Unit of Measure: Per Instance
Pricing Type: Fixed
Billing Cycle: Monthly
Service Lead: Jamey Stone Jamey.Stone@vita.virginia.gov
The Virginia Information Technologies Agency (VITA) is offering a new service that will allow users internally and externally of the COV domain to have access to applications that require active directory access that is outside of the COV domain and areas of the COV networking infrastructure. The commonwealth benefit from employees will increase productivity and foster domain security.
The Authentication active directory will support applications that need Active Directory authentication for external users. The Authentication Active Directory will contain accounts for both internal and external users. The domain will enable userPrincipalName authentication for applications supporting userPrincipalName authentication. The Organizational Unit structure for the Authentication domain is based on multiple security levels applied to users. Based on application security requirements, users will be placed in the highest security level required for applications.
The current naming convention for the Authentication Active Directory Domain is Auth.COV.Virginia.gov. This new domain name service offers several layers such as Enterprise Production, Domain Controllers, Application Servers, Administrative Accounts, and Service Accounts. With these various layers application security will be at the highest of standards and compliance. Security policy is applied at the organization unit and domain level. The Authentication Active directory will implement a security policy based on the standard Windows 2008 Security Guide and standard SEC 501 policies, with the exception of account policies for external users. A separate policy is applied based on Global Group Membership.
Customers and Estimated Demand for the Service
All State Agencies; demand could be 15% (+/- 15%) of employee base. Eligible customers are customers and users outside of the COV domain.
Improves Customer Service organizations security to users outside of the COV domain. There are several features and advantages by utilizing these new policy services which are as follows retention of password policy, minimum password age policy, maximum password age policy, password complexity policy, account lockout duration policy, account lockout threshold policy, reset account lockout policy. These policies will add a robust and secured environment for the applications and networking infrastructure. This enables any users to authenticate to an application that requires domain credentials. This also enables users to authenticate to the FIM portal for Identity Management Tasks.
For more information see External Authentication Domain Service (EADS) - End-User FAQs (pdf)
See Product Detail page for External Authentication Domain Service (EADS) - External Authentication Domain Service (EADS) - Application Setup for related item.
Steps for providing the Authentication Domain service to customers.
1. Application owner enters request via the Self Service feature in VITA Identity Manager (VIM).
2. Prepare a new EADS application using the Custom Work Request form RD1-002 "General WR Requirements form" in the Service Catalog Form Library (near the bottom of the Library page). Add the application name to the form field "General Description of Customer's Business Needs". Submit that form via email to your Agency IT Resource (AITR) who will approve the request, then the AITR will submit the form to VITA.
3. A workflow is associated with the Custom Work Request form. This requests the account, creates the account upon approval, and notifies the requestor. Agency application owners will grant external users access to applications via group membership in the external directory once the application is added to EADS.
Please contact your Agency Operations Manager (AOM) if you have any questions.
Send VITA Onestop an email: firstname.lastname@example.org to collaborate or handle your order.