Delaware Department of
Technology & Information


Delaware Department of Technology & Information



My Delaware and Delaware ID – FAQ


Delaware Identity Service General FAQ

What is the Delaware Identity Service?
  • The state’s secure, single Identity and Access Management service for state applications and web services.
What types of identity-as-a-service does the DE Identity Service provide?
  • Resident/Visitor / External / Public DE ID via my.delaware.gov
  • Active Employee / Internal and Partner Identities via id.delaware.gov
What is included in the DE Identity Service?
  • Single Account
  • Self Service Account administration (e.g., personal profile updates, account unlock, password reset)
  • Multi-Factor Authentication (MFA)
  • Identity Proofing
How does someone get a Delaware Identity (DE ID)?
  • Resident/Visitor/External/Public – Self Service registration for a DE ID via my.delaware.gov
  • Employee – Lifecycle Management (automatic upon acceptance into State employment)
How does a state agency or state business services partner leverage integrating the DE Identity Service for providing access to services or applications?
  • Agencies, contact your DTI Customer Engagement Specialist; agency service partners contact the agency.
  • Agencies can submit a ServiceNow request for the integration.
How long does it take to have an application integrated with the DE Identity Service?
  • Process may take one to fourteen days depending on complexity of application needs.
  • Most modern applications allow for rapid integrations with the DE Identity Service
  • Legacy and internal applications may require a bit more time
What are some ways to integrate with the DE Identity Service?
  • Add application to Okta dashboard. (Self-Service and application access control built into service)
  • Redirect from native application to Okta for secure login and back to application.
  • Okta Widget on native application
  • View some use cases for examples.
How do my agency’s application users get access to my application when integrated with the DE Identity Service?
  • New registration
  • Existing access migration to Okta
  • Co-existence between Okta login and native application login until complete migration
My application is available from only inside the state network, can I still use the DE identity service?
  • Yes, the DE Identity Service is available for both internal-only and external applications.
  • Both kinds of applications can be made available from anywhere behind the DE Identity Service; speak to your DTI Partner Services Customer Engagement Specialist for assistance.
My application is exploring early adoption/migration to Go DE, Delaware’s digital government portal. When should it integrate with the DE Identity Service?
  • Residents and visitors to the Go DE Portal will leverage DE Identity Service
  • Agencies with applications that are candidates for the portal should discuss and coordinate integration with the DE Identity Service before or as part of that process.

Questions and Answers for State Employees

It’s ‘2-Step’ easy to get your new Employee Self Service access!

Accessing Employee Self Service requires completing TWO STEPS:

Step 1: NEW and Existing employees who have not established myDelaware identities to reach Employee Self Service should first contact your Human Resource representative to assure the personal email you plan to use for my.Delaware.gov is in your PHRST Personal Information as your Home and myDelaware Login email. People who already have a myDelaware identity can provide HR with the personal email associated with their existing identity so it can be added as myDelaware login email in their personal information.

Former Employees terminated on or after 1/10/2019 will retain access to Employee Self Service to view pay data, 1095-C forms for tax year 2016 and greater, and W-2s for tax year 2013 and greater for five years post separation. If you do not have access to my.delaware.gov, you will need to contact your Human Resource office. You must confirm your Human Resources representative has the email in PHRST that you used/intend to use for your my.delaware access to verify you can access Employee Self Service. Employees terminated before this date with no active jobs in the State of Delaware will not have access to Employee Self Service. You may need to contact your Human Resource or Payroll Office to print your final pay data.

Step 2: Signing up with your same home email at my.delaware.gov (instructions in this PDF provide details to complete Step 2)

How will I access Employee Self Service if I don’t have internet access of my own at home?
An employee can and should use work equipment and State/K12 internet access to:

  1. Create a free personal email account.
  2. Contact your HR representative to have them enter that personal email in your PHRST employee record’s personal information as your Home and myDelaware Login email.
  3. Create your my.delaware.gov identity using that personal email.

All of this can be accomplished at work, using a state computer, state telephone equipment, and state Internet access. You can always use a state computer to access my.delaware.gov.

 

If already have and use a my.delaware.gov identity, can I provide my HR Representative the same home email address to enter as my myDelaware Email in Employee Self Service?
Yes, please do! An employee should provide Human Resources with the same home email address that was used to create the existing my.delaware.gov identity to prevent the unnecessary duplication of access for the same person.

 

I signed up on my.Delaware.gov a while ago, but I still don’t have Employee Self Service. What do I do?
  1. Call your local Human Resources representative. Ask them to confirm that the email address you used to sign up for my.delaware is showing correctly as your Okta Login email in PHRST.
  2. If the address is different, AND you have access to the email they have on file for you, RE-REGISTER with that email. You should see your Employee Self Service in 48 hours.
  3. If you want HR to change your PHRST record to the new address (you don’t have access to the one they have), it’s important they first REMOVE the old address, SAVE your record and then WAIT 24 hours before adding your NEW email. You will have access 48 hours after the new email is added. NOTE: If HR doesn’t follow this process exactly, it needlessly delays assignment of your Employee Self Service.

 

Other FAQ Sections

Why did Delaware adopt new Single Sign-On solutions?
The pandemic, especially its need for a secure Contact Tracing application, accelerated our rollout of this solution. But it has been in the making for years due to the need to harden the State of Delaware network against ever-increasing security threats.

 

When did workers begin to use these identity and access management solutions?
All State of Delaware and K12 staff must be registered at hiring for a Delaware ID to retain VPN access for access to enterprise applications such as Outlook and Microsoft 365 (Word, PowerPoint, Excel, Teams and more). A Delaware ID may be required as well for access to other state applications, such as state VPN. PHRST-paid employees need a myDelaware identity as well to access Employee Self Service and pension statements. Access to most state systems and applications are moving behind Delaware ID and/or myDelaware to protect data and infrastructure.

 

What if I can’t use a cell phone at my work location to authenticate for these solutions?
Your organization may have been enabled for other authentication options such as a Security Question or hardware token (YubiKey). Email Project_ID@delaware.gov if you don’t see these options when you register for a Delaware ID. You can add a security question as an option for authentication on myDelaware.

 

Will Single Sign-On solutions and the need to authenticate with a factor (MFA) only apply to VPN/remote access or will it be used for network login?
This is a layer of security in front of your network login and enterprise applications such as Outlook. You won’t see it in action if you log in when you are inside the network (from your office in a state facility, for example). You may only be prompted for MFA when you are outside the network, if you log in from someplace the system doesn’t recognize, or if you change your password.

 

ID.Delaware is asking me to change my password? What happens if I do?
For domain-joined state and K12 organizations, this security layer in front of your network login is linked to your Active Directory/Windows password. Changing your password when prompted by your “Delaware ID” automatically changes your network/Windows password, too. You don’t have to do anything else!

 

How will these single sign-on solutions affect applications my organization has developed that use network credentials?
The primary focus is State of Delaware Internet-facing enterprise applications, managed by DTI and in use across multiple state organizations. Initially, Internet-facing applications that authenticate using Active Directory may be among the first to have their tiles added to workers’ home screens. Over the coming months and years, the intent is to work with organizations to assure that their applications meet the legislated requirement that they are secured by either ID.Delaware or myDelaware.

 

How will this change affect Microsoft 365?
Workers will access email and Microsoft 365 applications without MFA while connecting from within the State network and use ID.Delaware for MFA when logging in from outside the State network.

 

How does an organization request that an application be onboarded to one or both of these single sign-on solutions?
Your organization’s IRM and Partner Services Engagement Specialist will work together in the coming months to identify applications to be transitioned to the new solution (either ID.Delaware or myDelaware). Your organization can initiate a ServiceNow process that will include completing a questionnaire for each candidate application your organization has.

 

Will DTI or the business manage access to a business’ special applications?
Business owners can manage who, among their workers or other users, have access to a business’ applications that are onboarded to, and protected by, single sign-on.

 

Will there be a cost to organizations for employees to use this new solution?
The cost for our agency partners is associated with enterprise security. It has been added in the proposed Secure End User Services package as a piece of the security cost for inclusion in the new Shared Services cost model.

 

I already registered on id.delaware.gov do I need to register again for access to Office 365 or any other applications through id.delaware.gov?
You will register on id.delaware.gov only once and that will give you all the access you need for existing and new applications approved by your agency.
You will register on my.Delaware.gov with your personal credentials (your HOME email address and private password) to access Employee Self Service and/or Pensions Self Service.

