About Enterprise A&A - Introduction and Definitions

Introduction to Enterprise A&A

Enterprise A&A (Authentication & Authorization) is a service provided by the State's Department of Administrative Services, Information Technology Enterprise (DAS-ITE). It is meant to replace all of the various user name/password combinations used by different web applications, and provide a "one-stop shop" for managing your identity information with the State.

The A&A service provides a central web page for logging on to any application, so users can be sure they are connecting to the State and can use the same username and password.


Application: A website that provides some type of information or service. For example, you might access one application to see your pay stub, and another to view email over the Web.

Instead of requiring users to create an account for each application separately, Enterprise A&A offers you a single username and password, and the ability to reset your password without calling a Service Desk.

Authentication: The process of proving who you are. If you are authenticated to an application, it means the application believes you are who you say you are.

Note this doesn't mean you'll be allowed to do what you want - that requires authorization, below.

Authorization: The process of allowing access to an application's various functions. You may be authorized to submit budget information, or only to view it.

You must be authenticated before you can be authorized (see above).

Baseline: A set of questions and answers you enter the first time you use your account. These questions and answers are secrets you can use to reset your password if you ever forget.

Common Interface: A set of common A&A screens used by calling applications to eliminate their need to develop their own custom ones. Applications that use these screens can choose if they would like to provide the Single Sign On (SSO) for their users.

Account ID: The unique name assigned to your account. For State employees, this may be the same as your email, if you use an @iowa.gov account. For everyone else, this will most likely be an "@iowaID" account such as "firstname.lastname@iowaID". You should enter the entire Account ID (including the "@IowaID" suffix) when logging in.

The Account ID is not case-sensitive: "MYNAME@IOWAID" is the same as "myname@iowaid".   Spaces and most special characters are not allowed. All invalid characters and spaces will be stripped from the Account ID. Special characters allowed are:  _(underscore)-(hyphen)+(plus).(period).

User Type: For some applications, different user types may be established for business reasons. For example, an application may separate users into customers and internal staff. In general, an application that requires a User Type selection will provide an explanation of the types and guidelines for selection. You will usually be one User Type or another for as long as you use that application.

Password: This is the secret part of your account. Your Account ID and matching password are required to use your account. In general, your password should be:

  • Between 8 and 12 letters (a-z, A-Z), numbers (0-9) or symbols (!, @, #, $) long.
  • Something others cannot easily guess (e.g., pieces of your name).
  • Something you can easily remember.
  • Independent of any year, season, month (e.g., current date, season, your birthday, etc.).
  • Independent of a specific website or purpose.

Remember: Anyone who learns your password or has access to your email account can impersonate you. DAS-ITE and the State of Iowa cannot tell the difference between you and someone who knows your password or can access your email. Keep the password a secret and your email account private!

Single Sign On (SSO): The ability to use one credential set (ID and Password) to authenitcate once to a Enterprise A&A SSO enabled app, then using the same browser session log immediatly into another Enterprise A&A SSO enabled app without the need to provide the ID or Password.

Enterprise A&A
Common Interface

Logging In

Logging in is the most common thing you'll do with your A&A account.

The Common Interface Logon screen lets you enter all of your account information in one step.

Along with gaining access to the desired application a user who presses the button "Account Details" after entering their Account Id and Password may have the ability to manage their own account details.

Account Creation

To create an A&A account, you will be required to provide an Account Id and Email that are unique. Below are sample Create Account pages:

Common Interface Create Account Screen

The Create Account page consists of the following elements.

* Account ID
* First Name
* Last Name
* Email

You must enter your email twice, to make sure you haven't mistyped something. You may not create an account using an Account Id or Email address that are currently in use by another account.

Once the Account Details are successfully saved the user will receive an email with instructions on how to verify and use the account.

Setting Your Baseline

When you confirm your A&A account, you will be required to set up your Identity Baseline information (definition). Below is a sample Baseline page:

The Baseline consists of three to five questions.

For the first two or three, select a question from the list and type in your answer.

For the remaining questions, you can enter both the question and the answer.

You must enter your answer twice for each question, to make sure you haven't mistyped something.

Note: You must remember these answers. If you can't answer these questions, you won't be able to manage your account if you forget your password.

Setting Your Password

After saving your baseline for the first time, you'll be allowed to establish your password and then be required to log in. All of these steps help to protect your account at the beginning, when it is the easiest to steal or break into.

Account Management

You can come back anytime you like (using the "Account Details" button on Logon Screen) and change your email, baseline questions and password to keep yourself up-to-date and protect your account.

Issues or Questions?

Contact the State Service Desk.
Email: OCIO.Servicedesk@iowa.gov Phone: 515-281-5703 or 1-800-532-1174