Secure Access Management Services SAMS Security Training for Jurisdictions User Needs SAMS User ID Center for Surveillance Epidemiology and Laboratory Services Division of Health Informatics and Surveillance ID: 325566
Download Presentation The PPT/PDF document "Message Validation, Processing, and Prov..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Message Validation, Processing, and Provisioning System (MVPS) Access and Secure Access Management Services (SAMS)Security Training for Jurisdictions User Needs SAMS User ID
Center for Surveillance, Epidemiology, and Laboratory Services
Division of Health Informatics and SurveillanceSlide2
AgendaOverview Jurisdiction MVPS Dashboard Access - User does not have SAMS User IDMaintenance of User Accounts
Overview of Adding New User to MVPS DashboardAppendix2Slide3
Overview
Center for Surveillance, Epidemiology, and Laboratory Services
Division of Health Informatics and Surveillance
OverviewSlide4
Overview The goal of the Message Validation, Processing and Provisioning System (MVPS) is to validate and process nationally notifiable messages sent by jurisdictions and provisioning those data to the CDC Programs in an automated process.
Jurisdictions and CDC programs will have access to transactional message data through the MVPS Dashboard.Jurisdiction user access to the dashboard will be managed by the CDC Secure Access Management System (SAMS).4Note: In order for a jurisdiction user to access the MVPS Dashboard they must go through two levels of security
SAMS for
authenticatio
n – you are who you say you are
MVPS for
authorizatio
n - what you are allowed to view/manage/report on within the Dashboard Slide5
Key Terms
5Slide6
MVPS Jurisdiction User Roles6
Adds authorized jurisdiction users to MVPS Adds and/or edits jurisdiction user role and access to conditions Accesses data for one or more conditions through the MVPS Dashboard*Jurisdiction Data Manager Jurisdiction User
Accesses data for one or more conditions through the MVPS Dashboard
*
An alternate jurisdiction data manager should also be designated. Jurisdictions should consider who in their organization would best fit this role(s): an IT-focused resource such as the surveillance system manager; a surveillance lead who provides a science leadership role, or another resource who can meet jurisdiction needs. The jurisdiction data manager, in most cases, will be the person who
implements
the activities listed above; not necessarily the person who authorizes it. The authorization process will be determined by each jurisdiction. Slide7
Jurisdiction MVPS Dashboard Access-User needs to obtain a SAMS UserID-This section is for jurisdiction users who do not have an Active SAMS Level 2 (or higher) UserID.
If jurisdiction users are not sure whether they have Active SAMS Level 2 access, they can request their status by sending an e-mail to the MVPS Support Manager via EDX@cdc.gov.
Center for Surveillance, Epidemiology, and Laboratory Services
Division of Health Informatics and Surveillance
Jurisdiction MVPS Dashboard Access
-User needs to obtain a SAMS UserID-Slide8
MVPS SAMS Registration Process OverviewAll external users must complete the SAMS registration process to gain access to MVPS.
8) MVPS Support Manager approves applicant in SAMS(SAMS status = Active) 7) User submits required ID proofing documents and signed SAMS Verification form1) New jurisdiction user is identified
2) Jurisdiction
data manager
submits new user information
by e-mail t
o EDX@cdc.gov.
3) MVPS Support Manager enters new user information into SAMS
(SAMS status = Candidate)
6) SAMS
e-mails
user
their SAMS UserID
and proofing requirements to user
5) User completes SAMS registration information and submits to SAMS
(SAMS status = Applicant)
4) SAMS invites user, via
e-mail
, to complete registration
SAMS registration complete
8Slide9
9) MVPS Support Manager notifies jurisdiction data manager to grant access to user
12) User logs into MVPS via SAMS Portal 11) User receives e-mail with link to SAMS/MVPS 10) Jurisdiction data manager enters the user (role and condition) in MVPS by using SAMS User ID
(MVPS Status: Active)
9
Security Access to MVPS Dashboard Overview
All external users must complete the SAMS registration process to gain access to MVPS.
SAMS registration complete
Security Access to MVPS Dashboard Overview Slide10
10
SAMS Registration Process The invitation e-mail will come from sams-no-reply@cdc.gov with a subject of “U.S. Centers for Disease Control: SAMS Partner Portal-Invitation to Register.” This personalized invitation contains one-time use access credentials.
