A User must have a valid IMMS account and must authenticate with the system to access IMMS functionality and the data maintained in the system. Depending on the operational requirements and security policy for the particular Instance, one or multiple authentication modes may be available to Users. 

This article will cover the following topics and features:

Authentication Providers

IMMS supports multiple methods for authenticating its Users:

• Username and password 
• Username and password with enterprise integration
• OpenID Connect
• PKI certificate-based

Based on the security policy established by the owner of the Instance, the administrator configures one or multiple authentication providers/domains. Each authentication provider/domain definition contains a descriptive user-friendly name, a specific supported authentication mode, and additional mode-specific parameters. By selecting the authentication provider/domain when requesting a new account or attempting to access the application you will be selecting the authentication mode defined for that provider. For instance, if you select an authentication provider configured for username/password authentication against the enterprise Active Directory / LDAP, IMMS will require you to use the corresponding Active Directory credentials and will validate them against the enterprise directory. 

Requesting a User Account

If you do not have a User Account, you will be able to request one by following the "Request Account" link on the Sign In page.

When you click on the link, IMMS will present you with an Account Request form, which will contain a number of fields, including the login name, password (if applicable), contact information, and other data. Please fill out the fields and provide the information necessary for the Instance Administrator to approve your account.

Your IMMS Instance may be configured to use PKI certificates for secure access. In such case, you may be prompted to supply your certificate by inserting the smart card, e.g. DOD CAC. Please follow the instructions, as they appear on the screen.

After your User Account has been approved, you will receive an email notification, which will be sent to the email address specified on the Account Request form.

After you successfully login to IMMS, you can update personal information, such as contact details, via the Update Profile option of the User Menu, accessible from the top-level navigation toolbar.

Logging In With an Existing User Account

If you already have an existing user account, you can use the Sign Inpage to access IMMS.

The Sign In page consists of the following controls:

• Authentication Provider / Domain: A given IMMS instance may support multiple categories of Users, and the Users may rely on different means to authenticate with the system. For example, some Users may use their corporate Active Directory/Domain accounts, while the other group of Users may rely on usernames/passwords managed directly in IMMS. Similarly, an IMMS Instance may be configured to authenticate Users via PKI certificates, such as DOD Common Access Cards (CAC).
  Your IMMS Instance Administrator will configure the Authentication Provider/Domain options to be intuitive. Please select the one, which matches the way your User Account is configured. If uncertain, you can try different options or contact your Instance Administrator for assistance.
  
• Login Name and Password: Use these fields to enter the login name and password created when registering your IMMS account. Please note:
  • If you are using a PKI certificate (e.g., CAC) to authenticate, you will not need to enter the login name and password. The fields will be disabled when you select the Authentication Provider/Domain corresponding to your access method;
  • If you are using a domain (Active Directory) account, you will need to enter the login name and password maintained in Active Directory.

Note: When using an Active Directory account for authentication, you must access the Active Directory to change your password, not IMMS.

Functionality Available Within IMMS and Role-Based Access Control (RBAC)

The functionality available within IMMS to an authenticated User depends on the permissions granted to the User by the Instance Administrator via the Role-Based Access Control (RBAC). Based on the nature of the projects supported by the Instance and the associated security policies, the User Permissions may be granted globally at the Contract level:

• Global permissions apply across all Contracts configured on the Instance. 
• Contract-level permissions give the User access to certain data and/or actions only within the scope of the specific Contracts. 

Based on the permissions granted by the Instance Administrator, some of the functionality and/or data may not be available to you within the IMMS User Interface. If you believe the permissions granted to you are insufficient, please contact your Instance Administrator to adjust the access level. 

Logging Out, Ending and Extending Your IMMS Session

To prevent unauthorized access and / or changes to the information maintained in IMMS, it is recommended that you use the Logout function, available via the User Menu, to terminate your session.

If you do not use the logout function, IMMS will terminate your session automatically after a certain period of inactivity. The automatic logout period is configured by your Instance Administrator and may be different from one Instance to another. Typically, it is set to 15-20 minutes. One minute before the session termination a banner that shows remaining time will appear on your screen, notifying you that session termination is approaching. At this point you may let the session expire, or use the Continue button to extend it.