Member Impacting Project Overview PR Two-Factor Authentication V3

Similar documents
Member Impacting Project Overview PR Two-Factor Authentication V3

Marketplace Portal Redesign. Member Test Checkpoint Meeting

Member Impacting Project Overview. Order 676-H NITS Modifications to weboasis. version 2.0

Member Impacting Project Overview

GETTING STARTED WITH MARKETPLACE PORTAL

Market Trials Review Group. May 2, 2012

Published: December 15, 2016 Revised: December 15, 2016

Published: December 15, 2017 Revised: December 15, 2017

Project Tracking and Cost Estimation Tool PR

Member Impacting Project Overview

Member Impacting Project Overview

Credential Reporting and Housing System Instructions

Member Impacting Project Overview Data Push

Instructions for Part I of the CWIC and Community Partner Work Incentives Counselor Assessment and Certification Process

Foundations Courses Trainer Certification Process

First Data ServiceCenter Web

National Pooling Administration Contract #FCC13C nd Revised Change Order Proposal #3B

Client Services Procedure Manual

MyFloridaNet-2 (MFN-2) Customer Portal/Password Management Reference Guide

Contents About This Guide... 5 About Notifications... 5 Managing User Accounts... 6 Managing Companies Managing Password Policies...

New Member Submission Guide

Magento Enterprise Edition Customer Support Guide

Getting Started Guide For Users

Qualys SAML 2.0 Single Sign-On (SSO) Technical Brief

[GSoC Proposal] Securing Airavata API

User Guide: Applying for School Transport Online

e-frr SYSTEM USER GUIDE

Provider Treatment Portal User Guide

Table of Contents. 1. Background Logging In Account Setup Requests Submissions Discussions...

The most current protocol information should be entered. This includes incorporation of all past amendments and modifications.

Gradintelligence student support FAQs

If you missed any of the information leading up to the launch of The Learning Exchange, please visit:

Welcome to the NHSmail LA webinar

FOR AGENCY SECURITY LIAISONS Last Updated April 16, 2013 PART A

CTU Data Management Systems External Log-in

MyFloridaNet-2 (MFN-2) Customer Portal/ Password Management/ VPN Reference Guide

Purpose of this Document

RMS Client Guide. Application, Quote, Login & Password August 2018

Wyoming Test of Proficiency and Progress (WY-TOPP)

Service Description: CNS Federal High Touch Technical Support

July 28, IT Settlements

DelphiSuppliers.com. Website Instructions

IMPROVING Sepsis SURVIVAL. Data Portal User Manual version 2.0

Expense Management for Microsoft Dynamics NAV

Identity Assurance Framework: Realizing The Identity Opportunity With Consistency And Definition

North American Portability Management, LLC Transition Oversight Manager. TOEP Webcast November 7, 2017

Avatar MH Practice Management Forum. Date: May 24, 2012 Time: 1:00-2:30 Location: 7001 A East Parkway, Sacramento, CA Conference room 1

Identifying the Skills and Team Members Needed to Support Synchronous Online Sessions and Webinars

Enhanced Curtailment Calculator (ECC) Admin Guide

Electrolux Small Appliance Reseller FAQs

QUICK TIPS FOR FULL-ACCESS ACCOUNTS. Florida SHOTS. Contact Information.

Online CDC service. HowTo guide for certifying organisations

Expertise that goes beyond experience.

Coaching Applicant Information

B. Log into the Suncor Contractor Learning Management System

TABLE OF CONTENTS. WELCOME TO mycsa... LOGGING IN... FORGOT PASSWORD... FIRST TIME REGISTRATION... ACCESS TYPE... GETTING STARTED...

Business Online Banking. Conversion Guide IMPORTANT INFORMATION ABOUT YOUR NEW BUSINESS ONLINE BANKING SERVICES. Version103117

CONTENTS 1) GENERAL. 1.1 About this guide About the CPD Scheme System Compatibility. 3 2) SYSTEM SET-UP

Online CDC service. HowTo guide for applicants

Step 3 ROS Administrator

Time2Track User Manual. SJP Interns Site Supervisors

Employer Portal Guide. BenefitWallet Employer Portal Guide

TransUnion Direct User Guide

Regions Quick Deposit

Easy Chair Online Conference Submission, Tracking and Distribution Process: Getting Started

North American Portability Management, LLC Transition Oversight Manager. TOEP Webcast December 12, 2017

2 Creating New CCQAS 2.8 User Accounts

Sound United Reseller FAQs

2012 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Excel, Lync, Outlook, SharePoint, Silverlight, SQL Server, Windows,

UIS Monthly Update May 2015

Army CCQAS 2.8 Quick Guide: Registering for a New User Account Reviewers, Evaluators, and Privileging Authorities

Input on Teaching from Students

BEEDS portal Bank of England Electronic Data Submission portal. User guide. Credit unions Version 1.2

Solving for Compromised Credentials Across the Enterprise

CORE Voluntary Certification: Certification from the Testing Vendor s Perspective. February 18, :00 3:00pm ET

NFP Client Learning Portal

National Association of Long-Term Care Administrator Boards. NABVerify User Guide CE Registry for Licensees (Updated November 6, 2017)

Better Practice Elements for Audit Preparation

RFQ OIT-1 Q&A. Questions and Answers, in the order received.

Table of Contents. Page 1 of 6 (Last updated 27 April 2017)

CPLP and APTD Recertification FAQ Updated May 2018

MBTA Student Pass Program - User Guide

Provider Portal. User Manual. Therapists and Health Practitioners

Sysco Market Login Help

Avera CE Portal Orientation Packet

imaconnect: Guide to the system

Southwest Power Pool Portal Market Participant General User s Guide

MEMBERSHIP SUITE USER GUIDE

Extractive Sector Transparency Measures Act. NRCan eservices Portal User Guide

MAGLOCLEN MOCIC NESPIN RMIN ROCIC WSIN Newtown, PA Springfield, MO Franklin, MA Phoenix, AZ Nashville, TN Sacramento, CA

Ferring Pharmaceuticals Inc. Educational Grant Applicant Working Guide

Early Childhood Data System (ECDS) Kindergarten Data Submission. User Guide Updated April 27, 2017

Good afternoon, everyone. Thanks for joining us today. My name is Paloma Costa and I m the Program Manager of Outreach for the Rural Health Care

myohportal FAQ 07 September 2017 How do I access myohportal? How do I create an account on myohportal?

2015 Independence Blue Cross Sales Sentinel User Guide FLEXIBLE BENEFITS PLANS

PCI COMPLIANCE IS NO LONGER OPTIONAL

This job aid will show Portal Administrators and users how to perform self-serve tasks for their account.

BEEDS portal Bank of England Electronic Data Submission portal. User guide. New PRA Authorisations Version 1.1

Mn/DOT Technical Certification Program

PELICAN Child Care Works: Provider Self Service Training

Transcription:

Member Impacting Project Overview PR20160003 Two-Factor Authentication V3 0406/198/2016 Page 1

Table of Contents Table of Contents... 2 Version Control... 2 Executive Summary... 3 Business Impact... 3 Users Impacted... 3 Business Functions Impacted... 3 Technical Impact... 4 SPP Systems/Processes Impacted... 4 Anticipated Member Systems/Processes Impacted... 5 Member Requirements... 5 Testing... 5 Training... 6 Implementation/Back-out Plan... 7 Summary of Timeline... 7 Project Assumptions... 8 Risks... 8 Additional Documentation... 9 Communication Plan... 9 Liaisons... 9 MIPO and Project Documentation... 9 Next Steps... 9 FAQs... 10 More Information... 11 Version Control Version Date Author Change Description 1.0 11/15/16 David Koone Initial version for CWG 1.1 11/15/16 David Koone User Impacted section Settlements was added 1.2 04/18/2017 David Koone Schedule Changes, Testing and Training updates 3.0 6/15/2017 David Koone Michael Hodges Communicate MIPO updates for testing Changed to V3 and date in page foot notes Added Questions From Kickoff Meeting 0406/198/2016 Page 2

Executive Summary Security related incidents are becoming more frequent and challenging. Companies are actively enhancing the authentication mechanisms to filter out the right end user from the wrong end user. Multifactor authentication mechanisms are now an industry standard and becoming mandatory where critical business data is exposed to the end users through Internet. This project will implement Two-Factor Authentication for all Integrated Marketplace User Interfaces (UIs) and Application Programming Interfaces (APIs). Business Impact All Integrated Marketplace UIs and APIs will be updated to require Two-Factor Authentication. See further sections of this document for specific systems and users impacted. Local Security Administrators (LSAs) will have new functionality available in the Marketplace Portal on the Manage Users screen for administering passwords and API Keys. Users Impacted Users of the systems/applications listed below will be impacted, as the systems will be updated to utilize Two-Factor Authentication. The project will be split into two phases as described below. From a user perspective Phase 1 consists of password management implementation. Phase 1 implementation will coincide with the Integrated Marketplace Portal Redesign project and will impact all users of the Integrated Marketplace Portal as all users will need to comply with new password requirements in order to retain access. Marketplace Portal Redesign Project Documentation: Link Phase 2 (July 31 st August 31 st ) consists of implementation of Two-Factor Authentication into the systems listed below and will occur after Phase 1 has been implemented in Production. System Changes Phase Integrated Marketplace Portal UI 1 Settlements UI and API 2 Markets UI and API 2 Ratings Submission Tool UI 2 Schedule Data API API 2 TCR UI and API 2 Credit Stacking System UI 2 All users of the above systems, and any new systems that are implemented in the future, will be required to authenticate using Two-Factor Authentication. UI -- Users will be required to enter a Login ID and password when logging in to the UIs and digital certificate. API - Client applications will be required to generate an API Token to access the APIs. Business Functions Impacted This project is changing the authentication mechanism for all Integrated Marketplace UIs and APIs to require a second authentication factor. 0406/198/2016 Page 3

Users that log into Integrated Marketplace systems will be required to input a Login ID (current, valid e-mail address) and password in addition to the digital certificate that is already required. Password reset functionality will be available for users to reset their password without contacting their LSA. Programs that access the Integrated Marketplace APIs will be required to use an API Key to generate an API Token for each request that is sent to the APIs. API Keys and end user passwords will be managed through the Integrated Marketplace Portal. LSAs will have new functionality available within the Marketplace Portal to generate API Keys. The API Keys will be used by client applications to generate API Tokens for the purpose of authentication. The Marketplace Portal will also include new functionality allowing the reset of passwords by the LSAs for users who have forgotten their password. Additionally, SPP will provide functionality for Marketplace Portal users to reset their own password without assistance from the LSA. Technical Impact The impact to all affected Integrated Marketplace systems is the same from a client perspective: In addition to presenting a client certificate, users must enter a Login ID and Password to access the user interfaces, and applications must generate API Tokens to authenticate to the APIs. Two-Factor Authentication Credentials The Login ID will be the valid, current e-mail address associated with the user in the Manage Users screen within the Marketplace Portal. When an LSA creates a user in the Marketplace Portal Manage Users screen, the user will be emailed a temporary, single use password. User Password Management When the user logs into the Marketplace Portal they will be required to supply their digital certificate, and then they will be prompted for a Login ID and password. The password must be changed the first time the user logs in and also must be changed every 90 days. The LSA will also have the capability to reset a user s password if forgotten. In this case, the user will be emailed a new temporary password that must be changed at the next login. Additionally, SPP will provide functionality for Marketplace Portal users to reset their own password without assistance from the LSA. Programmatic Access (API) For programmatic access, applications must use an API Key to generate a single use API Token that will be sent with each request. The API Key will be generated by the LSA from the Marketplace Portal Manage Users screen and supplied to the application developer or administrator. The application developer or administrator will use this API Key to configure their client application to generate API Tokens that are used for Two-Factor Authentication. For technical details about how to code client applications to generate API Tokens, please see the Integrated Marketplace Two-Factor Authentication Specifications document available in the Two-Factor Authentication project folder. Link An updated LSA User Guide will be published in May of 2017 with the Marketplace Portal Redesign Project. SPP Systems/Processes Impacted The following member-facing systems will be updated to require TwoFactor Authentication: Marketplace Portal (UI only) Settlements (UIs and APIs) Market (UI and API) Ratings Submission Tool (UI only) Schedule Data (API only) TCR (UI and API) In addition, any new systems that are implemented in the future will be required to use Two-Factor Authentication. 0406/198/2016 Page 4

Anticipated Member Systems/Processes Impacted The following member systems/processes will require updates to address Two-Factor Authentication requirements: Settlements APIs Markets APIs Schedule Data API TCR API All Phase Two testing will be performed in the same test window for all applications. Member Requirements Member Impacting Changes: Two-Factor Authentication Phase 1 (Integrated Marketplace Portal): Integrated Marketplace Portal users will need to login to the Marketplace Portal with their Login ID and password. (May 29 June 26, 2017) Two-Factor Authentication Phase 2 (Markets/TCR/Settlements/Schedule Data API/Ratings Submission Tool): All member API client code must be updated to comply with the Two-Factor Authentication client technical specifications for programmatic access. (July 31 August 31, 2017) Member Testing: Two-Factor Authentication Phase 1 (Integrated Marketplace Portal): Testing will be conducted in MTE. All MTE Marketplace Portal users will receive a temporary password. The temporary password will be used to complete an initial login, and the user will then be required to set a new password for their account. Two-Factor Authentication Phase 1 (Integrated Marketplace Portal): MPs will be requested to test new password management functionality in the Marketplace Portal Local Security Administrator (LSA) screens. Two-Factor Authentication Phase 2 (Markets/TCR/Settlements/Schedule Data API/Ratings Submission Tool/Credit Stacking System): Connectivity testing of client UI and API authentication with SPP in MTE. Testing of the Integrated Marketplace Portal UI should be performed by individuals who are familiar with usage of the Marketplace Portal as it currently exists and have a valid client certificate. LSAs will see new functionality added to their current Marketplace Portal tools, but should need no additional access or permissions beyond what they currently have. Details on the additional functionality will be provided in the LSA User Guide which will be issued in May 2017 LSAs will need to be involved in both UI and LSA password management testing, as they will have new functionality available to reset user passwords and manage API Keys. API testers will need to be familiar with the existing Marketplace system APIs and have access to a system that submits requests to the APIs. The information necessary to generate the API tokens required for authentication will be provided by SPP. Member API requests submitted to SPP will need to be updated to provide these tokens before testing begins. Testing July 13 August 31, 2017 will be the designated time period during which the MP-facing test environment (MTE) will be opened to the MPs for their testing efforts on this project. A Two-Factor Authenication Project Testing kick-off meeting will be held in early to-mid June. All MPs are encouraged to attend registration information will be made available closer to the meeting time. Testing by the MPs is strongly encouraged since there are system changes to be made by the MPs. SPP will issue high-level test cases and maintain scorecards to track MP testing. 0406/198/2016 Page 5

SPP will post testing materials by June 1, around four weeks before testing begins, in the project folder on spp.org. Testing documentation is posted in the Two Factor Authentication project folder on the SPP website/cwg page located here. Materials posted include a copy of the slides from the kick-off meeting held 6/15 and the test case spreadsheet. Test Assumptions: All MPs should have already conducted connectivity testing to the MP-Facing Integrated Test Environment (MTE). This project timeline will not include connectivity testing. MP s staff members who are participating in the testing are trained on the systems they are testing. All coding changes have been completed in accordance with what is outlined in the Two-Factor Authentication Technical Specifications document. Training All member companies will identify personnel to receive project-related training and/or documentation. All member companies will use the LMS to register for Marketplace Portal User job-aid training sessions. Attendance will be tracked as part of Market Participant Readiness via the LMS, so all attendees must have a LMS account. SPP Training will provide learning opportunities that aid understanding, but each entity will be expected to certify performance readiness. LSA documentation will continue to be housed on the Marketplace Portal (see screenshots below): 0406/198/2016 Page 6

Implementation/Back-out Plan TBD Summary of Timeline Date Responsible Party Action 11/16/2016 SPP Publish Tech Doc. Integrated Marketplace Two-Factor Authentication Specifications 11/16/2016 06/30/2017 MPs Design, Build and Internal Test client APIs to comply with Two-Factor Technical Specifications Complete Underway 05/29/2017 06/26/2017 SPP, MPs Phase 1 Two-Factor Authentication is Marketplace Portal login with password and LSA testing of the new password functionality in the Marketplace Portal Redesign Project LINK 2 nd Q 2017 SPP Training information published On or before 06/16/2017 2017 SPP Phase 2 Testing Kickoff Meeting Registration details will be communicated before the meeting 06/01/2017 SPP Publish testing information Test Cases 07/0123/2017 08/31/2017 SPP, MPs Phase 2 Two-Factor Authentication client connectivity testing in MTE for all impacted systems (Markets, Settlements, TCR, Schedule Data API, Ratings Submission Tool) 0406/198/2016 Page 7

10/10/2017 SPP, MPs PR20160003 Two-Factor Authentication All Systems Production Implementation 5/29/2017 Phae 1 Test Begins 6/26/2017 Phae 1 Test Ends 7/3/2017 All Applications Delivered to MTE 10/10/2017 Production For ALL Applications 8/1/16-11/30/16 Requirements and Design 11/28/16-6/26/17 Build / Test 7/3/17-8/31/17 Phase 2 MP Testing 8/1/2016 10/1/2016 1/1/2017 4/1/2017 7/1/2017 10/1/2017 11/14/2016 Publish MIPO V1 10/10/2017 11/14/2016 Member Technical Requirements Posted 7/1/2017 Phase 2 MTE Testing Begins 8/31/2017 Phase 2 MTE Testing Ends 10/10/2017 Production For ALL Applications 8/1/16-11/30/16 Requirements and Design 11/28/16-6/27/17 Build / Test 7/1/17-8/31/17 MTE Testing 8/1/2016 10/1/2016 1/1/2017 4/1/2017 7/1/2017 10/1/2017 11/14/2016 Publish MIPO V1 5/1/2017 10/10/2017 Publish MIPO V4 w/ Testing Details 11/14/2016 Member Technical Requirements Posted 6/26/2017 Phase 1 Test Ends 5/29/2017 Phase 1 Test Begins Project Assumptions Vendor development is completed on dates estimated by SPP SPP assumes all MPs will participate in testing as the Two-Factor Authenication changes are required for MPs to access MTE and PROD SPP will decide on a strategy for enabling and requiring Two-Factor Authenication across the impacted systems Risks Delays in Development through testing could impact project schedule at point of MTE testing. 0406/198/2016 Page 8

Additional Documentation Two-Factor Authentication Project Folder: Communication Plan Liaisons The project requests Project Liaisons to perform the following functions during the project timeline: Review project documentation and provide feedback Assess milestones and deliverables for feasibility Serve as the main point of contact between SPP and Member organization Facilitate member review of MIPOs, documentation and presentation materials Provide feedback on MIPOs Review project status and provide your organization s status Coordinate member implementation and testing efforts Represents the members interest on the project team Please submit liaison name, phone number and email address via an RMS ticket using Project Inquiries, subtype Two- Factor Authentication. MPs can submit more than one liaison for their company. Please submit these RMS tickets by November 30, 2016. MIPO and Project Documentation All project communication and information will be posted to the SPP Change Working Group Two-Factor Authentication Project folder. (https://www.spp.org/spp-documents-filings/?id=81466). This MIPO will be updated upon change or with any new information, and according to the Member Project Touch Points and Deliverables. With any update, a redline version is posted to the project documentation folder, and the CWG is notified. Next Steps Action Assignee Status & Due Date Project communicate need for liaison at member/participant companies MP provide Liaisons via RMS tickets MP testing system applications based on Two-Factor Authentication Specifications Doc in lower environments CWG Staff Secretary November 16, 2016 Complete MP November 30, 2016 Underway MP Current through June 30, 2017 Documentation Link Register for Marketplace Portal Redesign Project Testing Kick Off Meeting MP Marketplace Portal Redesign: Kickoff Meeting May 05, 2017 Documentation Link Register for Two-Factor Project Testing Kickoff Meeting MP Registration not available until May Registration for Kickoff meeting will be made available in May 0406/198/2016 Page 9

