Office of the Chief Information Officer

United States Department of Agriculture

Identity, Credential and Access Management Services - eAuthentication

Service Description

The USDA eAuthentication Service protects application resources through centralized credentialing, multi-factor authentication, single sign-on and authorization services for both internet and intranet applications. The eAuthentication Service supports both internal employee-facing applications as well as external public-facing applications that service USDA customers and partners. For external customers, the service supports assurance level 1 and assurance level 2 credentials with physical identity proofing (and will soon be able to provide identity proofing services online).  For internal users, the service supports both assurance level 2 credentials as well as strong PIV (LincPass) based credentials. The eAuthentication Service meets NIST and OMB standards for identity and access management.

USDA eAuthentication also supports federated authentication, allowing users both within and outside of USDA to access multiple applications and data sources across other Federal Departments or other trusted partners without needing to remember multiple usernames and passwords. .

What's Included

  • User Authentication
    • Securely authenticate users to both web-based and mobile applications using secure Department-approved credentials
    • Single Sign-On (SSO) to any participating web application, eliminating the need for users to remember multiple user names and passwords for each application they access
    • Provide secure access to applications for both USDA employees & contractors as well as external USDA customers and partners
  • User Authorization
    • Role-based access control (RBAC) or course-grained authorization based on profile attributes, tailored to each application’s business requirements
    • Protects web server directories against unauthorized access or modification
  • Account Registration & Management
    • Automatic account creation for USDA employees & contractors, improving the “time to productivity”
    • Self-registration for external customers and partners for Assurance Level 1 and 2 public-facing applications
    • Identity proofing (verification) services for Assurance Level 2, providing a higher assurance in user identity
      • Identity Proofing services are supported by over 13,000 Local Registration Authorities in USDA offices across the U.S.
  • Highly Available & Reliable Environment
    • Highly available and scalable architecture
    • Automated load balancing and fail-over capacities across multiple data centers
    • 24x7x365 monitoring and incident response

How We Charge

Agencies wishing to take advantage of eAuthentication services pay an integration fee based on the complexity of the work.

A per seat cost will be charged for all eAuthentication users.

Service Level Metrics

Measure Target SLA
System Monitoring 24 x 7
Incident Response 24 x 7
System Availability 99.99% excluding planned downtime*

*The eAuthentication Service utilizes the USDA Universal Telecommunication Network (UTN) for Wide Area Network services. The UTN is contractually guaranteed to be 99.9% available but has historically delivered 99.997% availability

Cost Saving Tips

  • Use of a centralized credentialing and authentication system like USDA eAuthentication provides considerable resource, infrastructure, and development cost savings
  • Utilize a centralized authentication system like eAuthentication to increase worker productivity

Additional Information

For general eAuthentication information:
https://www.eauth.usda.gov

For eAuthentication integration information:
https://eauthsvcs.sc.egov.usda.gov/eiss/screens/index.aspx

For LincPass general information:
http://hspd12.usda.gov


USDA CONTACT

Chris North, Director

OCIO, Enterprise Applications Services (EAS)

Chris.North@ocio.usda.gov