NCID Administrators Frequently Asked Questions

NCID administrators are state and local government employees who manage the user accounts that people in their agencies use to log in to state websites and services. Administrators set up accounts for new employees in their organizations and close or transfer accounts when employees leave.

These FAQs give help administrators manage NCID accounts and understand their responsibilities.

Find contacts for NCID administrators.


Tab/Accordion Item

Administrators can have the following roles:

  • Delegated administrators—manage user accounts within their organization, division or section
  • Application administrators—control access to roles and applications, promote and demote users to application administrator
  • NCDIT Service Desk—unlock accounts for all NCID users, reset passwords only for NCDIT employees
  • Agency service desk administrators—unlock accounts and reset passwords for employees of their state agency, cannot reset accounts for delegated administrators

Delegated Administrators

Tab/Accordion Item

Agencies should apply for a delegated administrator as soon as one is needed. It is recommended that a minimum of two people be assigned as administrators for each agency level.

Agencies makes this business decision. They delegate the role to, for example, human resources, security or network administrators.

Yes. The remaining delegated administrator should make another user a backup delegated administrator. Every agency should always have more than one delegated administrator.

No, application owners may also assign roles.

On the NCID site, click on the "Update Employee Account" link on the "Identity Self-Service" tab. Search for the user account you wish to view.

No, the system does not issue any warnings.


Tab/Accordion Item

Anyone, including the general public, can create non-employee accounts (i.e., business or individual accounts). Administrators do not vet, approve or manage non-employee accounts.

No such form or template exists.

No, new accounts are automatically approved when created.

Users' email accounts most likely are treating messages from NCID as spam. To ensure that NCID messages are always delivered to users' inbox, ask that before completing self-registration, users verify that their email is set up to accept messages from

If users do not receive an email in their inbox a few minutes after registering for a new account, ask them to check if the message was marked as spam and sent to their junk email folder. Users can move the message to their inbox and validate their new account.

Delegated administrators are not notified if users do not login.

No, NCID does not use BEACON to provision new state employee accounts. Human resources generate BEACON numbers when entering employees in BEACON.

No, this enhancement will be part of a future next-generation system.

State agencies are billed for every active NCID account. Billing stops when an account is deactivated, but an agency's billing numbers are set once annually. Early in the calendar year, the NCDIT billing group requests a list of current active NCID state agency accounts and uses that number to bill for NCID accounts for the next 12 months.

Deactivating, Archiving and Reactivating Accounts

Tab/Accordion Item

Accounts must be first deactivated and then archived. Archiving accounts removes all account information from NCID. BEACON has authority over employee numbers unique to each person. If employees return after leaving and archiving their NCID accounts, they follow the same process to link their employee number in BEACON with their new NCID account.

Employee accounts must be manually archived after deactivation. Non-employee accounts are deactivated and archived automatically after 18 months of inactivity.

No. Delegated administrators do not manage individual and business accounts. Only these users can archive their accounts.

They stay deactivated until delegated administrators reactivate or archive them.


Transferring Accounts

Tab/Accordion Item

Several things can happen. First, the receiving agency can approve the request. Second, the receiving agency can reject the request, and the user account stays in the current agency. Third, after seven days, the workflow expires, and the account remains with the current agency. The account stays in the same state as before the transfer. Account expiration can also be set for a future date.

This is a business, not a technical, process. It is assumed that the agency notifies delegated administrators (following the same notification process for deactivating and archiving accounts).

No, only state agencies can do agency-to-agency transfers.

No, not having to deactivate or archive accounts simplifies the process.

No, if the application is set up to allow cross-agency access.

No, the DOT role manager grants access to applications. However, if access is automatically granted based on division, users need accounts within that division.


Tab/Accordion Item

No, reports are specific to NCID. Every 24 hours, NCID generates a CSV format report for delegated administrators on the users they serve.

Your font size might be too large. Reduce it so that all the text and graphics fit on the screen. In Microsoft Edge, click on the View menu, and select the Text Size option. Click on the desired size (e.g., medium). If your mouse has a scroll wheel, hold the Ctrl key while turning the wheel toward you.

This feature is a component of Microsoft 365, not NCID.