Activities* *Dates are projections and may change. Date Activity April 2022 Reach out to agencies to confirm application owners April to July 2022 Implement user interface components June 2022 Proof-of-concept application integration for SAML, HTTP-Proxy, LDAP Sync, Web service in development environment July 2022 Finalize design and application migration approach September 2022 Migrate external identities to Simeio/Ping Directory October 2022 Begin application migration in production Notes Initial implementation is focused on migrating existing external identities to Simeio followed by migrating applications using external identities to Simeio while keeping application impact to a minimum. Implementation for social logins, multi-factor authentications, identity proofing will occur in a later phase. Questions For questions about this project, please contact Jim Shafer, Identity Management operations manager.