All of this can be accomplished at work, using a state computer, state telephone equipment, and state Internet access. You can always use a state computer to access my.delaware.gov.
When did workers begin to use these identity and access management solutions?
All State of Delaware and K12 staff must be registered at hiring for a Delaware ID to retain VPN access for access to enterprise applications such as Outlook and Microsoft 365 (Word, PowerPoint, Excel, Teams and more). A Delaware ID may be required as well for access to other state applications, such as state VPN. PHRST-paid employees need a myDelaware identity as well to access Employee Self Service and pension statements. Access to most state systems and applications are moving behind Delaware ID and/or myDelaware to protect data and infrastructure.
What if I can’t use a cell phone at my work location to authenticate for these solutions?
Your organization may have been enabled for other authentication options such as a Security Question or hardware token (YubiKey). Email Project_ID@delaware.gov if you don’t see these options when you register for a Delaware ID. You can add a security question as an option for authentication on myDelaware.
Will Single Sign-On solutions and the need to authenticate with a factor (MFA) only apply to VPN/remote access or will it be used for network login?
This is a layer of security in front of your network login and enterprise applications such as Outlook. You won’t see it in action if you log in when you are inside the network (from your office in a state facility, for example). You may only be prompted for MFA when you are outside the network, if you log in from someplace the system doesn’t recognize, or if you change your password.
ID.Delaware is asking me to change my password? What happens if I do?
For domain-joined state and K12 organizations, this security layer in front of your network login is linked to your Active Directory/Windows password. Changing your password when prompted by your “Delaware ID” automatically changes your network/Windows password, too. You don’t have to do anything else!
How will these single sign-on solutions affect applications my organization has developed that use network credentials?
The primary focus is State of Delaware Internet-facing enterprise applications, managed by DTI and in use across multiple state organizations. Initially, Internet-facing applications that authenticate using Active Directory may be among the first to have their tiles added to workers’ home screens. Over the coming months and years, the intent is to work with organizations to assure that their applications meet the legislated requirement that they are secured by either ID.Delaware or myDelaware.
How will this change affect Microsoft 365?
Workers will access email and Microsoft 365 applications without MFA while connecting from within the State network and use ID.Delaware for MFA when logging in from outside the State network.
How does an organization request that an application be onboarded to one or both of these single sign-on solutions?
Your organization’s IRM and Partner Services Engagement Specialist will work together in the coming months to identify applications to be transitioned to the new solution (either ID.Delaware or myDelaware). Your organization can initiate a ServiceNow process that will include completing a questionnaire for each candidate application your organization has.
Will DTI or the business manage access to a business’ special applications?
Business owners can manage who, among their workers or other users, have access to a business’ applications that are onboarded to, and protected by, single sign-on.
Will there be a cost to organizations for employees to use this new solution?
The cost for our agency partners is associated with enterprise security. It has been added in the proposed Secure End User Services package as a piece of the security cost for inclusion in the new Shared Services cost model.
I already registered on id.delaware.gov do I need to register again for access to Office 365 or any other applications through id.delaware.gov?
You will register on id.delaware.gov only once and that will give you all the access you need for existing and new applications approved by your agency.
You will register on my.Delaware.gov with your personal credentials (your HOME email address and private password) to access Employee Self Service and/or Pensions Self Service.
I already registered and selected an MFA option, but I want to change it and use or add a different MFA option, how do I do that?
On right corner of the screen, click on your name, then click on Settings, scroll down to Extra Verification and here you can remove existing enrollment and setup new factors. DO NOT remove the Yubikey factor (if enabled for you): you will not be able to re-add it yourself. If you lose access to a cell phone number, you may need to contact your help desk to have your MFA factors reset (so you can recreate them with a new phone).
It is fine to use a work computer to fulfill the migration requirements (to create and access your free email account and to register for a my.delaware.gov identity, and to access Employee Self Service).
So how do I create my own gmail account?
Just go straight to Google and go through their process. It’s simple and only takes about 3-5 minutes.
If that looks overwhelming (it’s not hard), here’s a step-by-step set of instructions on how to set up your google account (which gives you email).
I don’t want to share my personal home email address with my employer: what should I do?
Anyone who does not want to use their personal primary home email address may create and provide an email account with a free provider to use just for State of Delaware Employee Self Service “myDelaware Login email” purposes. You must be able to access this email account to receive the registration invitation/activation link and to register for a myDelaware identity. You can obtain a free email account from any provider, including those listed above, and you may use a work computer to create the account and register on my.delaware.gov.
State employees who want electronic access to participate in Open Enrollment for State of Delaware employee benefits (participation is required by law) or the State Employee Charitable Campaign, for example, will need to have a myDelaware identity to access these applications online.
My family uses a single email address for all of us. Can I use this as my myDelaware login email address?
No. An employee’s “home” and “myDelaware Login” email addresses need to be unique to each employee, not shared with anyone else in the family. Even if only one member of the family currently is a State of Delaware employee, other family members may need my.delaware.gov identity to transact business with the State of Delaware and won’t be able to use the shared email, either.
For a my.delaware.gov identity, each person needs a unique email address they alone control access to; this protects access to employment and other personal information.
My spouse and I share the same home email address; can we share a myDelaware identity?
No. Even if your spouse is not a State of Delaware employee, you cannot share a myDelaware identity– just like you cannot share a Delaware Driver’s License. Everyone needs their own validated myDelaware identity; this requires each person to have their own individual and unique home email address.
Residents, visitors, and employees use myDelaware to access Employee Self Service (for pay and benefit information) and other public-facing State of Delaware applications and services, such as State of Delaware Pension system and Child Support Services, for example, even after employment ends. Eventually, many kinds of transactions will require a myDelaware identity which is intended to serve you for your entire lifetime.
How will the State of Delaware use my home and/or myDelaware Login email address?
The State uses the home and/or myDelaware Login email address an employee provides to link an employee’s PHRST employment information with their myDelaware identity (the email field “myDelaware login” is a protected field in your employee file).
Once an employee completes registration for a myDelaware identity that identity will be linked to PHRST and granted access to Employee Self Service and other applications, based on a person’s employment with the State. The State only uses the myDelaware Login email to link employment record to identity. This address CANNOT be “preferred” for correspondence.
Can I select my home email address as my “preferred” email address?
Of course! It is important to know that you must select a “preferred” email address because many important communications, including benefits information, are sent via this contact method. You must designate one of your email addresses–most commonly either business or home–as “preferred” in your Employee Self Service personal information.
An employee can only have a single “preferred” email address; the myDelaware Login address cannot be marked “preferred” for correspondence. To use that email for correspondence, an employee should enter it as a “Home” email type.
What if I must change my personal email address later?
You can change your home email address (which could be used for State correspondence) anytime. However, changing your home email will NOT cause any change in your myDelaware login Email which will remain your my.delaware.gov login, even if your correspondence email in Employee Self Service is changed. In rare circumstances where you must abandon an email account you used for your myDelaware login because of legal or security concerns, you can work with your HR representative to change your myDelaware login email in PHRST so it will link to your myDelaware identity created with that same changed email.
I do not wish to receive unsolicited emails from SOD third party agents. How will the State of Delaware protect my home and myDelaware login email address?
The State of Delaware considers personal email addresses you share in your Employee Self Service Personal Information to be confidential information. You get to choose which email (your “home” or your “business” type) you wish the State of Delaware to use for official communications. You have always received third-party communications—specifically, from your chosen SOD benefit providers—at whichever email you designated as “preferred”. This email address also receives benefits enrollment and other State communication. The State of Delaware has no intention of harvesting or selling your personal email addresses to anyone.
The email address that you designate as “preferred” is provided to your chosen SOD benefits providers so they may do outreach to employees as needed for care or disease management, etc. You need not use your personal email address for anything except to allow you to create a myDelaware identity that can be linked to your Employee Self Service identity (your personal myDelaware Login email acts as a unique identifier for this purpose).
Employee Self Service (ESS) moved to my.delaware.gov to assure uninterrupted access for workers who frequently change state employers (especially those working in education), and to make electronic access to ESS available to the many workers who don’t have a state email account. Access and identity linked to a person’s personal myDelaware Login email makes this possible and puts access in the employee’s control.
Why can’t I continue use my employee ID as my username to log in?
An employee’s ID number is private information, similar to a Social Security Number, that the State of Delaware does not want to expose. The new system requires a personal email address for identity registration.
Why can’t I use my work/State email address for my.delaware.gov access?
The system will not accept addresses as “Home” or “myDelaware Login” email if the address ends in Delaware.gov, state.de.us, or k12.de.us.
Not all employees have work issued (K12 or State) email addresses.
