A User must have a valid IMMS InfraLink account and must authenticate with the system to access IMMS functionality InfraLink tools and the data maintained in the system.

Depending on the operational requirements and security policy for the particular Instance, one or multiple authentication modes may be available to Users.  

Authentication Providers

IMMS InfraLink supports multiple methods for authenticating its Users:

• Username and password password
• Username and password with enterprise integration
• OpenID Connect
• PKI certificate-based

Based on the security policy established by the Instance owner of the Instance, the administrator configures one or multiple authentication multiple authentication providers/domains.Each authentication provider/domain definition contains a descriptive has a user-friendly name , a specific supported that identifies the authentication mode , and additional mode-specific parameters. By selecting the authentication provider/domain when requesting a new account or attempting to access the application you will be selecting the authentication mode defined for that provider. For instance, if you select an authentication provider configured for username/password authentication against the enterprise Active Directory / LDAP, IMMS will require you to use the corresponding Active Directory credentials and will validate them against the enterprise directory. 

...

This article will cover the following topics and features related to accessing InfraLink.

Requesting a User Account

...

To access an InfraLink Instance, you must have a User Account specific to that instance. If you do not have a User Account, follow the guidance below to request one.

1. Open a web browser and navigate to the InfraLink instance (i.e., URL) supporting your project, business unit or company.
   1. Note: If you are unsure of the instance URL, request guidance from your supervisor or Instance Administrator.
2. The instance sign-in page displays an option for each authentication method supported by that instance.
3. Select the authentication method that will apply to your new InfraLink user account.
   1. The appropriate option often specifies your company/agency name and the identity verification method.
   2. See the guidance that corresponds with your selection below.

Using an Enterprise Account Option

1. Upon making your selection, you will be directed to the corresponding Identity Provider (IDP) and prompted to enter credentials.
   1. Note: If you currently have an active IDP session, your identity will be verified without entering credentials.
2. Once your identity is verified, you will be directed back to InfraLink for authentication.
3. If you do not have a User Account for the InfraLink instance, you will be

...

1. prompted with the question, "Would you like to request a user account?"
2. Click Yes. 

   1. Gliffy Diagram
      name Request User Account Prompt pagePin 1

3. You will be presented with the New User Account Request form.
   1. Some form fields will be pre-populated with data from the enterprise IDP. Leave each prepopulated entry as is.
   2. Any fields with an asterisk * are required.
      
      1. Notes: Specify your project and responsibilities for correct account configuration. A brief description will suffice.
         

         Gliffy Diagram
         name New User Account Request Prepopulated pagePin 1

4. Click on Request at the bottom right corner of the window.
5. A message will confirm that your request was successfully submitted.

Using the Internal Account Option

1. Upon making your selection, you will be directed to the 
2. Click the Request Account link.
   1.  

      Gliffy Diagram
      name New Internal User Account Request pagePin 1

3. The New User Account Request form will appear.
4. Populate all required fields, which are marked with an asterisk (*) and any optional fields that apply.
   1. Authentication/Provider Domain: Select the correct provider dependent on your company.
      1. Following this selection provide a Login Name for your account.
      2. Enter a Password for your account. The Password must meet complexity requirements:
         1. 8 to 50 characters;
         2. one (1) lower case character;
         3. one (1) upper case character;
         4. one (1) digits; and
         5. one (1) special character. 
      3. Re-enter that same Password.
   2. Notes: Specify your project and responsibilities for correct account configuration. A brief description will suffice.
   3. Email: Enter your company email.
   4. First Name: Enter your first name.
   5. Last Name: Enter your last name.
5. Click on Request at the bottom right corner of the window.
6. The application will provide a confirmation that your request was successfully submitted.

   1. Gliffy Diagram
      macroId f68fa46b-f8b1-4855-85f2-a9a51b28e6b7 displayName Request Submission Confirmation name New User Account Request Form pagePin 5

Using the PKI Credential Option (e.g., Government-issued CAC)

Users who will rely on a PKI/CAC credential for instance authentication should follow these steps for InfraLink User Account initiation.

1. Ensure your PKI/CAC credential is properly seated in your device.
2. Open a new web browser window and navigate to the instance url (i.e., sign-in page)
   1. If you are unsure of the instance URL, request support from your supervisor or Instance Administrator.
3. From the available authentication options, select "I have a PKI credential"

   1. Gliffy Diagram
      name Select PKI Credential Authentication pagePin 1

       
4. You will be prompted to select the appropriate certificate and enter your PIN, if necessary.

   1. Gliffy Diagram
      name PKI Certificate Prompt pagePin 1

       
5. InfraLink will scan existing User Accounts for a matching identity. 
6. If no identity match is found, you will be prompted with the message, "Would you like to request a user account?"
7. Click Yes.

