Selecting IdAM Services

My CC/S/A needs to CAC-enable our applications (both legacy and new). Does the IdAM Portfolio provide services for this?

The IdAM Portfolio provides two separate services which address this topic. If your application can be directly PK-enabled you should use the Public Key Enabling (PKE) service. This service allows applications to use certificates issued by the DoD PKI, the NSS PKI, or DoD-approved external PKIs to support identification and authentication, data integrity, confidentiality and/or technical non-repudiation. If you have a legacy application that does not support direct PK-enablement, the Authentication Gateway Service (AGS) may be utilized as an interim solution until your application is retired.

My contact information in the DoD Global Address List (GAL) or DoD Enterprise White Pages is incorrect. How can I update it?

All DoD personnel should utilize milConnect to update their enterprise contact attributes(phone numbers, duty organization, job title, etc.). Instructions for using the milConnect portal can be found here. After updating your information in milConnect, it will be made available via multiple interfaces, including the DoD GAL and DoD Enterprise White Pages.

Which services should my CC/S/A utilize to comply with the DoD CIO EDS Memo?

Guidance for complying with the DoD CIO EDS Memo is available here. At a high level, CC/S/As should encourage their personnel to utilize milConnect for updating their enterprise contact attributes. Additionally, CC/S/As should use some combination of the Batch Broker Service (BBS), the Identity Synchronization Service (IdSS), and the Real-Time Broker Service (RBS) for consuming enterprise identity and contact attributes.

DoD personnel often visit my office location, but they do not have access to the network unless they bring their own laptop or someone allows them to “borrow” their CAC. What can I do?

The DoD Visitor service is available to help you with this problem. The service allows visiting users who possess a valid CAC or other Public Key Infrastructure (PKI) certificate to log into a workstation, providing them with access to a web browser, Microsoft Office, and local print services. They may also temporarily store files on the workstation, which are automatically removed when the user logs off the system.

My DoD Organization is looking for an automated way to pull down global address list (GAL) or directory information for our population. Does the IdAM Portfolio provide a service for this?

DISA offers a feed called an IdSS machine interface (IdMI) connection that provides access to IdSS data in an automated fashion. Because this information contains PII data, DISA must take certain steps to ensure the protection of the data. In order to establish an IdMI connection, your DoD Organization would need to work with DISA to get a connection agreement (MOA, ATO, and PIA) in place. For more information on establishing an IdMI connection, please refer to the IdMI Customer Interface Specification (CIS) on the Program Documentation page or contact the DISA EDS Team. More information.