 

I already registered and selected an MFA option, but I want to change it and use or add a different MFA option, how do I do that?
On right corner of the screen, click on your name, then click on Settings, scroll down to Extra Verification and here you can remove existing enrollment and setup new factors. DO NOT remove the Yubikey factor (if enabled for you): you will not be able to re-add it yourself. If you lose access to a cell phone number, you may need to contact your help desk to have your MFA factors reset (so you can recreate them with a new phone).

How do I get a home email address if I don’t have my own?
Free email account providers where anyone can create an email account to use as a “home email address” for State of Delaware purposes include:

It is fine to use a work computer to fulfill the migration requirements (to create and access your free email account and to register for a my.delaware.gov identity, and to access Employee Self Service).

 

So how do I create my own gmail account?
Just go straight to Google and go through their process. It’s simple and only takes about 3-5 minutes.

If that looks overwhelming (it’s not hard), here’s a step-by-step set of instructions on how to set up your google account (which gives you email).

 

I don’t want to share my personal home email address with my employer: what should I do?
Anyone who does not want to use their personal primary home email address may create and provide an email account with a free provider to use just for State of Delaware Employee Self Service “myDelaware Login email” purposes. You must be able to access this email account to receive the registration invitation/activation link and to register for a myDelaware identity. You can obtain a free email account from any provider, including those listed above, and you may use a work computer to create the account and register on my.delaware.gov.

State employees who want electronic access to participate in Open Enrollment for State of Delaware employee benefits (participation is required by law) or the State Employee Charitable Campaign, for example, will need to have a myDelaware identity to access these applications online.

 

My family uses a single email address for all of us. Can I use this as my myDelaware login email address?
No. An employee’s “home” and “myDelaware Login” email addresses need to be unique to each employee, not shared with anyone else in the family. Even if only one member of the family currently is a State of Delaware employee, other family members may need my.delaware.gov identity to transact business with the State of Delaware and won’t be able to use the shared email, either.

For a my.delaware.gov identity, each person needs a unique email address they alone control access to; this protects access to employment and other personal information.

 

My spouse and I share the same home email address; can we share a myDelaware identity?
No. Even if your spouse is not a State of Delaware employee, you cannot share a myDelaware identity– just like you cannot share a Delaware Driver’s License. Everyone needs their own validated myDelaware identity; this requires each person to have their own individual and unique home email address.

Why should I provide a home and myDelaware login email address?
An employee’s myDelaware login email address in your PHRST employment record becomes your unique username for the myDelaware system.

Residents, visitors, and employees use myDelaware to access Employee Self Service (for pay and benefit information) and other public-facing State of Delaware applications and services, such as State of Delaware Pension system and Child Support Services, for example, even after employment ends. Eventually, many kinds of transactions will require a myDelaware identity which is intended to serve you for your entire lifetime.

 

How will the State of Delaware use my home and/or myDelaware Login email address?
The State uses the home and/or myDelaware Login email address an employee provides to link an employee’s PHRST employment information with their myDelaware identity (the email field “myDelaware login” is a protected field in your employee file).

Once an employee completes registration for a myDelaware identity that identity will be linked to PHRST and granted access to Employee Self Service and other applications, based on a person’s employment with the State. The State only uses the myDelaware Login email to link employment record to identity. This address CANNOT be “preferred” for correspondence.

 

Can I select my home email address as my “preferred” email address?
Of course! It is important to know that you must select a “preferred” email address because many important communications, including benefits information, are sent via this contact method. You must designate one of your email addresses–most commonly either business or home–as “preferred” in your Employee Self Service personal information.

An employee can only have a single “preferred” email address; the myDelaware Login address cannot be marked “preferred” for correspondence. To use that email for correspondence, an employee should enter it as a “Home” email type.

 

What if I must change my personal email address later?
You can change your home email address (which could be used for State correspondence) anytime. However, changing your home email will NOT cause any change in your myDelaware login Email which will remain your my.delaware.gov login, even if your correspondence email in Employee Self Service is changed. In rare circumstances where you must abandon an email account you used for your myDelaware login because of legal or security concerns, you can work with your HR representative to change your myDelaware login email in PHRST so it will link to your myDelaware identity created with that same changed email.

