Why is Delaware adopting a new Single Sign-On now?
The pandemic, especially its need for a secure Contact Tracing application, accelerated our rollout of this solution. But it has been in the making for over a year due to the need to harden the State of Delaware network against ever-increasing security threats.
When will workers begin to use this ID.Delaware solution?
Some workers have begun to use it already! All State of Delaware workers in Executive Branch and select other organizations are in Phase 1. Their workers received an email in early July with a web link, requesting completion of the five-minute registration process immediately.
All State of Delaware staff must register to retain VPN access.
What if I am on leave when the registration email arrives, and I return to work after the new system is enabled?
You will be required to register automatically when you try to access the VPN (by covidaccess.delaware.gov, for example). Complete your ID.Delaware.gov registration and you’re all set! Remember that after September 25, Microsoft365 users need Delaware ID to access state email. See our business continuity resources section for links allowing access State of Delaware email from any device.
What if I got this notification, but I use access.delaware.gov and Entrust: do I still need to register?
Yes, all remote access users must register to use the new ID.Delaware solution for your remote access login validation. Entrust users of State-EnterpriseAuth, CJ-EnterpriseAuth, and eGov-EnterpriseAuth realms need to register by the end of September to retain access, which will use the new “Delaware ID”. The existing connection URL will transition to id.delaware.gov (and no longer use Entrust) in October.
What if I use covidaccess.delaware.gov, but don’t get this notice or the registration email?
Workers unable to register ahead of time will be redirected to the registration screen the first time they access a service like covidaccess.delaware.gov after the solution is enabled. You can register immediately to regain your VPN access. Workers can also contact the DTI Service Desk at 302-739-4DTI or your own agency’s Help Desk for assistance.
What if I can’t use a cell phone at my work location?
Your organization may have been enabled for other authentication options such as a Security Question or hardware token (YubiKey). Email Project_ID@delaware.gov if you don’t see these options when you register.
How will this “Delaware ID” change how I work remotely?
There is NO NEW PROCESS coming for working remotely. You are registering for your “Delaware ID” so you can continue to have remote access to the State of Delaware network. Nothing will change until the cut overs to enable this layer of protection—and even then, for workers, you still use your same method to sign on. Covidaccess (cut over 8/6) and Entrust users (cut over 10/8) still use the same URL or PulseSecure settings to sign on. You can still simply launch PulseSecure to reach the VPN. The difference is, if you are remote (at home, outside of your state office or connected vehicle), you’ll have to authenticate (use your second MFA factor) through id.delaware.gov. AFTER the Entrust cut over this fall, Entrust users will NO LONGER NEED ENTRUST, but will authenticate with through id.Delaware.gov. There are no changes to PulseSecure (except your configured connection URL) which will still be used to connect. All users still use Remote Desktop Protocol (RDP) to reach their state desktops with NO CHANGE REQUIRED. Your remote session will still behave the same as it always has.
Will this ID.Delaware Single Sign-On solution only apply to VPN/remote access or will it be used for network login?
This is a layer of security in front of your network login. You won’t see it in action if you log in when you are inside the network (from your office in a state facility, for example).
ID.Delaware is asking me to change my password? What happens if I do?
This security layer in front of your network login is linked to your Active Directory/Windows password. Changing your password when prompted by your “Delaware ID” automatically changes your network/Windows password, too. You don’t have to do anything else!
How will it affect applications my organization has developed that use network credentials?
The primary focus is State of Delaware Internet-facing enterprise applications, managed by DTI and in use across multiple state organizations. Initially, Internet-facing applications that authenticate using Active Directory may be among the first to have their tiles added to workers’ home screens. Over the coming months and years, the intent is to work with organizations to assure that their applications are secured by ID.Delaware.
How will the applications I use get added to my ID.Delaware home screen?
Your organization’s IRM will work with your DTI Customer Engagement Specialist on a plan and timetable to migrate your organization’s applications to the ID.Delaware solution where this is appropriate.
How will this change affect Microsoft 365?
For workers who already transitioned to Microsoft 365 and enrolled in MFA, they will transition to the Delaware ID solution which will perform authentication, replacing the old MFA. Workers will access email and Microsoft 365 applications without MFA while within the State network and use ID.Delaware for MFA when outside the State network. This change is anticipated to happen September 25.
ID.Delaware will enable the migration of organizations whose workers hadn’t yet transitioned because of limitations of the previous MFA.
How does an organization request that an application be added?
Your organization’s IRM and Customer Engagement Specialist will work together in the coming months to identify applications to be transitioned to the new solution. Your organization can complete a questionnaire for each candidate application your organization has.
Will DTI or the business manage worker access to a business’ special applications?
Business owners can manage who among their workers have access to a business’ applications.
Will there be a cost to organizations for employees to use this new solution?
There is no cost for our agency partners associated with this transition during this coming fiscal year (FY2021). It has been added in the proposed end-user Core Services package as a piece of the security cost for inclusion in the new Shared Services cost model to be phased in/adopted in FY2022. It is anticipated that there will be a rate differential between centralized and non-centralized organizations. There will be further discussions with organizations after OMB has approved the Shared Services cost model.
I already registered on id.delaware.gov do I need to register again for access to Office 365 or any other applications through id.delaware.gov?
You will register on id.delaware.gov only once and that will give you all the access you need for existing and new applications approved by your agency.
I already registered and selected an MFA option but I want to change it and use a different MFA option, how do I do that?
On right corner of the screen, click on your name, then click on Settings, scroll down to Extra Verification and here you can remove existing enrollment and setup new factors. DO NOT remove the Yubikey factor (if enabled for you): you will not be able to re-add it.