NCID Administrators Frequently Asked Questions
NCID administrators are state and local government employees who manage the user accounts that people in their agencies use to log in to state websites and services. Administrators set up accounts for new employees in their organizations and close or transfer accounts when employees leave.
These FAQs give help administrators manage NCID accounts and understand their responsibilities.
Administrators can have the following roles:
- Delegated administrators—manage user accounts within their organization, division or section
- Application administrators—control access to roles and applications, promote and demote users to application administrator
- NCDIT Service Desk—unlock accounts for all NCID users, reset passwords only for NCDIT employees
- Agency service desk administrators—unlock accounts and reset passwords for employees of their state agency, cannot reset accounts for delegated administrators
Agencies should apply for a delegated administrator as soon as one is needed. It is recommended that a minimum of two people be assigned as administrators for each agency level.
Agencies makes this business decision. They delegate the role to, for example, human resources, security or network administrators.
Yes. The remaining delegated administrator should make another user a backup delegated administrator. Every agency should always have more than one delegated administrator.
View instructions on how to make a change to your agency's listing in the NCID Administrators web directory.
No, application owners may also assign roles.
On the NCID site, click on the "Update Employee Account" link on the "Identity Self-Service" tab. Search for the user account you wish to view.
No, the system does not issue any warnings.
Anyone, including the general public, can create non-employee accounts (i.e., business or individual accounts). Administrators do not vet, approve or manage non-employee accounts.
No such form or template exists.
No, new accounts are automatically approved when created.
Users' email accounts most likely are treating messages from NCID as spam. To ensure that NCID messages are always delivered to users' inbox, ask that before completing self-registration, users verify that their email is set up to accept messages from firstname.lastname@example.org.
If users do not receive an email in their inbox a few minutes after registering for a new account, ask them to check if the message was marked as spam and sent to their junk email folder. Users can move the message to their inbox and validate their new account.
Delegated administrators are not notified if users do not login.
No, NCID does not use BEACON to provision new state employee accounts. Human resources generate BEACON numbers when entering employees in BEACON.
No, this enhancement will be part of a future next-generation system.
State agencies are billed for every active NCID account. Billing stops when an account is deactivated, but an agency's billing numbers are set once annually. Early in the calendar year, the NCDIT billing group requests a list of current active NCID state agency accounts and uses that number to bill for NCID accounts for the next 12 months.
Deactivating, Archiving and Reactivating Accounts
Accounts must be first deactivated and then archived. Archiving accounts removes all account information from NCID. BEACON has authority over employee numbers unique to each person. If employees return after leaving and archiving their NCID accounts, they follow the same process to link their employee number in BEACON with their new NCID account.
Employee accounts must be manually archived after deactivation. Non-employee accounts are deactivated and archived automatically after 18 months of inactivity.
No. Delegated administrators do not manage individual and business accounts. Only these users can archive their accounts.
They stay deactivated until delegated administrators reactivate or archive them.
Several things can happen. First, the receiving agency can approve the request. Second, the receiving agency can reject the request, and the user account stays in the current agency. Third, after seven days, the workflow expires, and the account remains with the current agency. The account stays in the same state as before the transfer. Account expiration can also be set for a future date.
This is a business, not a technical, process. It is assumed that the agency notifies delegated administrators (following the same notification process for deactivating and archiving accounts).
No, only state agencies can do agency-to-agency transfers.
No, not having to deactivate or archive accounts simplifies the process.
No, if the application is set up to allow cross-agency access.
No, the DOT role manager grants access to applications. However, if access is automatically granted based on division, users need accounts within that division.
This feature is a component of Microsoft 365, not NCID.