A user User must have a valid IMMS account and must authenticate with the system to access IMMS functionality and the data maintained in the system. Depending on the operational requirements and security policy for the particular IMMS instancesInstance, one or multiple authentication modes may be available to its usersUsers. 

Authentication Providers

IMMS supports multiple methods for authenticating its usersUsers:

• Username and password 
• Username and password with enterprise integration
• OpenID Connect
• PKI certificate-based

...

Based on the security policy established by the owner of the IMMS instanceInstance, the administrator configures one or multiple authentication providers/domains. Each authentication provider/domain definition contains a descriptive user-friendly name, a specific supported authentication mode, and additional mode-specific parameters. By selecting the authentication provider/domain when requesting a new account or attempting to access the application you will be selecting the authentication mode defined for that provider. For instance, if you select an authentication provider configured for username/password authentication against the enterprise Active Directory / LDAP, IMMS will require you to use the corresponding Active Directory credentials and will validate them against the enterprise directory. 

...

Requesting a User Account

If you do not have an IMMS accounta User Account, you will be able to request one by following the "Request Account" link on the Sign In page.

When you click on the link, IMMS will present you with an Account Request form, which will contain a number of fields, including the login name, password (if applicable), contact information, and other data. Please fill out the fields and provide the information necessary for the IMMS administrator Instance Administrator to approve your account.

Your IMMS instance Instance may be configured to use PKI certificates for secure access. In such case, you may be prompted to supply your certificate by inserting the smart card, e.g. DOD CAC. Please follow the instructions, as they appear on the screen.

After your account User Account has been approved, you will receive an email notification, which will be sent to the email address specified on the Account Request form.

After you successfully login to IMMS, you will be able to update some of the can update personal information, such as contact details, via the "Update Profile" option of the user menu in the top right corner of the IMMS screenUser Menu, accessible from the top-level navigation toolbar.

Logging In With an Existing User Account

If you already have an existing user account, you can use the Sign Inpage to access IMMS.

The Sign In page is, generally, self-explanatory and consists of the following controls:

• Authentication Provider / Domain: A given IMMS instance may support multiple categories of usersUsers, and the users Users may rely on different means to authenticate with the system. For example, some users Users may use their corporate Active Directory/Domain accounts, while the other group of users Users may rely on usernames/passwords managed directly in IMMS. Similarly, an IMMS instance Instance may be configured to authenticate users Users via PKI certificates, such as DOD Common Access Cards (CAC).
  Your IMMS instance administrator Instance Administrator will configure the Authentication Provider/Domain options to be intuitive. Please select the one, which matches the way your account User Account is configured. If uncertain, you can try different options or contact your IMMS administrator Instance Administrator for assistance.
  
• Login Name and Password: Use these fields to enter the login name and password created when registering your IMMS account. Please note:
  • If you 're are using a PKI certificate, certificate (e.g., CAC,) to access IMMSauthenticate, you will not need to enter the login name and password. The fields will be disabled when you select the Authentication Provider/Domain corresponding to your access method;
  • If you 're are using a domain (Active Directory) account, you will need to enter the login name and password maintained in Active Directory. You will also need to access Active Directory (and not IMMS)

Note: When using an Active Directory account for authentication, you must access the Active Directory to change your password, not IMMS.

Functionality Available Within IMMS and Role-Based Access Control (RBAC)

The functionality available within IMMS to an authenticated user User depends on the permissions granted to the user User by the IMMS administrator Instance Administrator via the Role-Based Access Control (RBAC). Based on the nature of the projects supported by the IMMS instances Instance and the associated security policies, the user permissions User Permissions may be granted globally at the contract Contract level:

• Global permissions apply across all contracts/projects Contracts configured on the IMMS instanceInstance. 
• Contract-level permissions give the user User access to certain data and/or actions only within the scope of the specific contractsContracts. 

Based on the permissions granted to you by the administratorInstance Administrator, some of the functionality and/or data may not be available to you within the IMMS user interfaceUser Interface. If you believe the permissions granted to you are insufficient, please contact your IMMS instance administrator Instance Administrator to adjust the access level. 

...

To prevent unauthorized access and / or changes to the information maintained in IMMS, it is recommended that you use the Log Out Logout function, available via the user menu (in the top right corner of the screen) User Menu, to terminate your session.

If you do not use the log out logout function, IMMS will terminate your session automatically after a certain period of inactivity. The automatic logout period is configured by your IMMS instance administrator Instance Administrator and may be different from one instance Instance to the otheranother. HoweverTypically, in most cases, it will be it is set to 15 or -20 minutes. One minute before the session termination a banner that shows remaining time will appear on your screen, notifying you that session termination is approaching. At this point you may let the session expire, or use the "Continue" button to extend it.