   1. Gliffy Diagram
      name No Match New Account Prompt pagePin 1

8.  InfraLink will present the New User Account Request form.
   1. Some required form fields (e.g., first, middle and last name) will be automatically populated from PKI/CAC information.
9. Populate, at minimum, the remaining required fields, marked with an asterisk ( * ):
   1. Notes - Summarize your need for instance access, including your contract/project association and position/role.
   2. Email - Enter the desired email address for contract/project-related communications and InfraLink notifications.
10. Select the Request button at the bottom right corner of the request form

    1. Gliffy Diagram
       displayName New User Account Request Form (PKI) name New User Account Request Form (PKI) pagePin 2

        
11. InfraLink will provide a confirmation message upon successful User Account Request submission.

    1. Gliffy Diagram
       name New Account Request Confirmation pagePin 1

        
12. All New User Account Requests must be reviewed by an Instance Administrator.

User Account Approval and Activation

...

All New User Account Requests must be reviewed by an Instance Administrator.

Upon the approval of your New User Account Request, you will receive an email notification. This notice

When you click on the link, IMMS will present you with an Account Request form, which will contain a number of fields, including the login name, password (if applicable), contact information, and other data. Please fill out the fields and provide the information necessary for the Instance Administrator to approve your account.

Your IMMS Instance may be configured to use PKI certificates for secure access. In such case, you may be prompted to supply your certificate by inserting the smart card, e.g. DOD CAC. Please follow the instructions, as they appear on the screen.

After your User Account has been approved, you will receive an email notification, which will be sent to the email address specified on within the New User Account Request form.

After you successfully login to IMMS, you can update personal information, such as contact details, via the Update Profile option of the User Menu, accessible from the top-level navigation toolbar.

Logging In With an Existing User Account

...

Image Removed

The Sign In page consists of the following controls:

• Authentication Provider / Domain: A given IMMS instance may support multiple categories of Users, and the Users may rely on different means to authenticate with the system. For example, some Users may use their corporate Active Directory/Domain accounts, while the other group of Users may rely on usernames/passwords managed directly in IMMS. Similarly, an IMMS Instance may be configured to authenticate Users via PKI certificates, such as DOD Common Access Cards (CAC).
  Your IMMS Instance Administrator will configure the Authentication Provider/Domain options to be intuitive. Please select the one, which matches the way your User Account is configured. If uncertain, you can try different options or contact your Instance Administrator for assistance.
  
• Login Name and Password: Use these fields to enter the login name and password created when registering your IMMS account. Please note:
  • If you are using a PKI certificate (e.g., CAC) to authenticate, you will not need to enter the login name and password. The fields will be disabled when you select the Authentication Provider/Domain corresponding to your access method;
  • If you are using a domain (Active Directory) account, you will need to enter the login name and password maintained in Active Directory.

Note: When using an Active Directory account for authentication, you must access the Active Directory to change your password, not IMMS.

...

InfraLink Sign In with a User Account

...

Once your InfraLink User Account has been approved and activated by an Instance Administrator, you will receive email notification. You can then sign in to InfraLink.

1. Using any browser, navigate to the URL for the desired InfraLink instance.

2. From the sign-in page, select the correct authentication method for your User Account.

   1. This will be the same selection made when you requested your User Account.

3. Based on your selection you will be redirected for identity verification:

   1. Enterprise account users will be redirected to the enterprise Identity Provider (IDP).
      1. Enter enterprise credentials when prompted.
         1. Note: Users with an active IDP session will not be prompted to enter credentials.
         2. Successful identity verification via the enterprise IDP will direct you back to InfraLink and complete your User Account login.
   2. Internal account users will be directed to a sign-in page
      1. Enter Login Name and Password when prompted.
      2. Click Sign In.
   3. PKI Credential users must have their PKI/CAC credential properly seated in their device.
      1. The user may be prompted to select the appropriate certificate and enter their PIN.
      2. If certificate selection and PIN are cached, the user will be automatically authenticated.

Functionality Available Within InfraLink and Role-Based Access Control (RBAC)

The functionality available within IMMS InfraLink to an authenticated User depends on the permissions granted to the User by the Instance Administrator via the Role-Based Access Control (RBAC). Based on the nature of the projects supported by the Instance and the associated security policies, the User Permissions may be granted globally at the Contract level:

...

Based on the permissions granted by the Instance Administrator, some of the functionality and/or data may not be available to you within the IMMS InfraLink User Interface. If you believe the permissions granted to you are insufficient, please contact your Instance Administrator to adjust the access level.   

Logging Out, Ending and Extending Your

...

InfraLink Session

To prevent unauthorized access and / or changes to the information maintained in IMMSInfraLink, it is recommended that you use the Logout function, available via the User Menu, to terminate your session.

If you do not use the logout function, IMMS InfraLink will terminate your session automatically after a certain period of inactivity. The automatic logout period is configured by your Instance Administrator and may be different from one Instance to another. Typically, it is set to 15-20 minutes. One minute before the session termination a banner that shows remaining time will appear on your screen, notifying you that session termination is approaching. At this point you may let the session expire, or use the Continue button to extend it.

Related Pages