Some employees have multiple work addresses due to having multiple assignments or responsibilities.
Employees lose access via their work email and work-related Delaware ID when state employment ends, but still are permitted limited access to Employee Self Service, post separation.
myDelaware identity is intended to be a unique-to-you, lifetime access username to any State of Delaware-related online service. After employment ends—either by retirement or by separation—a former employee can use my.delaware.gov to see tax and pay information, access the Pension system, and continue to transact other business with the state. Access to Employee Self Service via my.delaware.gov won’t be interrupted by a change in work email due to a job change.
When you log into Employee Self Service on my.delaware.gov to view a paystub or view benefits, you will be prompted to set up your Multi-Factor Authentication (Extra Verification) to prove you are YOU. You only must set this up once. This keeps your information safe.
You will be presented with MFA to verify you are YOU every time you log in, but not from inside the state network. Additionally, you will receive an email from “myDelaware” alerting you to unusual login activity. If you DO NOT recognize the login attempt, please notify email@example.com immediately.
The request to set up MFA will happen automatically the first time you log back into my.delaware.gov and select the Employee Self Service application after August 2, 2022.
MFA set up is also required for your Delaware ID, so you can authenticate when you log in from outside the state network. You can choose, set up, and use the same factors to authenticate for both your myDelaware and Delaware ID.
How many authentication factors do I need?
Delaware recommends that you set up at least TWO factors from the four choices offered. These factors are:
You can select among any factors you set up when you need to authenticate.
Some secure workplaces may offer different factors, such as Yubikey or security question, as an MFA factor for your Delaware ID, where phone use is not available.
Is there a cheat sheet for setting it up?
Yes. See these instructions which provide a step-by-step, screen-by-screen walk through of what to expect when you are asked to set up MFA on myDelaware.
Once it is set up, do I have to do anything else?
You only need to set MFA up once: any other applications requiring MFA in the future will be able to use it. You can modify your choices later (add or remove factors), but only IF you have access to at least ONE factor you set up. If you lose access to your factors, contact your Help Desk for assistance in resetting MFA.
What do I need to do when I get a new cell phone?
If you plan to get a new cell phone, you will need to remove any factors related to the old one (i.e., SMS, Voice Call and/or Okta Verify) before you set up a new phone as a factor. If possible, do this before you get a new number/phone. Having one non-cell-phone factor set up allows you to access your identity and change your factors even if you lose your cell phone.
Remember to do this for both myDelaware and your Delaware ID if you used your cell phone number or installed Okta Verify as a factor. If you lose access to your old phone, ask your Help Desk to reset your MFA.
We have an hourly process that unlocks the user accounts. We ask you to first clear your cache. If you don’t know how, search “How to clear a browser cache in [insert your browser type—Edge, Chrome, Safari, Opera, etc.]” for step-by-step instructions you can easily follow. Then, completely quit your browser. Give the process time (about an hour) before you start again with a fresh browser and then try to login again.
Oops, my Home Email doesn’t match my myDelaware login Email in my Employee Self Service Personal Information.
If you decided to change your personal email, and registered for my.delaware.gov with the updated Home email, please reach out to your HR representative to have that person change your myDelaware Login Email to match the personal email you used to register for your myDelaware identity. You may not see your Employee Self Service tile until 48 hours after the correction to your PHRST personal information is made.
My Employee Self Service tile never showed up for me on the myDelaware dashboard!
Here are the most common reasons for (the Employee Self Service tile not showing up in 48 hours after my.delaware identity registration):
Who made the decision to make this change?
The State of Delaware’s Chief Security Officer and DTI, in keeping with the governance policies conferred on them by The Delaware Code statue (Title 29, Chapter 90C) which enables the Department of Technology and Information.
DTI is mandated by the legislature’s update of Title 29 Chapter 90C Subchapter III to “mitigate cyber security risks related to critical infrastructure and protected systems;” DTI’s enabling statute further provides that DTI shall have the power to:
This change in access is part of an overall hardening of the state’s defenses of your personal information and other sensitive state data against bad actors. The State of Delaware cannot retain a system that no longer adequately protects state data. Data security breaches have the potential to incur great costs, both to the state and to individuals whose information is compromised. DTI acts with the full knowledge of, and in concert with, the other state entities who are responsible for employee data: the Office of Management and Budget and the Department of Human Resources. This change is being made because the State of Delaware must act responsibly to protect state data.
Title 29 clearly states: