Service Description
The USDA eAuthentication Service protects application resources through centralized credentialing, multi-factor authentication, single sign-on and authorization services for both internet and intranet applications. The eAuthentication Service supports both internal employee-facing applications as well as external public-facing applications that service USDA customers and partners. For external customers, the service supports assurance level 1 and assurance level 2 credentials with physical identity proofing (and will soon be able to provide identity proofing services online). For internal users, the service supports both assurance level 2 credentials as well as strong PIV (LincPass) based credentials. The eAuthentication Service meets NIST and OMB standards for identity and access management.
USDA eAuthentication also supports federated authentication, allowing users both within and outside of USDA to access multiple applications and data sources across other Federal Departments or other trusted partners without needing to remember multiple usernames and passwords. .
What's Included
-
User Authentication
- Securely authenticate users to both web-based and mobile applications using secure Department-approved credentials
- Single Sign-On (SSO) to any participating web application, eliminating the need for users to remember multiple user names and passwords for each application they access
- Provide secure access to applications for both USDA employees & contractors as well as external USDA customers and partners
-
User Authorization
- Role-based access control (RBAC) or course-grained authorization based on profile attributes, tailored to each application’s business requirements
- Protects web server directories against unauthorized access or modification
-
Account Registration & Management
- Automatic account creation for USDA employees & contractors, improving the “time to productivity”
- Self-registration for external customers and partners for Assurance Level 1 and 2 public-facing applications
-
Identity proofing (verification) services for Assurance Level 2, providing a higher assurance in user identity
- Identity Proofing services are supported by over 13,000 Local Registration Authorities in USDA offices across the U.S.
-
Highly Available & Reliable Environment
- Highly available and scalable architecture
- Automated load balancing and fail-over capacities across multiple data centers
- 24x7x365 monitoring and incident response
How We Charge
Agencies wishing to take advantage of eAuthentication services pay an integration fee based on the complexity of the work.
A per seat cost will be charged for all eAuthentication users.
Service Level Metrics
| Measure | Target SLA |
|---|---|
| System Monitoring | 24 x 7 |
| Incident Response | 24 x 7 |
| System Availability | 99.99% excluding planned downtime* |
*The eAuthentication Service utilizes the USDA Universal Telecommunication Network (UTN) for Wide Area Network services. The UTN is contractually guaranteed to be 99.9% available but has historically delivered 99.997% availability
Cost Saving Tips
- Use of a centralized credentialing and authentication system like USDA eAuthentication provides considerable resource, infrastructure, and development cost savings
- Utilize a centralized authentication system like eAuthentication to increase worker productivity
Additional Information
For general eAuthentication information:
https://www.eauth.usda.gov
For eAuthentication integration information:
https://eauthsvcs.sc.egov.usda.gov/eiss/screens/index.aspx
For LincPass general information:
http://hspd12.usda.gov
USDA CONTACT
Chris North, Director
OCIO, Enterprise Applications Services (EAS)