Setup/Modify External Directory Project
The Setup/Modify External Directory (ED) Project model describes the series of activities necessary for an ED project sponsor to have an ED project setup in NIH External for the purposes of authenticating and authorizing external users.
Back to Top
Setup Registration Authority Relationship
Federal regulations stipulate systems with an E-Authentication level of 2 or above must provide some assurance that users are who they say they are. This involves identity proofing external users prior to registration within NIH External. A Registration Authority (RA) is the individual responsible for accomplishing this task. Registration Authorities act on behalf of the NIH, but do not need to be NIH employees. The Setup Registration Authority Relationship model describes the activities required to establish a relationship with an RA.
Back to Top
Update Group Membership
Throughout an ED project’s lifecycle within NIH External, it is necessary to update the membership of its project groups. The Update Group Membership model describes the activities involved in adding, removing, and moving external users within an ED project. As the external directory supports both levels 1 and 2 E-Authentication, this model accounts for proper identity proofing procedures. When identity proofing is required, the Level 2 Identity Proofing: In-Person and Level 2 Identity Proofing: Remote process models are used.
Back to Top
Conduct Level 2 Identity Proofing: In-Person
The registration and identity proofing process is designed to ensure that the Registration Authority confirms the identity of the applicant. When an applicant is able to appear in person to the Registration Authority, the Conduct Level 2 Identity Proofing: In-Person process is followed.
Back to Top
Conduct Level 2 Identity Proofing: Remote
When an applicant is not able to appear in person to the Registration Authority, the Level 2 Identity Proofing: Remote process is followed to identity proof the applicant.
Back to Top
Update Account Profile
During the lifetime of an external user account within NIH External, it may become necessary for the user to update their personal information. The Update Account Profile model describes the steps necessary for a user to do so.
Back to Top
Decommission Account via Request
The Decommission Account via Request model illustrates the process through which an NIH External account can be decommissioned. Two events may kick-off this process: external user requests an account be closed; or suspected NIH External account abuse occurs. Disabled accounts that remain inactive will be decommissioned through the Decommission Account via Inactivity process.
Back to Top
Decommission Account via Inactivity
One of the underlying issues in the current internal Active Directory solution is the prevalence of accounts which are inactive. To address this problem, the Decommission Account via Inactivity process model is presented below. NIH External accounts must belong to at least one ED project and the account password must be updated at least every 90-days. This clean-up process provides a mechanism for removing orphaned accounts as well as those accounts that have been inactive for a period of time.
Back to Top
Close External Directory Project
The Close External Directory Project process model depicts the activities that must occur for an ED Project Sponsor to close an NIH External project. When a project is closed, there is a potential that user accounts may no longer be members of any project. One of the guiding principles of the NIH External architecture is that user accounts must belong to at least one group. In the occurrence of such an event, orphaned accounts will be handled through the Decommission Account via Inactivity process.
Back to Top