NCID Citizen Identity Project

The N.C. Department of Information Technology is updating the N.C. Identity Management (NCID) service through the Citizen Identity Project. This involves enhancing security, improving self-service and moving external user identities from the department’s on-prem infrastructure to a modern cloud-based service. 

The information below provides project status information to state and local government agency employees who have public-facing applications that use NCID and that will be affected by this project.

Tab/Accordion Items

Project Goals

  • Adopt security best practices by separating external users (citizen and business accounts) from internal work force users (state and local government employee accounts). Currently, all types of user identities are stored together in one repository. 
  • Improve self-service options whereby citizen and business users can unlock accounts themselves and resolve and reset forgotten passwords without having to contact the NCDIT Service Desk.
  • Allow and enable NCID logins using personal social credentials. For example, individuals could use their Gmail account credentials to register with NCID. Since people use their social logins more frequently, they tend to remember these credentials. As a result, people can minimize forgetting and resetting their passwords, and they can unlock their own accounts.
  • Enable multi-factor authentication (MFA) for both external and internal work force users. Currently, only internal work force individuals use MFA. MFA provides an additional layer of security by requiring users to authenticate with their user ID and password combination as well as an additional code that is sent to their validated email address or phone number. 
  • Support user identity proofing confirmation. This is required by some applications that allow external user identities. Identity proofing is a security approach to confirm that a person logging in is who they say they are. User identity can be verified by a) physical identification documents, such as a driver’s license, b) knowledge-based security questions, such as asking the user to pick their past address from a list of addresses, c) biometrics. 
  • Implement high-availability functionality. This provides system redundancy that enables agency applications to failover with negligible downtime in the event of system interruption.

Project Status

Date Activity
May 5, 2023 Go/No-Go decision call: No-Go
March 5, 2023 Implemented Pre-Prod Cutover
Feb. 15, 2023 Town hall session for NCDIT Service Desk
Jan. 13, 2023 Town hall session for SAML integration
Jan. 12, 2023 Town hall session for shared LDAP integration
Jan. 10, 2023 Town hall session for HTTP proxy integration
Dec. 14, 2022 Town hall session for directory sync integration
Dec. 13, 2022 Town hall session for web service integration
December 2022 HTTP proxy integration testing in development by agency applications
December 2022 Web service integration testing in development by agency applications
April to June 2022 Reached out to agencies to confirm application owners
March 2022 Business requirements document, design discussions, establish connectivity for development environments
January to February 2022 Requirements-gathering workshops
December 2021 Project kick-off meeting
October 2021 Contract awarded to Simeio Solutions LLC

Upcoming Activities*

*Dates are projections and may change.

Based on the Go/No-Go decision call on May 5, 2023, the project is a no-go for production cutover on May 21, 2023. Simeio will provide a new date soon for go-live and the dates on this webpage will be revised accordingly. Stay tuned…

Registration, Self-Service, Helpdesk Function, Role Management Functions

What Who When Why

User acceptance testing:

  • New user registration
  • Self-service: Forgot Username, Forgot Password, Unlock Account
  • Helpdesk function of Unlock Account
  • Role assignment to a user, role removal for a user
Agency application owners, Helpdesk staff March 5 to March 24 This will help validate user interface screens.
Go live - External Identities in Simeio-Ping directory in Production Agency application owners May 21 External Identities would be migrated from NCID to Simeio-Ping directory.

 

Directory Sync Applications

What Who When Why
  • Establish connectivity between Agency Directory & Simeio-Ping Directory in Dev
  • Test applications in Dev env
Agency application owners & Simeio Nov. 1 to March 17, 2023 To resolve any issues before we launch in Pre-Production.
  • Establish connectivity between Agency Directory & Simeio-Ping Directory in Pre-Prod
  • Test applications in Pre-Prod env
Agency application owners & Simeio March 10 to March 31 To resolve any issues before we launch in Production.
Establish connectivity between Agency Directory & Simeio-Ping Directory in Prod Agency application owners & Simeio March 20 to March 31 Prep for Production.
Validate applications in Prod env Agency application owners May 21 Go live

 

Web-Service Applications

What Who When Why
Test applications in Pre-Prod env Agency application owners March 5 to March 24 To resolve any issues before we launch in Production.
Validate applications in Prod Agency application owners May 21 Go live

 

SAML Applications

What Who When Why
Test applications in Pre-Prod Agency app owners March 6 to March 24 Test SAML apps in Pre-Prod
Validate applications in Prod Agency app owners May 21 Go live
Simeio provide metadata for Dev, Pre-Prod and Prod Simeio May 29 To onboard SAML applications to Simeio Access Manager.
Provide application metadata for Dev, Pre-Prod and Prod Agency app owners May 30 to June 9 To onboard SAML applications to Simeio Access Manager.
Configure application in Dev Simeio/Agency app owners June 12 to June 30 To adopt the new AM solution.
Test application in Dev Agency app owners July 3 to July 14 To adopt the new AM solution.
Configure application in Pre-Prod Simeio/Agency app owners July 17 to Aug. 4 To adopt the new AM solution.
Test application in Pre-Prod Agency app owners Aug. 7 to Aug. 18 To adopt the new AM solution.
Configure application in Prod Simeio/Agency app owners Aug. 21 to Sep. 8 Go live – as soon as the application is configured, it will be live.

 

Shared LDAP Applications

What Who When Why
Test applications in Pre-Prod Agency app owner March 27 to April 7 To enable agencies to test their applications in Pre-Prod and resolve any issues before we launch in Prod.
Validate applications in Prod Agency app owner May 21 Go live

 

HTTP Proxy Applications

What Who When Why
Test application in Pre-Prod for existing HTTP Proxy Agency app owner March 6 to March 24 To validate application function using the existing HTTP Proxy solution.
Deploy authentication plug-in for Prod NCID team May 21 To allow authentication of external users against Simeio Directory and internal users against NetIQ eDirectory.
Validate application in Prod for existing HTTP Proxy Agency app owner May 21 To validate application function using the existing HTTP Proxy solution.
DNS cutover of the application URL in Dev & Pre-Prod NCID/NCDIT network May 30 to June 16 To validate the new HTTP Proxy solution.
Test application in Dev and Pre prod with the new HTTP Proxy Agency app owner June 19 to July 14 To validate application function using the new HTTP Proxy solution.
DNS cutover of the application URL in Prod NCID/NCDIT network Aug. 7 to Aug. 18 Go live with the new HTTP Proxy.

Notes

  • Initial implementation is focused on migrating existing external identities to Simeio followed by migrating applications using external identities to Simeio while keeping application impact to a minimum.
  • Implementation for social logins, multi-factor authentications, identity proofing will occur in a later phase.

Contact

For questions about this project, please contact Jim Shafer, Identity Management operations manager.