 

I do not wish to receive unsolicited emails from SOD third party agents. How will the State of Delaware protect my home and myDelaware login email address?
The State of Delaware considers personal email addresses you share in your Employee Self Service Personal Information to be confidential information. You get to choose which email (your “home” or your “business” type) you wish the State of Delaware to use for official communications. You have always received third-party communications—specifically, from your chosen SOD benefit providers—at whichever email you designated as “preferred”. This email address also receives benefits enrollment and other State communication. The State of Delaware has no intention of harvesting or selling your personal email addresses to anyone.

The email address that you designate as “preferred” is provided to your chosen SOD benefits providers so they may do outreach to employees as needed for care or disease management, etc. You need not use your personal email address for anything except to allow you to create a myDelaware identity that can be linked to your Employee Self Service identity (your personal myDelaware Login email acts as a unique identifier for this purpose).

Why can’t I continue to use my Delaware ID to access Employee Self Service?
Your Delaware ID is for work-related applications and systems. To safeguard your lifetime online access to State of Delaware digital government services (such as your pension), you will need a my.delaware.gov identity.

Employee Self Service (ESS) moved to my.delaware.gov to assure uninterrupted access for workers who frequently change state employers (especially those working in education), and to make electronic access to ESS available to the many workers who don’t have a state email account. Access and identity linked to a person’s personal myDelaware Login email makes this possible and puts access in the employee’s control.

 

Why can’t I continue use my employee ID as my username to log in?
An employee’s ID number is private information, similar to a Social Security Number, that the State of Delaware does not want to expose. The new system requires a personal email address for identity registration.

 

Why can’t I use my work/State email address for my.delaware.gov access?
The system will not accept addresses as “Home” or “myDelaware Login” email if the address ends in Delaware.gov, state.de.us, or k12.de.us.
Not all employees have work issued (K12 or State) email addresses.

Some employees have multiple work addresses due to having multiple assignments or responsibilities.

Employees lose access via their work email and work-related Delaware ID when state employment ends, but still are permitted limited access to Employee Self Service, post separation.

myDelaware identity is intended to be a unique-to-you, lifetime access username to any State of Delaware-related online service. After employment ends—either by retirement or by separation—a former employee can use my.delaware.gov to see tax and pay information, access the Pension system, and continue to transact other business with the state. Access to Employee Self Service via my.delaware.gov won’t be interrupted by a change in work email due to a job change.

What is Multi-Factor Authentication?
You use https://my.delaware.gov to reach your Employee Self Service application. This application accesses YOUR personal data that Delaware wants to keep safe and secure.

When you log into Employee Self Service on my.delaware.gov to view a paystub or view benefits, you will be prompted to set up your Multi-Factor Authentication (Extra Verification) to prove you are YOU. You only must set this up once. This keeps your information safe.
You will be presented with MFA to verify you are YOU every time you log in, but not from inside the state network. Additionally, you will receive an email from “myDelaware” alerting you to unusual login activity. If you DO NOT recognize the login attempt, please notify esecurity@delaware.gov immediately.

The request to set up MFA will happen automatically the first time you log back into my.delaware.gov and select the Employee Self Service application after August 2, 2022.

MFA set up is also required for your Delaware ID, so you can authenticate when you log in from outside the state network. You can choose, set up, and use the same factors to authenticate for both your myDelaware and Delaware ID.

 

How many authentication factors do I need?
Delaware recommends that you set up at least TWO factors from the four choices offered. These factors are:

  1. VOICE CALL: provide a 10-digit phone number to a phone you can answer when you are logging on, such as your home phone. Your phone receives a voice call providing an access number to type into your device to log in.
  2. SMS: provide a 10-digit phone number to a text-message-enabled cell phone. Your cell phone receives a text message with a code you type into your device to log in.
  3. OKTA VERIFY: an application you can download (from Google or Apple). Download to a smartphone before setting up this factor: you will need to open the app and aim your phone’s camera at the QR code provided during set up to sync the app and your myDelaware or Delaware ID identity.
  4. SECURITY QUESTION: MyDelaware (and Delaware ID only at select work locations) may set up and choose one from a wide variety of questions available. You type in your secret answer to log in.

You can select among any factors you set up when you need to authenticate.

Some secure workplaces may offer different factors, such as Yubikey or security question, as an MFA factor for your Delaware ID, where phone use is not available.

 

Is there a cheat sheet for setting it up?
Yes. See these instructions which provide a step-by-step, screen-by-screen walk through of what to expect when you are asked to set up MFA on myDelaware.

