External Authentication Domain Service (EADS)

Cost summary

Price type: Fixed

Billing category: Usage-Based

Cost basis: Monthly

Total:

 
External Authentication Domain Service (EADS)

Description

The Virginia Information Technologies Agency (VITA) is offering a new service that will allow users internally and externally of the COV domain to have access to applications that require active directory access that is outside of the COV domain and areas of the COV networking infrastructure.  The commonwealth benefit from employees will increase productivity and foster domain security.

The Authentication active directory will support applications that need Active Directory authentication for external users. The Authentication Active Directory will contain accounts for both internal and external users. The domain will enable userPrincipalName authentication for applications supporting userPrincipalName authentication. The Organizational Unit structure for the Authentication domain is based on multiple security levels applied to users. Based on application security requirements, users will be placed in the highest security level required for applications.

The current naming convention for the Authentication Active Directory Domain is Auth.COV.Virginia.gov. This new domain name service offers several layers such as Enterprise Production, Domain Controllers, Application Servers, Administrative Accounts, and Service Accounts. With these various layers application security will be at the highest of standards and compliance. Security policy is applied at the organization unit and domain level. The Authentication Active directory will implement a security policy based on the standard Windows 2008 Security Guide and standard SEC 501 policies, with the exception of account policies for external users. A separate policy is applied based on Global Group Membership.

Service Offering/Service Structure/Service Lead

Service OfferingMessaging
Services (each service at the lowest level of delivery)Authentication Domain
Service LeadJamey Stone

 

Customers and Estimated Demand for the Service

All State Agencies; demand could be 15% (+/- 15%) of employee base. Eligible customers are customers and users outside of the COV domain.

Customer Benefits

Improves Customer Service organizations security to users outside of the COV domain. There are several features and advantages by utilizing these new policy services which are as follows retention of password policy, minimum password age policy, maximum password age policy, password complexity policy, account lockout duration policy, account lockout threshold policy, reset account lockout policy. These policies will add a robust and secured environment for the applications and networking infrastructure. This enables any users to authenticate to an application that requires domain credentials. This also enables users to authenticate to the FIM portal for Identity Management Tasks.

 

 

How to order

Steps for providing the Authentication Domain service to customers.

1. Application owner enters request via the Self Service feature in VITA Identity Manager (VIM) .  

2. Prepare a new EADS application using the Custom Work Request form RD1-002 "General WR Requirements form" in the Service Catalog Form Library  (near the bottom of the Library page). Add the application name to the form field "General Description of Customer's Business Needs". Submit that form via email to your Agency IT Resource (AITR) who will approve the request, then the AITR will submit the form to VITA. 

3. A workflow is associated with the Custom Work Request form.  This requests the account, creates the account upon approval, and notifies the requestor. Agency application owners will grant external users access to applications via group membership in the external directory once the application is added to EADS. 

Please contact your Agency Operations Manager (AOM) if you have any questions. 

 
 
 

Additional product information

Q. What is EADS?
A. External Authentication Directory Service (EADS) is a self-service method for users outside of the Commonwealth of Virginia (COV) to access COV applications.  Means  for creating and managing access is also provided.

Q. When would an agency require EADS?

A.  If an agency wants to provide access to an application for external users (such as VIM users) they should submit a request to set up authentication on the AUTH domain provided by EADS.  With exceptions for SharePoint, any new group added to the AUTH domain will need EADS configuration.

Q. What is the difference between EADS and the VITA Identity Management (VIM) portal?
A. EADS is a new service which includes VIM.  As part of EADS, the VIM portal will function similarly to the way it does today and will now include automated management of VIM accounts and manage application access via security groups. 

Q. How does an agency subscribe to EADS?
A. An agency must apply and authorize an EADS setup through the work request process using the Custom Work Request form.  In order to subscribe to EADS, an agency must already be subscribed to the VITA/Northrop Grumman standard Messaging Services where EADS is hosted.   

Q. Is there a charge for the EADS service?
A. Yes, initial set up pricing will be determined during the work request process when details are known.  Pricing for set-up is on a per project basis.  There is a recurring fee of $3.16 per month for each user.

Q. What information should be included in the custom work request form?
A. Answers to the questions below should be included in your custom request form:

  • Is this a new EADS application or a modification to an existing application?
  • Are new application security groups required?
  • Should any of the application security groups be published to the VITA Identity Management (VIM) portal?
  • If new groups are required, who should be listed as owners in COV account center?
  • Are there SWAP requirements?  If so, additional VPN and networking component information is needed.

    Q. Is there any additional hardware or software required?
    A. No, EADS includes hardware, hardware maintenance, software, and software maintenance. Each agency is responsible for ensuring license compliance for their applications.

    Q. How do external users get access to agency applications?
    A. External users who wants to access to an application should submit an access request via the VIM portal. The request workflow will send an email to the approver(s) designated by the agency. Agency approvers will approve or deny the request.  The workflow will take appropriate actions based on the approver's response and the result will be emailed to the external user.

    Q. Are there any additional criteria for access to EADS applications?
    A. Yes, EADS users are required to be in at least one application group as a condition for accessing EADS applications. 

    Q. How do agency administrators add and delete users once the EADS application access is established? A.  In addition to approving access requests, agency application owners are responsible for adding/removing users to/from the agency application security groups.  The COV account center can be used to view and modify application security group membership as needed.