SAMS invitation
e-mail
will contain:
URL to the SAMS login page
SAMS User ID
Temporary password.
SAMS invites user, via
e-mail
, to complete registration
4
MVPS Support Manager enters new user information into SAMS
(SAMS status = Candidate)
3
Tip: To make sure you receive your
e-mail
from
SAMS,
confirm
that the
following
e-mail
address will not be blocked by your
e-mail
service’s spam filters: sams-no-reply@cdc.gov Slide11
Tips for registering with SAMSYou must respond to the invitation
e-mail within 30 calendar days.You will access SAMS online by using the link sent via the e-mail.You should be prepared to complete the full registration process in one sitting.
You will be asked to create a user profile,
a
password, and
security questions.
Once
your
information is entered, you will
be presented with a confirmation page showing the data
that you
entered.
After
confirming the information,
you
will submit the data and log out of the system.
User
completes SAMS registration information and submits to SAMS
(
SAMS status = Applicant
)
Please contact the SAMS Helpdesk with any issues regarding registration or passwords:
E-mail
: samshelp@cdc.gov
Local: 404-498-6065
Toll Free: 877-681-2901
5.1
Note: After
the user has completed the registration
process,
the SAMS account is locked and cannot be used for any purpose until status =
Active.
11
SAMS Registration ProcessSlide12
Creating a User ProfileYou will be asked for the following information: * First Name, Middle Name (optional), Last Name, Suffix (optional), Preferred Name (optional)
Phone, Alternate PhoneOrganizational Affiliation (name of business), Position / Role (work title)Organization Address (street, city, state, zip, and country)* Home Address (street, city, state, zip, and country)*The name entered into SAMS must match
the picture identification to be used in the proofing process. The address on one picture ID (usually the driver’s license)
must match
the home address entered into SAMS.
If the name or address
does
not match the applicant’s current
information, then additional identifying documentation must be provided.
User
completes SAMS registration information and submits to SAMS (SAMS status = Applicant)
5.2
12
SAMS Registration ProcessSlide13
Creating a SAMS passwordPassword must contain at least 8
characters.Password must contain a combination of three of the following: numbers, upper/lower case letters, or special characters. User must complete five security questions.Managing your SAMS password:
Passwords must be changed every 60
days.
If the password expires, the user is prompted to change it upon the next
login.
Users are not allowed to reuse any of their last
10 passwords.
To change your password, access the SAMS portal and select Change
Password.
If you forget your password, click on the
“Forgot”
link on the SAMS login page and answer
three
security questions.
User
completes SAMS registration information and submits to SAMS
(
SAMS status = Applicant)
5.3
13
SAMS Registration ProcessSlide14
14
SAMS Registration ProcessSAMS e-mails user personalized request packet and proofing requirements
6.1
E-mail subject line will be:
U.S. Centers for Disease Control: SAMS Partner Portal – Identify Verification Request Slide15
Identity Proofing ProcessApplicant completes/prints the Identity Verification Request Form provided in the SAMS e-mail.
Applicant takes the printed form, along with appropriate government-issued photo identification (see table to the right), to the DPA along with any needed supporting documentation. The DPA confirms that the photo ID and supporting documentation, if needed, are valid. The applicant signs the request form in the presence of the proofing agent. The DPA selects the ID type, records its number, signs the verification request
form, and returns
the form to
the applicant.
SAMS
e-mails
user
SAMS UserID and proofing requirements
Acceptable Photo Identification
Types
Additional
Information
Driver’s license
issued
by a state or outlying possession of the
United States.
ID Card issued by a state or outlying possession of the United States.
U.S.
Passport
Passports and military IDs typically do not include the person’s home address. If using these
identifications, the applicant must also submit additional supporting documentation to the proofing authority
such as a u
tility bill or voter registration card.
U.S. Passport Card
U.S. Military ID Card
U.S. Permanent Resident Card
U.S. Employment Authorization Card
Note: If the applicant’s current name is not the same as displayed on the photo
ID,
then documentation such as
a marriage
certificate or
change-of-name
documentation will be required.
