Download:
pdf |
pdfUNCLASSIFIED
DTIC USER REGISTRATION
Defense Technical Information Center (DTIC)
Document Control
Number:
Authorizing Official:
Content Reviewer:
Audience:
Latest Release:
Review Cycle:
Classification:
Content
1.0
Crisstofer French
Derek Kovacsy
DTIC
October 2021
September 2022
UNCLASSIFIED
10/19/2021
X
Crisstofer French
Authorizing Official Digital Signature
Signed by: FRENCH.CRISSTOFER.M.1007778399
UNCLASSIFIED
UNCLASSIFIED
DOCUMENT CHANGE HISTORY
The table below identifies changes that have been incorporated into this document. Content
changes require review and approval.
Date
Version
Description
07-Oct-2021
1.0
Initial Draft
Wesley Wiswell
19-Oct-2021
1.0
Digitally Signed
Crisstofer French
UNCLASSIFIED
Review/Approval
i
UNCLASSIFIED
Table of Contents
1
2
Introduction ............................................................................................................................. 1
Registration Process Initiation ................................................................................................ 1
2.1.1
Registration Initiation ............................................................................................... 1
3
DoD CAC Registration ........................................................................................................... 1
3.1
Seamless Registration ...................................................................................................... 1
3.1.1
Registration Email Requirement ............................................................................... 2
4
5
3.1.2
Email Verification ..................................................................................................... 2
3.1.3
DMDC Verification .................................................................................................. 3
DoD PIV and ECA Registration ............................................................................................. 4
4.1
DoD Contractor ................................................................................................................ 4
4.1.1
Registration Email Requirement ............................................................................... 4
4.1.2
Email Verification ..................................................................................................... 4
4.1.3
Existing Account Lookup ......................................................................................... 5
4.1.4
Affiliation Type Selection......................................................................................... 5
4.1.5
DMDC Affiliation Verification Service ................................................................... 6
4.1.6
Basic Registration Form ........................................................................................... 7
4.1.7
Request Classified Access ........................................................................................ 8
Federal Government PIV and ECA Registration .................................................................... 9
5.1
Federal Employee ............................................................................................................. 9
5.1.1
Registration Email Requirement ............................................................................... 9
5.1.2
Email Verification ..................................................................................................... 9
5.1.3
Existing Account Lookup ....................................................................................... 10
5.1.4
Affiliation Type Selection....................................................................................... 10
5.1.5
OPM Affiliation Verification Service ..................................................................... 11
5.1.6
Basic Registration Form ......................................................................................... 12
5.1.7
Request Classified Access ...................................................................................... 13
5.2
Federal Contractor .......................................................................................................... 14
5.2.1
Registration Email Requirement ............................................................................. 14
5.2.2
Email Verification ................................................................................................... 14
5.2.3
Existing Account Lookup ....................................................................................... 14
5.2.4
Affiliation Type Selection....................................................................................... 15
5.2.5
OPM Affiliation Verification Service ..................................................................... 16
5.2.6
Basic Registration Form ......................................................................................... 17
5.2.7
Request Classified Access ...................................................................................... 18
UNCLASSIFIED
ii
UNCLASSIFIED
6
International Registration...................................................................................................... 19
6.1
Foreign Affiliate ............................................................................................................. 19
6.1.1
Registration Email Requirement ............................................................................. 19
6.1.2
Email Verification ................................................................................................... 19
6.1.3
Existing Account Lookup ....................................................................................... 20
6.1.4
Affiliation Type Selection....................................................................................... 21
6.1.5
Basic Registration Form ......................................................................................... 22
6.1.6
Request Classified Access ...................................................................................... 22
Appendix A. – DMDC Access Levels by Category Code ........................................................... 24
Appendix B. – OMB Statement .................................................................................................... 25
UNCLASSIFIED
iii
UNCLASSIFIED
Abbreviations and Acronyms Defined
Abbreviation/Acronym
DoD
CAC
PIV
ECA
DTIC
OPM
DMDC
Definition
Department of Defense
Common Access Card
Personal Identity Verification Card
External Certification Authority
Defense Technical Information Center
Office of Personnel Management
Defense Manpower Data Center
UNCLASSIFIED
iv
UNCLASSIFIED
1 Introduction
User Registration is the process of requesting a login account for a DTIC-hosted web site.
Currently there is only one application involved in the user registration process.
2 Registration Process Initiation
This is the entry point for all new user registrations (CAC, STOK, ECA, PIV and passwordbased). This section deals with how a registration request is started – particularly how a client
PKI certificate may be used as proof of identity depending on the user's employment status.
2.1.1
Registration Initiation
3 DoD CAC Registration
DoD registrations are expected to register with their CAC (i.e. click Smart Card Registration
Button). Any attempts to register for a password account, if permitted, with a .mil email address
will be denied. Such users are told to register with their CAC.
CAC/STOK card info (when available) is used to pre-populate registration request information,
to the extent possible, including the type of card that was used, the type of user (DoD employee
vs DoD contractor), email address and the certificate expiration date.
3.1
Seamless Registration
Registration requests from CAC holders are automatically submitted (i.e., not required to fill out
a registration form). Note: Although registration request submission is automatic, in some
UNCLASSIFIED
1
UNCLASSIFIED
circumstances (e.g. when CAC does not contain an email address and the DMDC web service is
down) approval must be done manually.
3.1.1 Registration Email Requirement
If the provided certificate is missing an email then the user is prompted to provide a valid email
address.
When a CAC does not contain an email address and the DMDC web service is down, the
registration request is put into the queue for manual registrar approval, with a "DMDC Pending"
status.
3.1.2 Email Verification
Users who are required to provide a valid email address must complete the email verification
process which requires users to provide a security code which is send to the provided email
address.
UNCLASSIFIED
2
UNCLASSIFIED
3.1.3 DMDC Verification
CAC/STOK Registrants who try to register are queried against the DMDC web service which
uses the PKI certificates EDIPI property to lookup the users record.
All registration requests having the "Mismatch Pending" status (DMDC is down, DMDC data
doesn't match CAC, etc., as described in "DMDC Data Collection" section above) are given a
user type (employment affiliation) of "Contractor" in the database. Refer to Appendix A –
DMDC Access Levels by Category Code for access level determinations.
UNCLASSIFIED
3
UNCLASSIFIED
4 DoD PIV and ECA Registration
While DoD CAC holders are expected to register with their provided CAC, some users are
capable of registration using a PIV or ECA.
Certificate info (when available) is used to pre-populate registration request information, to the
extent possible, including the type of card that was used, the type of user (DoD employee vs
DoD contractor), email address and the certificate expiration date.
4.1
DoD Contractor
4.1.1 Registration Email Requirement
If the provided certificate is missing an email then the user is prompted to provide a valid email
address.
4.1.2 Email Verification
Users who are required to provide a valid email address must complete the email verification
process which requires users to provide a security code which is send to the provided email
address.
UNCLASSIFIED
4
UNCLASSIFIED
4.1.3 Existing Account Lookup
The system attempts to identify any pre-existing account. The two automatic paths to account
merging is a match on EDIPI or Email.
Additionally, PIV and ECA registrations allow for manual association of existing accounts if no
account is automatically identified. The system gives the user an opportunity to say whether an
existing account is available. If so, the system prompts for username (or email address) and
password, and verifies it. If it verifies, and the existing LDAP account does not require a PKI
certificate, then the registration request will apply to that existing account rather than creating a
new one. If the existing LDAP account does require a PKI certificate then a message is displayed
to the user and the process proceeds to register a new account (no merge occurs).
4.1.4 Affiliation Type Selection
If a affiliation type can not be determined automatically based on the information provided by
the users certificate, then the users is prompted to select their affiliation. Based on the affiliation
selected additional steps may be taken to verify the validity of the selection through two external
web services.
UNCLASSIFIED
5
UNCLASSIFIED
4.1.5 DMDC Affiliation Verification Service
The DMDC web service is utilized to verify DoD affiliation users. The service utilizes the
EDIPI of a users certificate if present or attempts to match a user based on Lastname, Date of
Birth, and Social Security Number.
