Why did Delaware adopt new Single Sign-On solutions?
The pandemic, especially its need for a secure Contact Tracing application, accelerated our rollout of this solution. But it has been in the making for years due to the need to harden the State of Delaware network against ever-increasing security threats.
When did workers begin to use these identity and access management solutions?
All State of Delaware and K12 staff must be registered at hiring for a Delaware ID to retain VPN access for access to enterprise applications such as Outlook and Microsoft 365 (Word, PowerPoint, Excel, Teams and more). A Delaware ID may be required as well for access to other state applications, such as state VPN. PHRST-paid employees need a myDelaware identity as well to access Employee Self Service and pension statements. Access to most state systems and applications are moving behind Delaware ID and/or myDelaware to protect data and infrastructure.
What if I can’t use a cell phone at my work location to authenticate for these solutions?
Your organization may have been enabled for other authentication options such as a Security Question or hardware token (YubiKey). Email Project_ID@delaware.gov if you don’t see these options when you register for a Delaware ID. You can add a security question as an option for authentication on myDelaware.
Will Single Sign-On solutions and the need to authenticate with a factor (MFA) only apply to VPN/remote access or will it be used for network login?
This is a layer of security in front of your network login and enterprise applications such as Outlook. You won’t see it in action if you log in when you are inside the network (from your office in a state facility, for example). You may only be prompted for MFA when you are outside the network, if you log in from someplace the system doesn’t recognize, or if you change your password.
ID.Delaware is asking me to change my password? What happens if I do?
For domain-joined state and K12 organizations, this security layer in front of your network login is linked to your Active Directory/Windows password. Changing your password when prompted by your “Delaware ID” automatically changes your network/Windows password, too. You don’t have to do anything else!
How will these single sign-on solutions affect applications my organization has developed that use network credentials?
The primary focus is State of Delaware Internet-facing enterprise applications, managed by DTI and in use across multiple state organizations. Initially, Internet-facing applications that authenticate using Active Directory may be among the first to have their tiles added to workers’ home screens. Over the coming months and years, the intent is to work with organizations to assure that their applications meet the legislated requirement that they are secured by either ID.Delaware or myDelaware.
How will this change affect Microsoft 365?
Workers will access email and Microsoft 365 applications without MFA while connecting from within the State network and use ID.Delaware for MFA when logging in from outside the State network.
How does an organization request that an application be onboarded to one or both of these single sign-on solutions?
Your organization’s IRM and Partner Services Engagement Specialist will work together in the coming months to identify applications to be transitioned to the new solution (either ID.Delaware or myDelaware). Your organization can initiate a ServiceNow process that will include completing a questionnaire for each candidate application your organization has.
Will DTI or the business manage access to a business’ special applications?
Business owners can manage who, among their workers or other users, have access to a business’ applications that are onboarded to, and protected by, single sign-on.
Will there be a cost to organizations for employees to use this new solution?
The cost for our agency partners is associated with enterprise security. It has been added in the proposed Secure End User Services package as a piece of the security cost for inclusion in the new Shared Services cost model.
I already registered on id.delaware.gov do I need to register again for access to Office 365 or any other applications through id.delaware.gov?
You will register on id.delaware.gov only once and that will give you all the access you need for existing and new applications approved by your agency.
You will register on my.Delaware.gov with your personal credentials (your HOME email address and private password) to access Employee Self Service and/or Pensions Self Service.
I already registered and selected an MFA option, but I want to change it and use or add a different MFA option, how do I do that?
On right corner of the screen, click on your name, then click on Settings, scroll down to Extra Verification and here you can remove existing enrollment and setup new factors. DO NOT remove the Yubikey factor (if enabled for you): you will not be able to re-add it yourself. If you lose access to a cell phone number, you may need to contact your help desk to have your MFA factors reset (so you can recreate them with a new phone).