 

Once it is set up, do I have to do anything else?
You only need to set MFA up once: any other applications requiring MFA in the future will be able to use it. You can modify your choices later (add or remove factors), but only IF you have access to at least ONE factor you set up. If you lose access to your factors, contact your Help Desk for assistance in resetting MFA.

 

What do I need to do when I get a new cell phone?
If you plan to get a new cell phone, you will need to remove any factors related to the old one (i.e., SMS, Voice Call and/or Okta Verify) before you set up a new phone as a factor. If possible, do this before you get a new number/phone. Having one non-cell-phone factor set up allows you to access your identity and change your factors even if you lose your cell phone.

Remember to do this for both myDelaware and your Delaware ID if you used your cell phone number or installed Okta Verify as a factor. If you lose access to your old phone, ask your Help Desk to reset your MFA.

I am logging in to Employee Self Service using the URL or the Tile on My Delaware and it either shows password expired or logs me out of myDelaware in a continuous loop.
This do-loop happens when you have had your browser open for a long time and an expired cookie locks your account.

We have an hourly process that unlocks the user accounts.  We ask you to first clear your cache. If you don’t know how, search “How to clear a browser cache in [insert your browser type—Edge, Chrome, Safari, Opera, etc.]” for step-by-step instructions you can easily follow. Then, completely quit your browser.  Give the process time (about an hour) before you start again with a fresh browser and then try to login again.

 

Oops, my Home Email doesn’t match my myDelaware login Email in my Employee Self Service Personal Information.
If you decided to change your personal email, and registered for my.delaware.gov with the updated Home email, please reach out to your HR representative to have that person change your myDelaware Login Email to match the personal email you used to register for your myDelaware identity. You may not see your Employee Self Service tile until 48 hours after the correction to your PHRST personal information is made.

 

My Employee Self Service tile never showed up for me on the myDelaware dashboard!
Here are the most common reasons for (the Employee Self Service tile not showing up in 48 hours after my.delaware identity registration):

  1. Background processes and timing.
    Depending on when Human Resources makes a change to your Home/myDelaware Login email in Employee Self Service and when you complete your my.delaware.gov registration, it takes up to 48 hours for the systems to sync your identity AND to assign the tile.
  2. You did not provide Human Resources with a Home Email AND myDelaware login email to put in your PHRST Employee Self Service record.
    Contact Human Resources and assure they add Home and myDelaware Login email to your PHRST record. After HR has done this correctly, your tile will show up within 48 hours.
  3. Your name or the email you registered with in myDelaware doesn’t match your PHRST data.
    Contact Human Resources to confirm exactly how your name, home, and myDelaware Login emails appear in PHRST; make sure that you registered on myDelaware with the same email as is in your PHRST employee data. Make sure your name in your myDelaware settings is spelled exactly the same as it is in your PHRST employee data.
Why did access to DE_SSO change?
Delaware needs greater security for the state network and data. Access to applications and systems protected by DE-SSO will be protected by myDelaware and/or or Delaware ID going forward.

 

Who made the decision to make this change?
The State of Delaware’s Chief Security Officer and DTI, in keeping with the governance policies conferred on them by The Delaware Code statue (Title 29, Chapter 90C) which enables the Department of Technology and Information.

DTI is mandated by the legislature’s update of Title 29 Chapter 90C Subchapter III to “mitigate cyber security risks related to critical infrastructure and protected systems;” DTI’s enabling statute further provides that DTI shall have the power to:

(1) Develop and implement a comprehensive information security program that applies personnel, process, and technology controls to protect the State’s data, systems, and infrastructure, within the State’s computing environment and on partner systems. All systems that connect to the State network shall comply with the State Information Security Program.

This change in access is part of an overall hardening of the state’s defenses of your personal information and other sensitive state data against bad actors. The State of Delaware cannot retain a system that no longer adequately protects state data. Data security breaches have the potential to incur great costs, both to the state and to individuals whose information is compromised. DTI acts with the full knowledge of, and in concert with, the other state entities who are responsible for employee data: the Office of Management and Budget and the Department of Human Resources. This change is being made because the State of Delaware must act responsibly to protect state data.

Title 29 clearly states:

The General Assembly further finds and declares there is a critical role of information and information systems in the provision of life, health, safety, and other crucial services to the citizens of the State of Delaware and there is a need to mitigate the risk posed to these services due to ever-evolving cybersecurity threats.

Related Topics:  , , , , , , ,