NCID Citizen Identity Project
The N.C. Department of Information Technology is updating the N.C. Identity Management (NCID) service through the Citizen Identity Project. This involves enhancing security, improving self-service and moving external user identities from the department’s on-prem infrastructure to a modern cloud-based service.
The information below provides project status information to state and local government agency employees who have public-facing applications that use NCID and that will be affected by this project.
Project Goals
- Adopt security best practices by separating external users (citizen and business accounts) from internal work force users (state and local government employee accounts). Currently, all types of user identities are stored together in one repository.
- Improve self-service options whereby citizen and business users can unlock accounts themselves and resolve and reset forgotten passwords without having to contact the NCDIT Service Desk.
- Allow and enable NCID logins using personal social credentials. For example, individuals could use their Gmail account credentials to register with NCID. Since people use their social logins more frequently, they tend to remember these credentials. As a result, people can minimize forgetting and resetting their passwords, and they can unlock their own accounts.
- Enable multi-factor authentication (MFA) for both external and internal work force users. Currently, only internal work force individuals use MFA. MFA provides an additional layer of security by requiring users to authenticate with their user ID and password combination as well as an additional code that is sent to their validated email address or phone number.
- Support user identity proofing confirmation. This is required by some applications that allow external user identities. Identity proofing is a security approach to confirm that a person logging in is who they say they are. User identity can be verified by a) physical identification documents, such as a driver’s license, b) knowledge-based security questions, such as asking the user to pick their past address from a list of addresses, c) biometrics.
- Implement high-availability functionality. This provides system redundancy that enables agency applications to failover with negligible downtime in the event of system interruption.
Project Status
| Date | Activity |
|---|---|
| March 5, 2023 | Implemented Pre-Prod Cutover |
| Feb. 15, 2023 | Town hall session for NCDIT Service Desk |
| Jan. 13, 2023 | Town hall session for SAML integration |
| Jan. 12, 2023 | Town hall session for shared LDAP integration |
| Jan. 10, 2023 | Town hall session for HTTP proxy integration |
| Dec. 14, 2022 | Town hall session for directory sync integration |
| Dec. 13, 2022 | Town hall session for web service integration |
| December 2022 | HTTP proxy integration testing in development by agency applications |
| December 2022 | Web service integration testing in development by agency applications |
| April to June 2022 | Reached out to agencies to confirm application owners |
| March 2022 | Business requirements document, design discussions, establish connectivity for development environments |
| January to February 2022 | Requirements-gathering workshops |
| December 2021 | Project kick-off meeting |
| October 2021 | Contract awarded to Simeio Solutions LLC |
Upcoming Activities*
*Dates are projections and may change.
Registration, Self-Service, Helpdesk Function, Role Management Functions
|
What |
Who |
When |
Why |
|---|---|---|---|
|
User acceptance testing:
|
Agency application owners, Helpdesk staff |
March 5 to March 24 |
This will help validate user interface screens. |
|
Go live - External Identities in Simeio-Ping directory in Production |
Agency application owners |
May 21 | External Identities would be migrated from NCID to Simeio-Ping directory. |
Directory Sync Applications
|
What |
Who |
When |
Why |
|---|---|---|---|
|
Agency application owners & Simeio |
Nov. 1 to March 17, 2023 |
To resolve any issues before we launch in Pre-Production. |
|
Agency application owners & Simeio |
March 10 to March 31 |
To resolve any issues before we launch in Production. |
|
Establish connectivity between Agency Directory & Simeio-Ping Directory in Prod |
Agency application owners & Simeio |
March 20 to March 31 |
Prep for Production. |
|
Validate applications in Prod env |
Agency application owners |
May 21 |
Go live |
Web-Service Applications
|
What |
Who |
When |
Why |
|---|---|---|---|
|
Test applications in Pre-Prod env |
Agency application owners |
March 5 to March 24 |
To resolve any issues before we launch in Production. |
|
Validate applications in Prod |
Agency application owners |
May 21 |
Go live |
SAML Applications
|
What |
Who |
When |
Why |
|---|---|---|---|
| Test applications in Pre-Prod | Agency app owners | March 6 to March 24 | Test SAML apps in Pre-Prod |
| Validate applications in Prod | Agency app owners | May 21 | Go live |
|
Simeio provide metadata for Dev, Pre-Prod and Prod |
Simeio |
May 29 |
To onboard SAML applications to Simeio Access Manager. |
|
Provide application metadata for Dev, Pre-Prod and Prod |
Agency app owners |
May 30 to June 9 |
To onboard SAML applications to Simeio Access Manager. |
|
Configure application in Dev |
Simeio/Agency app owners |
June 12 to June 30 |
To adopt the new AM solution. |
|
Test application in Dev |
Agency app owners |
July 3 to July 14 |
To adopt the new AM solution. |
|
Configure application in Pre-Prod |
Simeio/Agency app owners |
July 17 to Aug. 4 |
To adopt the new AM solution. |
|
Test application in Pre-Prod |
Agency app owners |
Aug. 7 to Aug. 18 |
To adopt the new AM solution. |
|
Configure application in Prod |
Simeio/Agency app owners |
Aug. 21 to Sep. 8 |
Go live – as soon as the application is configured, it will be live. |
Shared LDAP Applications
|
What |
Who |
When |
Why |
|---|---|---|---|
| Test applications in Pre-Prod | Agency app owner | March 27 to April 7 | To enable agencies to test their applications in Pre-Prod and resolve any issues before we launch in Prod. |
| Validate applications in Prod | Agency app owner | May 21 | Go live |
HTTP Proxy Applications
|
What |
Who |
When |
Why |
|---|---|---|---|
|
Test application in Pre-Prod for existing HTTP Proxy |
Agency app owner |
March 6 to March 24 |
To validate application function using the existing HTTP Proxy solution. |
|
Deploy authentication plug-in for Prod |
NCID team |
May 21 |
To allow authentication of external users against Simeio Directory and internal users against NetIQ eDirectory. |
|
Validate application in Prod for existing HTTP Proxy |
Agency app owner |
May 21 |
To validate application function using the existing HTTP Proxy solution. |
|
DNS cutover of the application URL in Dev & Pre-Prod |
NCID/NCDIT network |
May 30 to June 16 |
To validate the new HTTP Proxy solution. |
|
Test application in Dev and Pre prod with the new HTTP Proxy |
Agency app owner |
June 19 to July 14 |
To validate application function using the new HTTP Proxy solution. |
|
DNS cutover of the application URL in Prod |
NCID/NCDIT network |
Aug. 7 to Aug. 18 |
Go live with the new HTTP Proxy. |
Project Archives
- Web Service Integration Document
- Web Service Integration Town Hall Recording
- Directory Sync Integration Document
- Directory Sync Integration Town Hall Recording
- HTTP Proxy Integration Document
- HTTP Proxy Integration Town Hall Recording
- SAML Integration Document
- SAML Integration Town Hall Recording
- Shared LDAP Integration Document
- Shared LDAP Integration Town Hall Recording
- Frequently Asked Questions Document
Notes
- Initial implementation is focused on migrating existing external identities to Simeio followed by migrating applications using external identities to Simeio while keeping application impact to a minimum.
- Implementation for social logins, multi-factor authentications, identity proofing will occur in a later phase.
Contact
For questions about this project, please contact Jim Shafer, Identity Management operations manager.