Header

Main Content

Article

Access Indiana

The IN.gov Program, a partnership between the Indiana Office of Technology and Indiana Interactive, has been tasked with implementing a single sign-on authentication mechanism and Identity Provider for public online applications for the State of Indiana, referred to as Access Indiana. The benefits of a standard authentication solution include, but are certainly not limited to:

  • Single Credential and Sign-on Capabilities
  • Development Efficiencies
  • Greater Access Control Security
  • Active Directory Federation (B2B)
  • Customer Access Panel (Dashboard)
  • Improved Customer Experience
  • Customer Confidence in Brand
  • User Insights

The following resources are intended to provide Indiana agencies with the initial tools and information they need to integrate with Access Indiana.

Integration Strategy

The preferred integration strategy is the removal of the current/legacy authentication mechanism from the agency application. The sign-up/sign-in functionality would then leverage Access Indiana. In the event that a user has a legacy login to the agency application, the user would then connect the new Access Indiana profile with their legacy login by validating their legacy credentials in a process we refer to as account linking.

Benefits of this approach include:

  • Simplifies landing page with a unified message to sign-in via Access Indiana
  • Curbs prolonged confusion of having multiple login paths and credentials
  • Successful authentication leads into new user registration on first visit
  • Basic profile information can be returned from Access Indiana to seed the application registration
  • Prompt for legacy login if the agency/user can determine it is an existing user to link the accounts
  • Successful legacy login links existing account to Access Indiana identity
  • Application flow for new user registration is almost the same, simplifying tier 1 support and training needs

Integration Process & Request Form

We are prescribing OpenID Connect hybrid flow for agency implementations. This requires both front channel and back channel communications and is based on the assumption that the agency is utilizing cookies for authentication (If you are not, please note this, so that we can have a further conversation on your individual implementation).  Access Indiana must establish individual client IDs and secrets for each application environment that your application will utilize. We would also need to include a localhost route for the development team (example: http://localhost:port) if your agency utilizes localhost. Keep in mind, the agency application should be developed in a manner to receive sign-in and sign-out calls from the agency application, as well as Access Indiana. This will require distinct URLs/pages from your application to be included in your client setup.

Once the clients are established, the developer can visit the Access Indiana well-known end point for specific OpenID configuration information on the paths and available claims for Access Indiana.

The following details will be needed per environment to setup your application in Access Indiana.

  1. Application developers provide configuration information for each application environment (Dev, QA, UAT, etc.):
    • Name of application (This will be visible to the user)
    • Valid reply URLs for the application
    • It is possible if your application is outside of the state network there may additional firewall information to be exchanged (please let us know)
  2. Access Indiana team defines the application within the Access Indiana platform
    • Provide agency developers with Client ID and Client Secret, via encrypted email for each environment that is being setup
      • Client Secret is unrecoverable if lost and would have to be changed and resent
  3. Successful Access Indiana authentications allows the agency to redeem bearer tokens for user claims and scopes as defined in the well-known end point.

To register your client application with Access Indiana, please submit the above criteria on the following online form.

OpenID Connect Resources

It will be critical for the implementing development team to become familiar with the OpenID Connect specification. The following links are a subset of the specifications to assist in understanding specific areas of consideration. The resources will provide initial guidance and code-snippets to assist in the development of the integration. Please keep in mind that these are third-party resources not endorsed by the State of Indiana. The resources should be used as a reference only. The agency is still responsible for implementing all required controls and/or legal obligations on both the state and federal level.

Also, keep in mind that the steps related to the Access Indiana platform in these references (e.g. register your client application with Access Indiana) will be managed by IOT and Indiana Interactive.

Other Resources

The following are some links to some additional resources that have proven helpful for agencies: