NCID Citizen Identity Project
The N.C. Department of Information Technology is updating the N.C. Identity Management (NCID) service through the Citizen Identity Project. This involves enhancing security, improving self-service and moving external user identities from the department’s on-prem infrastructure to a modern cloud-based service.
The information below provides project status information to state and local government agency employees who have public-facing applications that use NCID and that will be affected by this project.
Project Goals
- Adopt security best practices by separating external users (citizen and business accounts) from internal work force users (state and local government employee accounts). Currently, all types of user identities are stored together in one repository.
- Improve self-service options whereby citizen and business users can unlock accounts themselves and resolve and reset forgotten passwords without having to contact the NCDIT Service Desk.
- Allow and enable NCID logins using personal social credentials. For example, individuals could use their Gmail account credentials to register with NCID. Since people use their social logins more frequently, they tend to remember these credentials. As a result, people can minimize forgetting and resetting their passwords, and they can unlock their own accounts.
- Enable multi-factor authentication (MFA) for both external and internal work force users. Currently, only internal work force individuals use MFA. MFA provides an additional layer of security by requiring users to authenticate with their user ID and password combination as well as an additional code that is sent to their validated email address or phone number.
- Support user identity proofing confirmation. This is required by some applications that allow external user identities. Identity proofing is a security approach to confirm that a person logging in is who they say they are. User identity can be verified by a) physical identification documents, such as a driver’s license, b) knowledge-based security questions, such as asking the user to pick their past address from a list of addresses, c) biometrics.
- Implement high-availability functionality. This provides system redundancy that enables agency applications to failover with negligible downtime in the event of system interruption.
Project Status
Date | Activity |
---|---|
July 31, 2023 | Go/no-go decision call: No-go |
June to July 2023 | Load testing web services and fine-tuning |
June to July 2023 | Load testing user interface screens and fine-tuning |
June to mid-July 2023 | Resolve open defects |
May 5, 2023 | Go/no-go decision call: No-go |
March 5, 2023 | Implemented pre-prod cutover |
Feb. 15, 2023 | Town hall session for NCDIT Service Desk |
Jan. 13, 2023 | Town hall session for SAML integration |
Jan. 12, 2023 | Town hall session for shared LDAP integration |
Jan. 10, 2023 | Town hall session for HTTP proxy integration |
Dec. 14, 2022 | Town hall session for directory sync integration |
Dec. 13, 2022 | Town hall session for web service integration |
December 2022 | HTTP proxy integration testing in development by agency applications |
December 2022 | Web service integration testing in development by agency applications |
April to June 2022 | Reached out to agencies to confirm application owners |
March 2022 | Business requirements document, design discussions, establish connectivity for development environments |
January to February 2022 | Requirements-gathering workshops |
December 2021 | Project kick-off meeting |
October 2021 | Contract awarded to Simeio Solutions LLC |
Upcoming Activities*
*Dates are projections and may change.
What | Who | When | Why |
---|---|---|---|
Ready for go-live | Simeio/NCID team | Aug. 31 | Go/no-go checkpoint to confirm if we are ready for go-live |
Code freeze | Simeio | Sept. 1-14 | Ensure that the environment is stable |
Production cutover – go-live | Simeio/NCID team | Sept. 17 | Migrate external identities from NCID eDirectory to Simeio Ping Directory |
Validate applications in production | Application owners | Sept. 17-18 | To make sure applications are working OK |
Migrate SAML applications to Simeio access manager | Simeio/agency app owners | November to January 2024 | To move away from NetIQ access manager |
Migrate HTTP proxy applications to Simeio’s HTTP proxy solution | Simeio/agency app owners | November to January 2024 | To move away from NetIQ HTTP proxy solution |
Training
NCID User Guide for Individual & Business Users
How-to Videos for Individual and Business NCID Users
- Registering for an NCID Account
- Unlocking an NCID Account
- Retrieving a Forgotten User ID
- Retrieving a Forgotten Password
- Changing a Password
- Updating a Profile (Especially Mobile Number & Email Address)
- Open Subscriptions
- Deleting an NCID Account
NCID Guide for Application Administrators
How-to Videos for Application Administrators
- Managing Application Access for External Users
- Assigning/Removing Other Users to Be an Application Administrator in MyNCID Portal
- Testing Web Service Connectivity
NCID Guide for Service Desk Staff
How-to Videos for Service Desk Staff
- Unlocking an External User’s Locked Account
- Bypassing Three-Day Password Use Policy for an External User
- Assigning/Removing Help Desk Admin Role for Internal Users in MyNCID Portal
-
Project Archives
- Cutover Prep for Shared LDAP & Directory Sync Integrations Town Hall Recording
- Cutover Prep for Shared LDAP & Directory Sync Integrations Slide Deck
- Cutover Prep for Web Service, SAML & HTTP Proxy Integrations Town Hall Recording
- Cutover Prep for Web Service, SAML & HTTP Proxy Integrations Slide Deck
- Web Service Integration Document
- Web Service Integration Town Hall Recording
- Directory Sync Integration Document
- Directory Sync Integration Town Hall Recording
- HTTP Proxy Integration Document
- HTTP Proxy Integration Town Hall Recording
- SAML Integration Document
- SAML Integration Town Hall Recording
- Shared LDAP Integration Document
- Shared LDAP Integration Town Hall Recording
- Frequently Asked Questions
Notes
- Initial implementation is focused on migrating existing external identities to Simeio followed by migrating applications using external identities to Simeio while keeping application impact to a minimum.
- Implementation for social logins, multifactor authentications, identity proofing will occur in a later phase.
- Please check out frequently asked questions.