UNCLASSIFIED
6
UNCLASSIFIED
4.1.6 Basic Registration Form
This represents the standard registration form which will be pre-populated with any available
information retrieved from the users certificate.
UNCLASSIFIED
7
UNCLASSIFIED
4.1.7 Request Classified Access
Any requests for access to classified data sources requires the user to set their contract
classification level and select the “I am also requesting Classified access” check box. This will
display the Classified Access Request and require the user to provided contact information for
their respective Security Officer who will be required to confirm/authorized the users access
request.
UNCLASSIFIED
8
UNCLASSIFIED
5 Federal Government PIV and ECA Registration
Federal employees are capable of registration using a PIV or ECA.
Certificate info (when available) is used to pre-populate registration request information, to the
extent possible, including the type of card that was used, the type of user (Federal employee vs
Federal contractor), email address and the certificate expiration date.
5.1
Federal Employee
5.1.1 Registration Email Requirement
If the provided certificate is missing an email then the user is prompted to provide a valid email
address.
5.1.2 Email Verification
Users who are required to provide a valid email address must complete the email verification
process which requires users to provide a security code which is send to the provided email
address.
UNCLASSIFIED
9
UNCLASSIFIED
5.1.3 Existing Account Lookup
The system attempts to identify any pre-existing account. The two automatic paths to account
merging is a match on EDIPI or Email.
Additionally, PIV and ECA registrations allow for manual association of existing accounts if no
account is automatically identified. The system gives the user an opportunity to say whether an
existing account is available. If so, the system prompts for username (or email address) and
password, and verifies it. If it verifies, and the existing LDAP account does not require a PKI
certificate, then the registration request will apply to that existing account rather than creating a
new one. If the existing LDAP account does require a PKI certificate then a message is displayed
to the user and the process proceeds to register a new account (no merge occurs).
5.1.4 Affiliation Type Selection
If a affiliation type can not be determined automatically based on the information provided by
the users certificate, then the users is prompted to select their affiliation. Based on the affiliation
selected additional steps may be taken to verify the validity of the selection through two external
web services.
UNCLASSIFIED
10
UNCLASSIFIED
5.1.5 OPM Affiliation Verification Service
OPM info is used to pre-populate registration request form, including the first and last names,
U.S. citizenship, and the fact that employment has been OPM-verified.
UNCLASSIFIED
11
UNCLASSIFIED
5.1.6
Basic Registration Form
UNCLASSIFIED
12
UNCLASSIFIED
5.1.7 Request Classified Access
Any requests for access to classified data sources requires the user to select the “I am also
requesting Classified access” check box. This will display the U.S. Government Approving
Official and Classified Access Request sections which require the user to provided contact
information for their respective point of contacts who will be required to confirm/authorized the
users access request.
UNCLASSIFIED
13
UNCLASSIFIED
5.2
Federal Contractor
5.2.1 Registration Email Requirement
If the provided certificate is missing an email then the user is prompted to provide a valid email
address.
5.2.2 Email Verification
Users who are required to provide a valid email address must complete the email verification
process which requires users to provide a security code which is send to the provided email
address.
5.2.3 Existing Account Lookup
The system attempts to identify any pre-existing account. The two automatic paths to account
merging is a match on EDIPI or Email.
Additionally, PIV and ECA registrations allow for manual association of existing accounts if no
account is automatically identified. The system gives the user an opportunity to say whether an
existing account is available. If so, the system prompts for username (or email address) and
password, and verifies it. If it verifies, and the existing LDAP account does not require a PKI
certificate, then the registration request will apply to that existing account rather than creating a
UNCLASSIFIED
14
UNCLASSIFIED
new one. If the existing LDAP account does require a PKI certificate then a message is displayed
to the user and the process proceeds to register a new account (no merge occurs).
5.2.4 Affiliation Type Selection
If a affiliation type can not be determined automatically based on the information provided by
the users certificate, then the users is prompted to select their affiliation. Based on the affiliation
selected additional steps may be taken to verify the validity of the selection through two external
web services.
UNCLASSIFIED
15
UNCLASSIFIED
5.2.5 OPM Affiliation Verification Service
OPM info is used to pre-populate registration request form, including the first and last names,
U.S. citizenship, and the fact that employment has been OPM-verified.
UNCLASSIFIED
16
UNCLASSIFIED
5.2.6
Basic Registration Form
UNCLASSIFIED
17
UNCLASSIFIED
5.2.7 Request Classified Access
Any requests for access to classified data sources requires the user to set their contract
classification level and select the “I am also requesting Classified access” check box. This will
display the Classified Access Request and require the user to provided contact information for
their respective Security Officer who will be required to confirm/authorized the users access
request.
UNCLASSIFIED
18
UNCLASSIFIED
6 International Registration
Federal employees are capable of registration using a CAC, PIV or ECA.
Certificate info (when available) is used to pre-populate registration request information, to the
extent possible, including the type of card that was used, the type of user (Foreign Affiliate),
email address and the certificate expiration date.
6.1
Foreign Affiliate
6.1.1 Registration Email Requirement
If the provided certificate is missing an email then the user is prompted to provide a valid email
address.
6.1.2 Email Verification
Users who are required to provide a valid email address must complete the email verification
process which requires users to provide a security code which is send to the provided email
address.
UNCLASSIFIED
19
UNCLASSIFIED
6.1.3 Existing Account Lookup
The system attempts to identify any pre-existing account. The two automatic paths to account
merging is a match on EDIPI or Email.
Additionally, PIV and ECA registrations allow for manual association of existing accounts if no
account is automatically identified. The system gives the user an opportunity to say whether an
existing account is available. If so, the system prompts for username (or email address) and
password, and verifies it. If it verifies, and the existing LDAP account does not require a PKI
certificate, then the registration request will apply to that existing account rather than creating a
new one. If the existing LDAP account does require a PKI certificate then a message is displayed
to the user and the process proceeds to register a new account (no merge occurs).
UNCLASSIFIED
20
UNCLASSIFIED
6.1.4 Affiliation Type Selection
If a affiliation type can not be determined automatically based on the information provided by
the users certificate, then the users is prompted to select their affiliation. Based on the affiliation
selected additional steps may be taken to verify the validity of the selection through two external
web services.
UNCLASSIFIED
21
UNCLASSIFIED
6.1.5
Basic Registration Form
6.1.6 Request Classified Access
Any requests for access to classified data sources requires the user to select the “I am also
requesting Classified access” check box. This will display the U.S. Government Approving
Official and Classified Access Request sections which require the user to provided contact
UNCLASSIFIED
22
UNCLASSIFIED
information for their respective point of contacts who will be required to confirm/authorized the
users access request.
UNCLASSIFIED
23
UNCLASSIFIED
Appendix A. – DMDC Access Levels by Category Code
DoD Employee
(A B C K M N V)
DoD Contractor (E)
Non-DoD Civilian (I),
Non-DoD Contractor (O),
DoD OCONUS Hire (U)
DoD Employee
(A B C K M N V)
DoD Contractor
(E)
Non-DoD Civilian (I),
Non-DoD Contractor (O),
DoD OCONUS Hire (U)
Retired/Unaffiliated
(D F H J L Q R W Y)
Foreign
Affiliate (T)
DoD Employee
DoD Contractor
Pending
DoD Contractor Pending
DoD Contractor Pending
DoD Contractor
Pending
DoD Contractor
DoD Contractor Pending
DoD Contractor Pending
DoD Contractor
Pending
Contractor
Denied
DoD Contractor
Pending
Denied
DoD Contractor
Pending
Retired/Unaffiliated
(D F H J L Q R W Y)
UNCLASSIFIED
24
UNCLASSIFIED
Appendix B. – OMB Statement
UNCLASSIFIED
25
File Type | application/pdf |
File Title | Microsoft Word - IAM Registration Journey.docx |
Author | CFrench |
File Modified | 2021-10-21 |
File Created | 2021-10-19 |