6.2
15
SAMS Registration ProcessSlide16
Submitting Proofed DocumentsOnce the identity proofing process has been completed, the applicant must forward the following documents to the
Centralized Proofing Authority at CDC:completed/signed registration document legible photocopies of the documents used for identity proofing. The applicant can either fax or mail their documents to CDC; however, faxing significantly reduces the time frame
for approval
.
User submits required ID proofing documents and signed SAMS Verification form
7
877-681-2899 (toll-free) or
404-498-6065
Centers for Disease
Control and Prevention
Attn: Proofing Authority
1600 Clifton Road N.E.
Mailstop K-94
Atlanta, GA 30333
Please contact the SAMS Helpdesk with any issues regarding registration or passwords:
E-mail
: samshelp@cdc.gov; or telephone local: 404-498-6065; toll free: 877-681-2901
MVPS Support Manager approves
user
in SAMS
(SAMS status = Active)
8
SAMS Accessibility
The MVPS Support Manager will go into SAMS to approve the account
setup
. This will allow the user to log into SAMS and access MVPS.
16
SAMS Registration ProcessSlide17
Adding A User to MVPS
External users can be added by one of the following managers:
MVPS Support Manager
MVPS User Support Manager
Jurisdiction Data Manager.
The
jurisdiction data manager
will be the primary manager to add jurisdiction users.
MVPS
Support Manager
notifies Jurisdiction Data Manager
to grant
MVPS access
to
user
Jurisdiction Data Manager
enters the user (role and condition) in MVPS
by using
SAMS User ID
(MVPS Status:
Active)
10
User receives e-mail
with link to SAMS/MVPS
11
17
Access to MVPS after SAMS Registration
9
Access to MVPS after SAMS Registration Slide18
Jurisdiction user logs into MVPS via SAMS Portal
12(1) User accesses the SAMS portal:Users must open their Internet browser and type https://sams.cdc.gov.
(2) User logs onto SAMS portal by using username and password
(3) User clicks on the MVPS link
Link to MVPS will appear
under
My Applications
on
the SAMS landing page.
Username =
e-mail address
18
Access to MVPS after SAMS Registration
Access to MVPS after SAMS Registration Slide19
Maintaining User Accounts
Center for Surveillance, Epidemiology, and Laboratory Services
Division of Health Informatics and Surveillance
Maintaining User AccountsSlide20
SAMS user accounts must be regularly maintained to keep access to the MVPS DashboardUsers must maintain their
SAMS account to keep it active by:Creating a new SAMS password at a minimum of every 60 days (Users are not allowed to reuse any of their last ten passwords.) Updating any changes to contact information since initial registrationAccessing the account at least once per 365 days to keep it active (Note: If a user has not logged in within the last 335 days, the system sends the user a reminder that the account will expire in 30 days.)Note: Users can update their passwords by accessing the SAMS portal and selecting “Change Password.” The system will prompt users with expired passwords to change their password at login.
20Slide21
MVPS accounts must be deactivated in a timely mannerDeactivating Users
Jurisdiction Data Manager Changes the user’s role within MVPS to prevent access to data.Contacts the MVPS Support Manager to request deactivation of a jurisdiction user’s SAMS/MVPS account. MVPS Support Manager Reviews and approves the deactivation request.
Deactivates the user in MVPS
Deactivates the user’s MVPS link in SAMS
21
Note: Deactivation communication must take place within 24 hours of a change in the user’s status
Slide22
Overview of Adding New Jurisdiction User to the MVPS Dashboard
The following slides are representative of the MVPS Dashboard functionality and provide an overview of the process.
The Jurisdiction Data Manager will have security access to add jurisdiction users to MVPS.
The jurisdiction data manager role can only be added only by the MVPS Support Manager.
Center for Surveillance, Epidemiology, and Laboratory Services
Division of Health Informatics and Surveillance
Overview of Adding New Jurisdiction User to the MVPS DashboardSlide23
Overview of Adding New Jurisdiction User – Step 1 of 4
The Add New User screen will display. Type the SAMS UserID in the ID box and the user’s name will appear. Note: All jurisdiction users must have an
active SAMS UserID
to be granted access to MVPS Dashboard.
