NCID Administrators Frequently Asked Questions NCID administrators are state and local government employees who manage the user accounts that people in their agencies use to log in to state websites and services. Administrators set up accounts for new employees in their organizations and close or transfer accounts when employees leave. These FAQs give help administrators manage NCID accounts and understand their responsibilities. Find contacts for NCID administrators. Roles What are the different roles can administrators have? Administrators can have the following roles: Delegated administrators—manage user accounts within their organization, division or section Application administrators—control access to roles and applications, promote and demote users to application administrator NCDIT Service Desk—unlock accounts for all NCID users, reset passwords only for NCDIT employees Agency service desk administrators—unlock accounts and reset passwords for employees of their state agency, cannot reset accounts for delegated administrators Accounts Do administrators create and delete individual and business accounts? Anyone, including the general public, can create non-employee accounts (i.e., business or individual accounts). Administrators do not vet, approve or manage non-employee accounts. Is there an official new user form or template for creating user accounts? No such form or template exists. Do delegated administrators need to approve new employee accounts on their work board? No, new accounts are automatically approved when created. Why do some users not receive the activation email after registering for a new account? Users' email accounts most likely are treating messages from NCID as spam. To ensure that NCID messages are always delivered to users' inbox, ask that before completing self-registration, users verify that their email is set up to accept messages from ncid.notifications@nc.gov. If users do not receive an email in their inbox a few minutes after registering for a new account, ask them to check if the message was marked as spam and sent to their junk email folder. Users can move the message to their inbox and validate their new account. Are delegated administrators notified if employees do not login within 14 days after their account is created? Delegated administrators are not notified if users do not login. Does NCID use BEACON to set up new state employee accounts? No, NCID does not use BEACON to provision new state employee accounts. Human resources generate BEACON numbers when entering employees in BEACON. Can users have an association other than an employee relationship with an organization (e.g., a physician with a state hospital)? No, this enhancement will be part of a future next-generation system. Are agencies billed for NCID accounts? If so, how much? When does billing stop – when accounts are deactivated or archived? State agencies are billed for every active NCID account. Billing stops when an account is deactivated, but an agency's billing numbers are set once annually. Early in the calendar year, the NCDIT billing group requests a list of current active NCID state agency accounts and uses that number to bill for NCID accounts for the next 12 months. Delegated Administrators When should an agency apply for delegated administrator designation? Agencies should apply for a delegated administrator as soon as one is needed. It is recommended that a minimum of two people be assigned as administrators for each agency level. In a government agency, who usually acts as delegated administrators? Agencies makes this business decision. They delegate the role to, for example, human resources, security or network administrators. If a delegated administrator transfers or separates, is the backup delegated administrator the only one who can delegate another administrator? Yes. The remaining delegated administrator should make another user a backup delegated administrator. Every agency should always have more than one delegated administrator. May only delegated administrators assign roles? No, application owners may also assign roles. Can administrators review employee information without performing actions on accounts? On the NCID site, click on the "Update Employee Account" link on the "Identity Self-Service" tab. Search for the user account you wish to view. Do administrators receive automated alerts when employees stop working? No, the system does not issue any warnings. Deactivating, Archiving and Reactivating Accounts How are accounts archived to release employee numbers? Accounts must be first deactivated and then archived. Archiving accounts removes all account information from NCID. BEACON has authority over employee numbers unique to each person. If employees return after leaving and archiving their NCID accounts, they follow the same process to link their employee number in BEACON with their new NCID account. Are deactivated accounts automatically archived? Employee accounts must be manually archived after deactivation. Non-employee accounts are deactivated and archived automatically after 18 months of inactivity. Can delegated administrators deactivate and archive individual accounts? No. Delegated administrators do not manage individual and business accounts. Only these users can archive their accounts. How long do accounts stay deactivated? They stay deactivated until delegated administrators reactivate or archive them. Can multiple accounts be reactivated at one time? No. Transferring Accounts What happens if the receiving agency does not approve user transfers within seven days? Several things can happen. First, the receiving agency can approve the request. Second, the receiving agency can reject the request, and the user account stays in the current agency. Third, after seven days, the workflow expires, and the account remains with the current agency. The account stays in the same state as before the transfer. Account expiration can also be set for a future date. How do delegated administrators know when to transfer employee accounts? This is a business, not a technical, process. It is assumed that the agency notifies delegated administrators (following the same notification process for deactivating and archiving accounts). Can local government agencies, such as local education agencies, transfer accounts? No, only state agencies can do agency-to-agency transfers. Do agency-to-agency transfers require deactivating and archiving employees' account with their former agency? No, not having to deactivate or archive accounts simplifies the process. To give another agency employee access to my application, do they need another NCID account? No, if the application is set up to allow cross-agency access. Do DHHS employees need separate accounts to access DOT applications? No, the DOT role manager grants access to applications. However, if access is automatically granted based on division, users need accounts within that division. Miscellaneous Does NCID offer reports not related to NCID, such as immunization schedules? No, reports are specific to NCID. Every 24 hours, NCID generates a CSV format report for delegated administrators on the users they serve. On the NCID login screen, the text and buttons are sometimes hidden. How can users fix this? Your font size might be too large. Reduce it so that all the text and graphics fit on the screen. In Microsoft Edge, click on the View menu, and select the Text Size option. Click on the desired size (e.g., medium). If your mouse has a scroll wheel, hold the Ctrl key while turning the wheel toward you. When users login to email, could NCID give an alert that their account will expire soon and pointing them to NCID to change it? This feature is a component of Microsoft 365, not NCID.