Notificaitons will be sent in Email to Liaisons and CWG FAQs Frequently asked questions will be added to the document as identified or necessary Question Origination Answer Since there are two projects effecting the market place web services and the testing times overlap, Markets Release 1.21 and Release 1.0.5 for Two-Factor Authentication, will the two factor web services be available before the production date of the markets release 1.21 and will they work without the two factor connectivity set up? There will be WSDLs that are specific to Two-Factor correct? I went through the postings and didn't see a specific date for that. If there are different web services I will have to rebuild my programs and I am trying to avoid that. I saw that the release 1.05 production release is now July 20th. That cuts out nearly a month of testing for two-factor. Are the web services going to be the same for both projects? RMS 33149 The Markets Release 1.21 testing will not include any two-factor testing. However, if you would like to go ahead and make those changes while you re making your Markets Release 1.21 changes, you are welcome to do so. Those two-factor changes would just be ignored during the Markets Release 1.21 testing, until the two-factor testing starts on July 1. The Technical Specification document is on the Web site- LINK This information has been made available for Members to test in their environments and prepare for the MTE testing starting July1st. Two Factor Authentication Phase 1 testing is the same testing effort as the Marketplace Portal Redesign. 05/29 -- 06/26. (user Logon or UI testing) Two Factor Authentication Phase 2 testing in MTE (July1st to August 31st). Phase 2 is Application testing or API testing. The Date you listed in the text, July 20th is for the Markets 1.21. For Two Factor Authorization, yes we did change the testing dates in MTE.(Phase 2 testing is July 1st to August 31st. We are starting on the same date but we did pull in the end date. We moved from the 12 weeks to 8 weeks of testing. Our norm for projects is a 6 week window. The original of testing schedule was set early in the project, in 2016 when we were not sure of the testing requirements and impact. Based on our discovery for this project including work effort estimates to complete testing and a desire to not allow the project to push into the holiday season are a couple of the reasons we 0406/198/2016 Page 10

What is the process for vendors to obtain a Login/pass to access the SPP Portal? Is SPP automatically providing a login/pass for the certificates the MPs have already provided to us? Are the MPs required to request them? SPP provided a list of systems/applications that will have implementation of Two-Factor Authentication. I wanted to verify if CROW is a part of one of the listed systems or if CROW is one of the impacted systems for Phase 2 To test the phase 1 of the Two Factor Authentication, users must have a security certificate and Login ID and password. How do we get the initial Login ID and password? I am also the LSA, will I need to assign Login IDs to each user? I can't access the LSA job aid in the MTE site because I can't sign into the MTE site without an initial LoginID and password. moved the testing window to 8 weeks. This was presented at the CWG meeting on April 20th. 33438 You will access the same way they do today. If they have company specific needs for access they d work with the correct LSA to provision those. 33405 The CROW data service is an internal piece that merely needs to be pointed to the new AuthZ version 2 when made available in each environment. CROW, the application, will not be incorporating Two-Factor Authentication so it is not in Scope for this Project. 33895 the initial login to the MTE Portal is the user's email address that is associated with their certificate in the Portal for both the UserID and Password. The LSA Job Aid is currently found on the MTE Portal under Administration/Local Security Administration/LSA Documentation Please help by providing the LSA Job Aid and any specific instructions I need to get a LoginID and password to test access to the MTE. Shane from OPPD - When will we be able to start configuring users in the Portal? Testing Kickoff Meeting Will work as it has worked in MTE, can login and configure their own password Will emails be sent to users warning of impending cert expirations? Testing Kickoff Meeting User will receive a warning of expiration, but if warning is missed they can login and will immediately be forced to change their password. More Information At any time, Members can ask questions or get more information by completing an RMS ticket using RMS link: https://spprms.issuetrak.com/login.asp. If a new user ID is needed for RMS, click on that link and follow the directions for Register Now. To Open an RMS ticket for Two Factor Authentication you may look for the Subtype in the Project Inquiries 0406/198/2016 Page 11

0406/198/2016 Page 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback