Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

A user User must have a valid IMMS InfraLink account and must authenticate with the system to access IMMS functionality InfraLink tools and the data maintained in the system.

Depending on the operational requirements and security policy for the particular IMMS instancesInstance, one or multiple authentication modes may be available to its users. 

Table of Contents

Authentication Providers

IMMS Users. InfraLink supports multiple methods for authenticating its usersUsers:

  • Username and password password
  • Username and password with enterprise integration
  • OpenID Connect
  • PKI certificate-based

Based on the security policy established by the Instance owner of the IMMS instance, the administrator configures one or multiple authentication multiple authentication providers/domains.Each authentication provider/domain definition contains a descriptive has a user-friendly name , a specific supported that identifies the authentication mode , and additional mode-specific parameters. By selecting the authentication provider/domain when requesting a new account or attempting to access the application you will be selecting the authentication mode defined for that provider. For instance, if you select an authentication provider configured for username/password authentication against the enterprise Active Directory / LDAP, IMMS will require you to use the corresponding Active Directory credentials and will validate them against the enterprise directory. 

Requesting a User Account

If you do not have an IMMS account, you will be able to request one by following the "Request Account" link on the Sign In page.

When you click on the link, IMMS will present you with an Account Request form, which will contain a number of fields, including the login name, password (if applicable), contact information, and other data. Please fill out the fields and provide the information necessary for the IMMS administrator to approve your account.

Your IMMS instance may be configured to use PKI certificates for secure access. In such case, you may be prompted to supply your certificate by inserting the smart card, e.g. DOD CAC. Please follow the instructions, as they appear on the screen.

 

This article will cover the following topics and features related to accessing InfraLink.

Table of Contents

Requesting a User Account

...

To access an InfraLink Instance, you must have a User Account specific to that instance. If you do not have a User Account, follow the guidance below to request one.

  1. Open a web browser and navigate to the InfraLink instance (i.e., URL) supporting your project, business unit or company.
    1. Note: If you are unsure of the instance URL, request guidance from your supervisor or Instance Administrator.
  2. The instance sign-in page displays an option for each authentication method supported by that instance.
  3. Select the authentication method that will apply to your new InfraLink user account.
    1. The appropriate option often specifies your company/agency name and the identity verification method.
    2. See the guidance that corresponds with your selection below.

Gliffy Diagram
nameSample Sign-In Options (Oct 2022)
pagePin1

  1. Upon making your selection, you will be directed to the corresponding Identity Provider (IDP) and prompted to enter credentials.
    1. Note: If you currently have an active IDP session, your identity will be verified without entering credentials.
  2. Once your identity is verified, you will be directed back to InfraLink for authentication.
  3. If you do not have a User Account for the InfraLink instance, you will be prompted with the question, "Would you like to request a user account?"
  4. Click Yes
    1. Gliffy Diagram
      nameRequest User Account Prompt
      pagePin1
  5. You will be presented with the New User Account Request form.
    1. Some form fields will be pre-populated with data from the enterprise IDP. Leave each prepopulated entry as is.
    2. Any fields with an asterisk * are required.
      1. Notes: Specify your project and responsibilities for correct account configuration. A brief description will suffice.
        Gliffy Diagram
        nameNew User Account Request Prepopulated
        pagePin1
  6. Click on Request at the bottom right corner of the window.
  7. A message will confirm that your request was successfully submitted.
  1. Upon making your selection, you will be directed to the 
  2. Click the Request Account link.
    1.  
      Gliffy Diagram
      nameNew Internal User Account Request
      pagePin1
  3. The New User Account Request form will appear.
  4. Populate all required fields, which are marked with an asterisk (*) and any optional fields that apply.
    1. Authentication/Provider Domain: Select the correct provider dependent on your company.
      1. Following this selection provide a Login Name for your account.
      2. Enter a Password for your account. The Password must meet complexity requirements:
        1. 8 to 50 characters;
        2. one (1) lower case character;
        3. one (1) upper case character;
        4. one (1) digits; and
        5. one (1) special character. 
      3. Re-enter that same Password.
    2. Notes: Specify your project and responsibilities for correct account configuration. A brief description will suffice.
    3. Email: Enter your company email.
    4. First Name: Enter your first name.
    5. Last Name: Enter your last name.
  5. Click on Request at the bottom right corner of the window.
  6. The application will provide a confirmation that your request was successfully submitted.
    1. Gliffy Diagram
      macroIdf68fa46b-f8b1-4855-85f2-a9a51b28e6b7
      displayNameRequest Submission Confirmation
      nameNew User Account Request Form
      pagePin5

Users who will rely on a PKI/CAC credential for instance authentication should follow these steps for InfraLink User Account initiation.

  1. Ensure your PKI/CAC credential is properly seated in your device.
  2. Open a new web browser window and navigate to the instance url (i.e., sign-in page)
    1. If you are unsure of the instance URL, request support from your supervisor or Instance Administrator.
  3. From the available authentication options, select "I have a PKI credential"
    1. Gliffy Diagram
      nameSelect PKI Credential Authentication
      pagePin1
       
  4. You will be prompted to select the appropriate certificate and enter your PIN, if necessary.
    1. Gliffy Diagram
      namePKI Certificate Prompt
      pagePin1
       
  5. InfraLink will scan existing User Accounts for a matching identity. 
  6. If no identity match is found, you will be prompted with the message, "Would you like to request a user account?"
  7. Click Yes.
    1. Gliffy Diagram
      nameNo Match New Account Prompt
      pagePin1
  8.  InfraLink will present the New User Account Request form.
    1. Some required form fields (e.g., first, middle and last name) will be automatically populated from PKI/CAC information.
  9. Populate, at minimum, the remaining required fields, marked with an asterisk ( * ):
    1. Notes - Summarize your need for instance access, including your contract/project association and position/role.
    2. Email - Enter the desired email address for contract/project-related communications and InfraLink notifications.
  10. Select the Request button at the bottom right corner of the request form
    1. Gliffy Diagram
      displayNameNew User Account Request Form (PKI)
      nameNew User Account Request Form (PKI)
      pagePin2
       
  11. InfraLink will provide a confirmation message upon successful User Account Request submission.
    1. Gliffy Diagram
      nameNew Account Request Confirmation
      pagePin1
       
  12. All New User Account Requests must be reviewed by an Instance Administrator.

User Account Approval and Activation

...

All New User Account Requests must be reviewed by an Instance Administrator.

Upon the approval of your New User Account Request, you will receive an email notification. This notice After your account has been approved, you will receive an email notification, which will be sent to the email address specified on within the New User Account Request form.

After you successfully login to IMMS, you will be able to update some of the personal information, such as contact details, via the "Update Profile" option of the user menu in the top right corner of the IMMS screen.

Logging In With an Existing User Account

...

Image Removed

The Sign In page is, generally, self-explanatory and consists of the following controls:

  • Authentication Provider / Domain: A given IMMS instance may support multiple categories of users, and the users may rely on different means to authenticate with the system. For example, some users may use their corporate Active Directory / Domain accounts, while the other group of users may rely on usernames/passwords managed directly in IMMS. Similarly, an IMMS instance may be configured to authenticate users via PKI certificates, such as DOD Common Access Cards (CAC).
    Your IMMS instance administrator will configure the Authentication Provider / Domain options to be intuitive. Please select the one, which matches the way your account is configured. If uncertain, you can try different options or contact your IMMS administrator for assistance.
  • Login Name and Password: Use these fields to enter the login name and password created when registering your IMMS account. Please note:
    • If you're using a PKI certificate, e.g. CAC, to access IMMS, you will not need to enter the login name and password. The fields will be disabled when you select the Authentication Provider / Domain corresponding to your access method;
    • If you're using a domain (Active Directory) account, you will need to enter the login name and password maintained in Active Directory. You will also need to access Active Directory (and not IMMS) to change your password.

...

InfraLink Sign In with a User Account

...

Once your InfraLink User Account has been approved and activated by an Instance Administrator, you will receive email notification. You can then sign in to InfraLink.

  1. Using any browser, navigate to the URL for the desired InfraLink instance.

  2. From the sign-in page, select the correct authentication method for your User Account.

    1. This will be the same selection made when you requested your User Account.
  3. Based on your selection you will be redirected for identity verification:

    1. Enterprise account users will be redirected to the enterprise Identity Provider (IDP).
      1. Enter enterprise credentials when prompted.
        1. Note: Users with an active IDP session will not be prompted to enter credentials.
        2. Successful identity verification via the enterprise IDP will direct you back to InfraLink and complete your User Account login.
    2. Internal account users will be directed to a sign-in page
      1. Enter Login Name and Password when prompted.
      2. Click Sign In.
    3. PKI Credential users must have their PKI/CAC credential properly seated in their device.
      1. The user may be prompted to select the appropriate certificate and enter their PIN.
      2. If certificate selection and PIN are cached, the user will be automatically authenticated.
Tip

After you successfully login to InfraLink, you can update personal information, such as contact details, time zone, etc. via the Update Profile option of the User Menu, accessible from the top-level navigation toolbar. Learn more at Managing User Profile and More via the User Menu.


Functionality Available Within InfraLink and Role-Based Access Control (RBAC)

The functionality available within IMMS InfraLink to an authenticated user User depends on the permissions granted to the user User by the IMMS administrator Instance Administrator via the Role-Based Access Control (RBAC). Based on the nature of the projects supported by the IMMS instances Instance and the associated security policies, the user permissions User Permissions may be granted globally at the contract Contract level:

  • Global permissions apply across all contracts/projects Contracts configured on the IMMS instanceInstance
  • Contract-level permissions give the user User access to certain data and/or actions only within the scope of the specific contractsContracts

Based on the permissions granted to you by the administratorInstance Administrator, some of the functionality and/or data may not be available to you within the IMMS user interfaceInfraLink User Interface. If you believe the permissions granted to you are insufficient, please contact your IMMS instance administrator Instance Administrator to adjust the access level.   

Logging Out, Ending and Extending Your

...

InfraLink Session

To prevent unauthorized access and / or changes to the information maintained in IMMSInfraLink, it is recommended that you use the Log Out Logout function, available via the user menu (in the top right corner of the screen) User Menu, to terminate your session.

If you do not use the log out logout function, IMMS InfraLink will terminate your session automatically after a certain period of inactivity. The automatic logout period is configured by your IMMS instance administrator Instance Administrator and may be different from one instance Instance to the otheranother. HoweverTypically, in most cases, it will be it is set to 15 or -20 minutes. One minute before the session termination a banner that shows remaining time will appear on your screen, notifying you that session termination is approaching. At this point you may let the session expire, or use the "Continue" button to extend it.

Related Pages

Children Display