NCID Administrators Frequently Asked Questions NCID administrators are state and local government employees who manage the user accounts that people in their agencies use to log in to state websites and services. Administrators set up accounts for new employees in their organizations and close or transfer accounts when employees leave. These FAQs give help administrators manage NCID accounts and understand their responsibilities. Find contacts for NCID administrators. Roles What are the different roles can administrators have? Administrators can have the following roles: Delegated administrators—manage user accounts within their organization, division or section Application administrators—control access to roles and applications, promote and demote users to application administrator NCDIT Service Desk—unlock accounts for all NCID users, reset passwords only for NCDIT employees Agency service desk administrators—unlock accounts and reset passwords for employees of their state agency, cannot reset accounts for delegated administrators Accounts Do administrators create and delete individual and business accounts? Anyone, including the general public, can create non-employee accounts (i.e., business or individual accounts). Administrators do not vet, approve or manage non-employee accounts. Is there an official new user form or template for creating user accounts? No such form or template exists. Do delegated administrators need to approve new employee accounts on their work board? No, new accounts are automatically approved when created. Why do some users not receive the activation email after registering for a new account? Users' email accounts most likely are treating messages from NCID as spam. To ensure that NCID messages are always delivered to users' inbox, ask that before completing self-registration, users verify that their email is set up to accept messages from ncid.notifications@nc.gov. If users do not receive an email in their inbox a few minutes after registering for a new account, ask them to check if the message was marked as spam and sent to their junk email folder. Users can move the message to their inbox and validate their new account. Are delegated administrators notified if employees do not login within 14 days after their account is created? Delegated administrators are not notified if users do not login. Does NCID use BEACON to set up new state employee accounts? No, NCID does not use BEACON to provision new state employee accounts. Human resources generate BEACON numbers when entering employees in BEACON. Can users have an association other than an employee relationship with an organization (e.g., a physician with a state hospital)? No, this enhancement will be part of a future next-generation system. Are agencies billed for NCID accounts? If so, how much? When does billing stop – when accounts are deactivated or archived? State agencies are billed for every active NCID account. Billing stops when an account is deactivated, but an agency's billing numbers are set once annually. Early in the calendar year, the NCDIT billing group requests a list of current active NCID state agency accounts and uses that number to bill for NCID accounts for the next 12 months. Delegated Administrators When should an agency apply for delegated administrator designation? Agencies should apply for a delegated administrator as soon as one is needed. It is recommended that a minimum of two people be assigned as administrators for each agency level. In a government agency, who usually acts as delegated administrators? Agencies makes this business decision. They delegate the role to, for example, human resources, security or network administrators. If a delegated administrator transfers or separates, is the backup delegated administrator the only one who can delegate another administrator? Yes. The remaining delegated administrator should make another user a backup delegated administrator. Every agency should always have more than one delegated administrator. May only delegated administrators assign roles? No, application owners may also assign roles. Can administrators review employee information without performing actions on accounts? On the NCID site, click on the "Update Employee Account" link on the "Identity Self-Service" tab. Search for the user account you wish to view. Do administrators receive automated alerts when employees stop working? No, the system does not issue any warnings. Deactivating, Archiving and Reactivating Accounts How are accounts archived to release employee numbers? Accounts must be first deactivated and then archived. Archiving accounts removes all account information from NCID. BEACON has authority over employee numbers unique to each person. If employees return after leaving and archiving their NCID accounts, they follow the same process to link their employee number in BEACON with their new NCID account. Are deactivated accounts automatically archived? Employee accounts must be manually archived after deactivation. Non-employee accounts are deactivated and archived automatically after 18 months of inactivity. Can delegated administrators deactivate and archive individual accounts? No. Delegated administrators do not manage individual and business accounts. Only these users can archive their accounts. How long do accounts stay deactivated? They stay deactivated until delegated administrators reactivate or archive them. Can multiple accounts be reactivated at one time? No. Transferring Accounts What happens if the receiving agency does not approve user transfers within seven days? Several things can happen. First, the receiving agency can approve the request. Second, the receiving agency can reject the request, and the user account stays in the current agency. Third, after seven days, the workflow expires, and the account remains with the current agency. The account stays in the same state as before the transfer. Account expiration can also be set for a future date. How do delegated administrators know when to transfer employee accounts? This is a business, not a technical, process. It is assumed that the agency notifies delegated administrators (following the same notification process for deactivating and archiving accounts). Can local government agencies, such as local education agencies, transfer accounts? No, only state agencies can do agency-to-agency transfers. Do agency-to-agency transfers require deactivating and archiving employees' account with their former agency? No, not having to deactivate or archive accounts simplifies the process. To give another agency employee access to my application, do they need another NCID account? No, if the application is set up to allow cross-agency access. Do DHHS employees need separate accounts to access DOT applications? No, the DOT role manager grants access to applications. However, if access is automatically granted based on division, users need accounts within that division. Miscellaneous Does NCID offer reports not related to NCID, such as immunization schedules? No, reports are specific to NCID. Every 24 hours, NCID generates a CSV format report for delegated administrators on the users they serve. On the NCID login screen, the text and buttons are sometimes hidden. How can users fix this? Your font size might be too large. Reduce it so that all the text and graphics fit on the screen. In Microsoft Edge, click on the View menu, and select the Text Size option. Click on the desired size (e.g., medium). If your mouse has a scroll wheel, hold the Ctrl key while turning the wheel toward you. When users login to email, could NCID give an alert that their account will expire soon and pointing them to NCID to change it? This feature is a component of Microsoft 365, not NCID.
