Common Interface Help

Enterprise A&A

Enterprise A&A (Authentication & Authorization) is a service provided by the State of Iowa. It is meant to replace all of the various user name/password combinations used by different web applications, and provide a "one-stop shop" for managing your identity information with the State.

Common Interface

The A&A service provides a centralized web user interface (Common Interface) for logging on to any application, so users can be sure they are connecting to the State and can use the same username and password. The following information looks to help answer questions you might have when using the A&A Common Interface.






Frequently Asked Questions

Q: What do I do if I have a new email address or want to change my phone number or name that was used to create my account?
A: If you still know your password you can simply use it and follow the "Account Details" process.

Q: What if I forgot my password?
A: If you know your identity baseline questions answers you can follow the "Forgot Password" process.

Q: What if I forgot my password and baseline questions?
A: If you still have access to the email account that is associated to the user account then you can follow the "Forgot Password" process. When you get to the screen asking you to answer your baseline questions you can simply press the "here" link found near the bottom of the screen to request account reset instructions be sent to your email.

Q: What do I do if I forgot my password, baseline question answers and no longer have access to the email that was used to create the account?
A: Unfortunately access to the email account is require for account recovery. Without it you will need to create a new account from scratch.

Q: I just received an email from A&A about my account that I did not request. Now what?
A: On occasion someone may accidentally enter your account id while trying to recover their own similarly named account id or email address. While it can be a little scary and or annoying to receive an email you did not request, be assured that because you received the email it means that your account is safe. Only those with access to the email message will have the ability to make any actual changes on the account.


Sign In

Logging in is the most common thing you will do with your A&A account.

The Common Interface Sign In screen lets you enter your account credentials and if successfully entered you will be authenticated and redirected back to the calling application you are trying access.

Steps:


Account Details

You have the ability to change your email address, name or phone number associated to your A&A user account.

A user who presses the button "Account Details" after entering their Account Id and Password may have the ability to manage their own account details. Accounts ending with "@iowaid" can edit all of these values. State employees and other internal State user accounts may have some limitations on what they can edit.

Steps:

  • Update your First Name, Last Name, Email, Confirm Email, Phone input values
  • Press the "Save" button to to update your user account values
  • Press the "Change Password" button to navigate to the password change screen - password rules
  • Press the "Change Baseline" button to navigate to the baseline change screen
  • Press the "Continue to (App Name)" button to redirect to the calling application



It is a good practice to change your password periodically. You can use this screen to do just that.

Steps:

  • Enter your current "old" password. This is the password you just used to gain access to the Account Details functionality
  • Enter a new password of your choice - password rules
  • Enter the same new password value to confirm you know what you entered since the password text will not show on the screen
  • Press the "Save New Password" button and you will be sent to the "Sign In" screen
  • Press the "Cancel" button if you choose to not change your password and you will sent back to the "Account Details" screen



Should you have a need to change your baseline security questions you can do that here. The number of questions is based on the application and account provider that you are signed into. Typically there are three questions with two being ones you select from a list and one you make up from scratch. Your baseline questions are not changed until you press the "Save Identity Baseline" button. Baseline answers are not case sensitive.

Steps:

  • Select unique questions for each of the question drop downs
  • Enter question text of your choice - Use something you know and will remember and will be hard for others to discover the answer
  • Enter answers for each of the questions on the screen - Answers cannot be used for more than one question
  • Press the "Save Identity Baseline" button to change your baseline questions and answers
  • On a successful change you will be sent to a confirmation screen
  • Press the "Cancel" button if you choose to not change your password and you will sent back to the "Account Details" screen



Your baseline has now been updated and you just need to decide where to go to next.

Steps:


Create An Account

Need an A&A user account? Follow these easy steps and get one set up in no time.

To get started enter your name. A&A account are intended to be individual user accounts not group accounts. So make sure to create one account for every user.

Steps:

  • Enter your First and Last name information.
  • Press the "Register" button to continue to the next step.



A&A may suggest a user "Account Id" for you that you can change if you like. If it does not suggest one enter one of your choice. Remember that all account ids created with this process will end with "@iowaid".

Steps:

  • Enter an "Account Id" of your choice. This field may be pre-populated with "firstname.lastname" and that is the suggested id but you can change it to something else if you like.
  • You will not have the ability to change the "First Name/Last Name" values as they are pulled from the previous screen input you provided.
  • Enter a valid "Email" address that you have access to receive emails at. Enter the "Confirm Email" with the same email address value just to make sure you are typing it in correctly.
  • Press the "Save Account Details" button to continue to the next step.



The screen informs you that an email has been sent to the email address you just provided and it will contain instructions on how to complete the registration process. There is some debugging information regarding reasons why you might not receive an email.



The email you receive will contain your account details you can save for your records. In this email there is a link you must click in order to complete the registration process. Doing this confirms that the email address you provided is valid and you have access to it. Once clicked your A&A user account is created. There is some additional information in this email that look to help should you receive an error during this process.

Steps:

  • Click the URL/link found in the "Account Activation Process:" section to complete the creation of the account.

Now that your account is created you MUST set up security baseline questions. If you do not do this at this point your account will not be accessible by you and you will need to contact the State Service Desk for assistance.
The security baseline questions are set up so that later on should you forget your password you can answer these questions to gain access to your account so you can change the password.

Steps:

  • For each drop down select a unique security question you would like to answer.
  • For each text box identified as a question enter your own custom question you would like to answer.
  • For each of the question you selected or created now enter below each the answer to the question. Questions are masked like passwords so type the values in carefully.
  • Along with each answer enter the same answer text value in the corresponding "Confirm" text box. This is need to just make sure you know for sure what you entered and helps to avoid mistakes.
  • Press the "Save Identity Baseline" button.



Your account is set up and you have security baseline questions setup now you just need to set up your password and you are ready to start using A&A enabled apps.

Steps:

  • Enter a password of your choice (password rules), in the "Enter new password" field. This will be the password you will use to logon each time going forward. You can change this value later on in the "Account Details" section and we suggest that you take time periodically change your password.
  • Enter the same password in the "Confirm new password& field.
  • Press the "Save new password" button and if successful you will be redirect to the Sign In screen.
  • If you press the "Cancel" button you will not have a password and would have to use the "Forgot Password" process to establish a password.


Forgot Password

So you do not remember your account password. No worries you set up security baseline questions when you create your account and they can help you out.

We need to know your account id in order to start this process.

Steps:

  • Enter your A&A user account id.
  • Press the "Retrieve Password" button and if that account is found you will be sent to the Identity Baseline questions screen.



On this screen you are asked to answer the Identity Baseline questions you created for your account. If you have forgotten you answers you can click the link farther down the page that will send you an email on how to recover your account.

Steps:

  • Enter the answers to each of the questions.
  • Press the "Retrieve Password" button and if that account is found you will be sent to the Identity Baseline questions screen. If you answer all the questions correctly you will be sent to the Password Change screen where you can set up a new password.

  • If you do not remember the answers to the baseline questions you can click the "here" link found near the bottom of the page.
  • Clicking the "here" link will send an email to the email address that is associated to your account with further instructions on how to proceed with the baseline questions reset process which will allow you to recover the password as well.



This screen allows you to establish a new password.

Steps:

  • Enter a new password of your choice in the "Enter new password" text box - See Password rules.
  • Enter the same password of your choice in the "Confirm new password" text box.
  • Press the "Save New Password" button.
  • If successful you will be sent to the "Sign In" screen.



This email will contain a "Reset URL" that if used will reset/remove the baseline questions for this account and provide you with a temporary password to use to regain access to your account.

Steps:

  • Click the "RESET URL" found in the email and you will be sent to the Temporary Password Screen.
  • You have 24 hours to do this before the URL is no longer valid. Should you exceed the 24 hours you can just repeat the Forgot Password steps.



This screen will display a temporary password that you can use to authenticate with to regain access of your account.

Steps:

  • Copy the "TEMP PASSWORD" value from the text box.
  • Press the "Continue" button. You will be sent to the "Sign In" screen where you will enter your account id and the temp password.
  • After logging in with the temp password you will be asked to create new Identity Baseline questions and create a new password just like you did when you create the account.