Welcome, Marty Jones
To add a jurisdiction
user,
the
jurisdiction data manager
will access the User Management tab within the
dashboard and click on Add New.
Welcome, Marty Jones
23Slide24
Choosing Yes for this option will allow the user to see message content within the
MVPS Dashboard. Click SAVE when all data have been entered. The user’s first name, last name, and e-mail default from SAMS.
Jurisdiction data manager selects the user’s jurisdiction
.
Note: Due to security within
MVPS,
the Assigned Jurisdiction
drop down will display only the jurisdiction assigned to the Jurisdiction Data Manager.
24
Overview of Adding New Jurisdiction User
–
Step
2
of 4 Slide25
The jurisdiction data manager will click the
Assign checkbox for each condition the user can access in the MVPS Dashboard. After the appropriate jurisdiction is assigned, a listing of conditions will display.
After reviewing all user information, the jurisdiction data manager should click SAVE.
25
Overview of Adding New Jurisdiction User – Step 3 of 4
Overview of Adding New Jurisdiction User – Step 3 of 4 Slide26
MVPS will provide verification that user was added.
Patty Smith’s account was successfully edited. Continue editing Patty Smith
26
Overview of Adding New Jurisdiction User – Step 4 of 4
Overview of Adding New Jurisdiction User – Step 4 of 4 Slide27
Appendix
Center for Surveillance, Epidemiology, and Laboratory Services
Division of Health Informatics and Surveillance
AppendixSlide28
SAMS Quick Facts and Helpful TipsNo Sharing – Your invitation is customized just for you and is only usable for a single registration.
Invitations Expire! – Your invitation is good for only 30 days.SPAM, SPAM, SPAM – If you’re expecting a SAMS invitation and it hasn’t arrived, check to make sure it didn’t get trapped by your anti-SPAM filter.Replacement Invitations – If your invitation is lost or expired, contact your jurisdiction data manager to request a replacement. Or, you can also contact the SAMS Help Desk at samshelp@cdc.gov. Tech Troubles – To access the SAMS portal, your browser must be configured to use TLS 1.0 encryption. If your computer is not configured for TLS, or if you are unsure, please contact your local IT system administrator.Help! – If you have questions or difficulties along the way, please contact the SAMS Help Desk.
28Slide29
Frequently Asked Questions about SAMS/MVPS Security Question Response
What is SAMS?SAMS stands for Secure Access Management Services. It is CDC’s enterprise identity management and access control system for externally facing sensitive or non-public applications. What is the difference between SAMS and MVPS security?SAMS authenticates that you are who you say you are; MVPS security authorizes you to use MVPS functionality based upon the role you are assigned. I have SAMS access for another CDC system. Do I need to go through the registration process again for MVPS?
MVPS requires
a Level 2 SAMS security access. If the system you are currently accessing via SAMS is a Level 2 or higher security level, then you do not need to go through the SAMS registration process again.
I
don’t know what level of security I currently have with SAMS. How do I find out?
Contact the SAMS Helpdesk at samshelp@cdc.gov.
I have taken a job at another jurisdiction doing this type
of work. Does that affect my SAMS/MVPS security access?
A user’s security in SAMS and MVPS is based upon their jurisdiction. Wh
en
an active user in SAMS/MVPS changes jurisdictions, he or she must go through the security access process again.
I
can’t see conditions that I need to view within the MVPS Dashboard. What should I do?
The jurisdiction data manager assigns roles
and conditions to each user when he or she is initially granted access to the MVPS Dashboard. Submit a request to your jurisdiction data manager to be able to view the new conditions.
I have
a new position with my jurisdiction and do not need access to MVPS any longer, but I still need to keep my SAMS access for other CDC applications. Who do I notify?
The jurisdiction data manager must notify the MVPS Support Manager any time a jurisdiction user needs to be de-activated. A user may retain SAMS registration status, if applicable, but will no longer have access to the MVPS link on the SAMS landing page.
I got
married and want to change my name in SAMS and MVPS. What should I do?
Users
can update some of their SAMS account information by clicking the
Modify My Identity Data
link. User ID/e-mail addresses cannot be changed by using this link. If you need assistance, contact the SAMS Helpdesk at samshelp@cdc.gov.
29