A user must have a valid IMMS account and must authenticate with the system to access IMMS functionality and the data maintained in the system. Depending on the operational requirements and security policy for the particular IMMS instances, one or multiple authentication modes may be available to its users.
- Authentication Providers
- Requesting a User Account
- Logging In With an Existing User Account
- Functionality Available Within IMMS and Role-Based Access Control (RBAC)
- Logging Out, Ending and Extending Your IMMS Session
Authentication Providers
IMMS supports multiple methods for authenticating its users:
- Username and password
- Username and password with enterprise integration
- OpenID Connect
- PKI certificate-based
Based on the security policy established by the owner of the IMMS instance, the administrator configures one or multiple authentication providers/domains. Each authentication provider/domain definition contains a descriptive user-friendly name, a specific supported authentication mode, and additional mode-specific parameters. By selecting the authentication provider/domain when requesting a new account or attempting to access the application you will be selecting the authentication mode defined for that provider. For instance, if you select an authentication provider configured for username/password authentication against the enterprise Active Directory / LDAP, IMMS will require you to use the corresponding Active Directory credentials and will validate them against the enterprise directory.
Requesting a User Account
If you do not have an IMMS account, you will be able to request one by following the "Request Account" link on the Sign In page.
When you click on the link, IMMS will present you with an Account Request form, which will contain a number of fields, including the login name, password (if applicable), contact information, and other data. Please fill out the fields and provide the information necessary for the IMMS administrator to approve your account.
Your IMMS instance may be configured to use PKI certificates for secure access. In such case, you may be prompted to supply your certificate by inserting the smart card, e.g. DOD CAC. Please follow the instructions, as they appear on the screen.
After your account has been approved, you will receive an email notification, which will be sent to the email address specified on the Account Request form.
After you successfully login to IMMS, you will be able
...
to update some of the personal information, such as contact details, via the "Update Profile" option of the user menu in the top right corner of the IMMS screen.
Logging In With an Existing User Account
If you already have an existing user account, you can use the Sign Inpage to access IMMS.
The Sign In page is, generally, self-explanatory and consists of the following controls:
- Authentication Provider / Domain: A given IMMS instance may support multiple categories of users, and the users may rely on different means to authenticate with the system. For example, some users may use their corporate Active Directory / Domain accounts, while the other group of users may rely on usernames/passwords managed directly in IMMS. Similarly, an IMMS instance may be configured to authenticate users via PKI certificates, such as DOD Common Access Cards (CAC).
Your IMMS instance administrator will configure the Authentication Provider / Domain options to be intuitive. Please select the one, which matches the way your account is configured. If uncertain, you can try different options or contact your IMMS administrator for assistance. - Login Name and Password: Use these fields to enter the login name and password created when registering your IMMS account. Please note:
- If you're using a PKI certificate, e.g. CAC, to access IMMS, you will not need to enter the login name and password. The fields will be disabled when you select the Authentication Provider / Domain corresponding to your access method;
- If you're using a domain (Active Directory) account, you will need to enter the login name and password maintained in Active Directory. You will also need to access Active Directory (and not IMMS) to change your password.
...
Functionality Available Within IMMS and Role-Based Access Control (RBAC)
The functionality available within IMMS to an authenticated user depends on the permissions granted to the user by the IMMS administrator via the Role-Based Access Control (RBAC). Based on the nature of the projects supported by the IMMS instances and the associated security policies, the user permissions may be granted globally at the contract level:
- Global permissions apply across all contracts/projects configured on the IMMS instance.
- Contract-level permissions give the user access to certain data and/or actions only within the scope of the specific contracts.
Based on the permissions granted to you by the administrator, some of the functionality and/or data may not be available to you within the IMMS user interface. If you believe the permissions granted to you are insufficient, please contact your IMMS instance administrator to adjust the access level.
Logging Out, Ending and Extending Your IMMS Session
...