Forgot Id

Should you forget what your A&A account user id is you can perform the following to discover it.

By entering the email address associated to the account you will receive an email that will contain the A&A user id.

Steps:

  • Enter the email address associated to an account. If the email address is not associated to an A&A user account an error message will let you know.
  • Press the "Retrieve Id" button to have an email sent that will contain the associated A&A user id.



This email will contain the Account Id and associated Email which will match the email account you accessed the email from.

A link to the Forgot Password screen is also provided in the email just in case you forgot your password as well.


Miscellaneous

The following are some odds and ends related to A&A Common Interface.

The redirect screen only shows when there is some delay opening the calling application you are trying to access.

A browser redirect occurs right away on this page and so if you see the redirect screen for any significant amount of time it indicates a problem with your browser accessing the application you were trying to access. You can try the direct link which is the exact URL that A&A tried in the redirect.

Some applications may make a call back to A&A in an attempt to completely log the user out.

A browser redirect will occur after about 10 seconds on this page and so if you see the logoff screen for any additional significant amount of time it indicates a problem with your browser accessing the application you just came from. You can try the direct link which is the exact URL that A&A tried in the redirect.

It is possible that some applications will store information that the browser has stored and so one addition step you should consider it to close all open browser windows especially if you are using a public computer. On public computers you may also want to consider deleting all cookies and browser history using options found in the settings section of your browser's menu.


Definitions

Account ID: The unique name assigned to your account. For State employees, this may be the same as your email, if you use an @iowa.gov account. For everyone else, this will most likely be an "@iowaID" account such as "firstname.lastname@iowaID". You should enter the entire Account ID (including the "@IowaID" suffix) when logging in.

The Account ID is not case-sensitive: "MYNAME@IOWAID" is the same as "myname@iowaid".  Spaces and most special characters are not allowed. All invalid characters and spaces will be stripped from the Account ID. Special characters allowed are:  _(underscore)-(hyphen)+(plus).(period).

Authentication: The process of proving who you are. If you are authenticated to an application, it means the application believes you are who you say you are.

Note that this does not mean you will be allowed to do what you want - that requires authorization, below.

Authorization: The process of allowing access to an application's various functions. You may be authorized to submit budget information, or only to view it.

You must be authenticated before you can be authorized (see above).

Calling Application: A website you want access to that uses A&A and provides some type of information or service. For example, you might access one application to see your pay stub, and another to view email over the Web. Once you authenticate with A&A you will be redirected back to the calling application so you can perform any required business tasks that required that you to be authenticated first.

Common Interface: A set of common A&A screens used by calling applications to eliminate their need to develop their own custom ones. Applications that use these screens can choose if they would like to enable Single Sign On (SSO) for their users. Instead of requiring users to create an account for each application separately, Enterprise A&A offers you a single username and password, and the ability to reset your password without calling a Service Desk.

Identity Baseline Questions: A set of questions and answers you enter the first time you use your account. These questions and answers are secrets you can use to reset your password if you ever forget.

Password: This is the secret part of your account. The Password is case-sensitive: "Secret1!" is NOT the same as "secret1!". Your Account ID and matching password are required to use your account. In general, your password should be:

  • At least 8 characters consisting of mixed case letters (a-z, A-Z), numbers (0-9) and symbols like (e.g. !, @, #, $, ^, *, etc.).
  • Something others cannot easily guess (e.g., pieces of your name).
  • Something you can easily remember.
  • Independent of any year, season, month (e.g., current date, season, your birthday, etc.).
  • Independent of a specific website or purpose.

Remember: Anyone who learns your password or has access to your email account can impersonate you. The State of Iowa cannot tell the difference between you and someone who knows your password or can access your email. Keep the password a secret and your email account private!

Single Sign On (SSO): The ability to use one credential set (ID and Password) to authenticate once to a Enterprise A&A SSO enabled app, then using the same browser session log immediately into another Enterprise A&A SSO enabled app without the need to provide the ID or Password.

User Type: For some applications, different user types may be established for business reasons. For example, an application may separate users into customers and internal staff. In general, an application that requires a User Type selection will provide an explanation of the types and guidelines for selection. You will usually be one User Type or another for as long as you use that application.