Defense User Registration System (DURS)

Defense User Registration System (DURS)

DTIC User Registration_Oct2021

Defense User Registration System (DURS)

OMB: 0704-0546

Document [pdf]
Download: pdf | pdf
UNCLASSIFIED

DTIC USER REGISTRATION
Defense Technical Information Center (DTIC)

Document Control
Number:
Authorizing Official:
Content Reviewer:
Audience:
Latest Release:
Review Cycle:
Classification:

Content
1.0
Crisstofer French
Derek Kovacsy
DTIC
October 2021
September 2022
UNCLASSIFIED

10/19/2021

X

Crisstofer French

Authorizing Official Digital Signature
Signed by: FRENCH.CRISSTOFER.M.1007778399

UNCLASSIFIED

UNCLASSIFIED

DOCUMENT CHANGE HISTORY
The table below identifies changes that have been incorporated into this document. Content
changes require review and approval.
Date

Version

Description

07-Oct-2021

1.0

Initial Draft

Wesley Wiswell

19-Oct-2021

1.0

Digitally Signed

Crisstofer French

UNCLASSIFIED

Review/Approval

i

UNCLASSIFIED

Table of Contents
1
2

Introduction ............................................................................................................................. 1
Registration Process Initiation ................................................................................................ 1
2.1.1
Registration Initiation ............................................................................................... 1

3

DoD CAC Registration ........................................................................................................... 1
3.1
Seamless Registration ...................................................................................................... 1
3.1.1
Registration Email Requirement ............................................................................... 2

4

5

3.1.2

Email Verification ..................................................................................................... 2

3.1.3

DMDC Verification .................................................................................................. 3

DoD PIV and ECA Registration ............................................................................................. 4
4.1
DoD Contractor ................................................................................................................ 4
4.1.1
Registration Email Requirement ............................................................................... 4
4.1.2

Email Verification ..................................................................................................... 4

4.1.3

Existing Account Lookup ......................................................................................... 5

4.1.4

Affiliation Type Selection......................................................................................... 5

4.1.5

DMDC Affiliation Verification Service ................................................................... 6

4.1.6

Basic Registration Form ........................................................................................... 7

4.1.7

Request Classified Access ........................................................................................ 8

Federal Government PIV and ECA Registration .................................................................... 9
5.1
Federal Employee ............................................................................................................. 9
5.1.1
Registration Email Requirement ............................................................................... 9
5.1.2

Email Verification ..................................................................................................... 9

5.1.3

Existing Account Lookup ....................................................................................... 10

5.1.4

Affiliation Type Selection....................................................................................... 10

5.1.5

OPM Affiliation Verification Service ..................................................................... 11

5.1.6

Basic Registration Form ......................................................................................... 12

5.1.7

Request Classified Access ...................................................................................... 13

5.2
Federal Contractor .......................................................................................................... 14
5.2.1
Registration Email Requirement ............................................................................. 14
5.2.2

Email Verification ................................................................................................... 14

5.2.3

Existing Account Lookup ....................................................................................... 14

5.2.4

Affiliation Type Selection....................................................................................... 15

5.2.5

OPM Affiliation Verification Service ..................................................................... 16

5.2.6

Basic Registration Form ......................................................................................... 17

5.2.7

Request Classified Access ...................................................................................... 18

UNCLASSIFIED

ii

UNCLASSIFIED

6

International Registration...................................................................................................... 19
6.1
Foreign Affiliate ............................................................................................................. 19
6.1.1
Registration Email Requirement ............................................................................. 19
6.1.2

Email Verification ................................................................................................... 19

6.1.3

Existing Account Lookup ....................................................................................... 20

6.1.4

Affiliation Type Selection....................................................................................... 21

6.1.5

Basic Registration Form ......................................................................................... 22

6.1.6

Request Classified Access ...................................................................................... 22

Appendix A. – DMDC Access Levels by Category Code ........................................................... 24
Appendix B. – OMB Statement .................................................................................................... 25

UNCLASSIFIED

iii

UNCLASSIFIED

Abbreviations and Acronyms Defined
Abbreviation/Acronym
DoD
CAC
PIV
ECA
DTIC
OPM
DMDC

Definition
Department of Defense
Common Access Card
Personal Identity Verification Card
External Certification Authority
Defense Technical Information Center
Office of Personnel Management
Defense Manpower Data Center

UNCLASSIFIED

iv

UNCLASSIFIED

1 Introduction
User Registration is the process of requesting a login account for a DTIC-hosted web site.
Currently there is only one application involved in the user registration process.

2 Registration Process Initiation
This is the entry point for all new user registrations (CAC, STOK, ECA, PIV and passwordbased). This section deals with how a registration request is started – particularly how a client
PKI certificate may be used as proof of identity depending on the user's employment status.
2.1.1

Registration Initiation

3 DoD CAC Registration
DoD registrations are expected to register with their CAC (i.e. click Smart Card Registration
Button). Any attempts to register for a password account, if permitted, with a .mil email address
will be denied. Such users are told to register with their CAC.
CAC/STOK card info (when available) is used to pre-populate registration request information,
to the extent possible, including the type of card that was used, the type of user (DoD employee
vs DoD contractor), email address and the certificate expiration date.
3.1

Seamless Registration

Registration requests from CAC holders are automatically submitted (i.e., not required to fill out
a registration form). Note: Although registration request submission is automatic, in some

UNCLASSIFIED

1

UNCLASSIFIED

circumstances (e.g. when CAC does not contain an email address and the DMDC web service is
down) approval must be done manually.
3.1.1 Registration Email Requirement
If the provided certificate is missing an email then the user is prompted to provide a valid email
address.
When a CAC does not contain an email address and the DMDC web service is down, the
registration request is put into the queue for manual registrar approval, with a "DMDC Pending"
status.

3.1.2 Email Verification
Users who are required to provide a valid email address must complete the email verification
process which requires users to provide a security code which is send to the provided email
address.

UNCLASSIFIED

2

UNCLASSIFIED

3.1.3 DMDC Verification
CAC/STOK Registrants who try to register are queried against the DMDC web service which
uses the PKI certificates EDIPI property to lookup the users record.
All registration requests having the "Mismatch Pending" status (DMDC is down, DMDC data
doesn't match CAC, etc., as described in "DMDC Data Collection" section above) are given a
user type (employment affiliation) of "Contractor" in the database. Refer to Appendix A –
DMDC Access Levels by Category Code for access level determinations.

UNCLASSIFIED

3

UNCLASSIFIED

4 DoD PIV and ECA Registration
While DoD CAC holders are expected to register with their provided CAC, some users are
capable of registration using a PIV or ECA.
Certificate info (when available) is used to pre-populate registration request information, to the
extent possible, including the type of card that was used, the type of user (DoD employee vs
DoD contractor), email address and the certificate expiration date.
4.1

DoD Contractor

4.1.1 Registration Email Requirement
If the provided certificate is missing an email then the user is prompted to provide a valid email
address.

4.1.2 Email Verification
Users who are required to provide a valid email address must complete the email verification
process which requires users to provide a security code which is send to the provided email
address.

UNCLASSIFIED

4

UNCLASSIFIED

4.1.3 Existing Account Lookup
The system attempts to identify any pre-existing account. The two automatic paths to account
merging is a match on EDIPI or Email.
Additionally, PIV and ECA registrations allow for manual association of existing accounts if no
account is automatically identified. The system gives the user an opportunity to say whether an
existing account is available. If so, the system prompts for username (or email address) and
password, and verifies it. If it verifies, and the existing LDAP account does not require a PKI
certificate, then the registration request will apply to that existing account rather than creating a
new one. If the existing LDAP account does require a PKI certificate then a message is displayed
to the user and the process proceeds to register a new account (no merge occurs).

4.1.4 Affiliation Type Selection
If a affiliation type can not be determined automatically based on the information provided by
the users certificate, then the users is prompted to select their affiliation. Based on the affiliation
selected additional steps may be taken to verify the validity of the selection through two external
web services.

UNCLASSIFIED

5

UNCLASSIFIED

4.1.5 DMDC Affiliation Verification Service
The DMDC web service is utilized to verify DoD affiliation users. The service utilizes the
EDIPI of a users certificate if present or attempts to match a user based on Lastname, Date of
Birth, and Social Security Number.

UNCLASSIFIED

6

UNCLASSIFIED

4.1.6 Basic Registration Form
This represents the standard registration form which will be pre-populated with any available
information retrieved from the users certificate.

UNCLASSIFIED

7

UNCLASSIFIED

4.1.7 Request Classified Access
Any requests for access to classified data sources requires the user to set their contract
classification level and select the “I am also requesting Classified access” check box. This will
display the Classified Access Request and require the user to provided contact information for
their respective Security Officer who will be required to confirm/authorized the users access
request.

UNCLASSIFIED

8

UNCLASSIFIED

5 Federal Government PIV and ECA Registration
Federal employees are capable of registration using a PIV or ECA.
Certificate info (when available) is used to pre-populate registration request information, to the
extent possible, including the type of card that was used, the type of user (Federal employee vs
Federal contractor), email address and the certificate expiration date.
5.1

Federal Employee

5.1.1 Registration Email Requirement
If the provided certificate is missing an email then the user is prompted to provide a valid email
address.

5.1.2 Email Verification
Users who are required to provide a valid email address must complete the email verification
process which requires users to provide a security code which is send to the provided email
address.

UNCLASSIFIED

9

UNCLASSIFIED

5.1.3 Existing Account Lookup
The system attempts to identify any pre-existing account. The two automatic paths to account
merging is a match on EDIPI or Email.
Additionally, PIV and ECA registrations allow for manual association of existing accounts if no
account is automatically identified. The system gives the user an opportunity to say whether an
existing account is available. If so, the system prompts for username (or email address) and
password, and verifies it. If it verifies, and the existing LDAP account does not require a PKI
certificate, then the registration request will apply to that existing account rather than creating a
new one. If the existing LDAP account does require a PKI certificate then a message is displayed
to the user and the process proceeds to register a new account (no merge occurs).

5.1.4 Affiliation Type Selection
If a affiliation type can not be determined automatically based on the information provided by
the users certificate, then the users is prompted to select their affiliation. Based on the affiliation
selected additional steps may be taken to verify the validity of the selection through two external
web services.

UNCLASSIFIED

10

UNCLASSIFIED

5.1.5 OPM Affiliation Verification Service
OPM info is used to pre-populate registration request form, including the first and last names,
U.S. citizenship, and the fact that employment has been OPM-verified.

UNCLASSIFIED

11

UNCLASSIFIED

5.1.6

Basic Registration Form

UNCLASSIFIED

12

UNCLASSIFIED

5.1.7 Request Classified Access
Any requests for access to classified data sources requires the user to select the “I am also
requesting Classified access” check box. This will display the U.S. Government Approving
Official and Classified Access Request sections which require the user to provided contact
information for their respective point of contacts who will be required to confirm/authorized the
users access request.

UNCLASSIFIED

13

UNCLASSIFIED

5.2

Federal Contractor

5.2.1 Registration Email Requirement
If the provided certificate is missing an email then the user is prompted to provide a valid email
address.

5.2.2 Email Verification
Users who are required to provide a valid email address must complete the email verification
process which requires users to provide a security code which is send to the provided email
address.

5.2.3 Existing Account Lookup
The system attempts to identify any pre-existing account. The two automatic paths to account
merging is a match on EDIPI or Email.
Additionally, PIV and ECA registrations allow for manual association of existing accounts if no
account is automatically identified. The system gives the user an opportunity to say whether an
existing account is available. If so, the system prompts for username (or email address) and
password, and verifies it. If it verifies, and the existing LDAP account does not require a PKI
certificate, then the registration request will apply to that existing account rather than creating a

UNCLASSIFIED

14

UNCLASSIFIED

new one. If the existing LDAP account does require a PKI certificate then a message is displayed
to the user and the process proceeds to register a new account (no merge occurs).

5.2.4 Affiliation Type Selection
If a affiliation type can not be determined automatically based on the information provided by
the users certificate, then the users is prompted to select their affiliation. Based on the affiliation
selected additional steps may be taken to verify the validity of the selection through two external
web services.

UNCLASSIFIED

15

UNCLASSIFIED

5.2.5 OPM Affiliation Verification Service
OPM info is used to pre-populate registration request form, including the first and last names,
U.S. citizenship, and the fact that employment has been OPM-verified.

UNCLASSIFIED

16

UNCLASSIFIED

5.2.6

Basic Registration Form

UNCLASSIFIED

17

UNCLASSIFIED

5.2.7 Request Classified Access
Any requests for access to classified data sources requires the user to set their contract
classification level and select the “I am also requesting Classified access” check box. This will
display the Classified Access Request and require the user to provided contact information for
their respective Security Officer who will be required to confirm/authorized the users access
request.

UNCLASSIFIED

18

UNCLASSIFIED

6 International Registration
Federal employees are capable of registration using a CAC, PIV or ECA.
Certificate info (when available) is used to pre-populate registration request information, to the
extent possible, including the type of card that was used, the type of user (Foreign Affiliate),
email address and the certificate expiration date.
6.1

Foreign Affiliate

6.1.1 Registration Email Requirement
If the provided certificate is missing an email then the user is prompted to provide a valid email
address.

6.1.2 Email Verification
Users who are required to provide a valid email address must complete the email verification
process which requires users to provide a security code which is send to the provided email
address.

UNCLASSIFIED

19

UNCLASSIFIED

6.1.3 Existing Account Lookup
The system attempts to identify any pre-existing account. The two automatic paths to account
merging is a match on EDIPI or Email.
Additionally, PIV and ECA registrations allow for manual association of existing accounts if no
account is automatically identified. The system gives the user an opportunity to say whether an
existing account is available. If so, the system prompts for username (or email address) and
password, and verifies it. If it verifies, and the existing LDAP account does not require a PKI
certificate, then the registration request will apply to that existing account rather than creating a
new one. If the existing LDAP account does require a PKI certificate then a message is displayed
to the user and the process proceeds to register a new account (no merge occurs).

UNCLASSIFIED

20

UNCLASSIFIED

6.1.4 Affiliation Type Selection
If a affiliation type can not be determined automatically based on the information provided by
the users certificate, then the users is prompted to select their affiliation. Based on the affiliation
selected additional steps may be taken to verify the validity of the selection through two external
web services.

UNCLASSIFIED

21

UNCLASSIFIED

6.1.5

Basic Registration Form

6.1.6 Request Classified Access
Any requests for access to classified data sources requires the user to select the “I am also
requesting Classified access” check box. This will display the U.S. Government Approving
Official and Classified Access Request sections which require the user to provided contact

UNCLASSIFIED

22

UNCLASSIFIED

information for their respective point of contacts who will be required to confirm/authorized the
users access request.

UNCLASSIFIED

23

UNCLASSIFIED

Appendix A. – DMDC Access Levels by Category Code

DoD Employee
(A B C K M N V)
DoD Contractor (E)

Non-DoD Civilian (I),
Non-DoD Contractor (O),
DoD OCONUS Hire (U)

DoD Employee
(A B C K M N V)

DoD Contractor
(E)

Non-DoD Civilian (I),
Non-DoD Contractor (O),
DoD OCONUS Hire (U)

Retired/Unaffiliated
(D F H J L Q R W Y)

Foreign
Affiliate (T)

DoD Employee

DoD Contractor
Pending

DoD Contractor Pending

DoD Contractor Pending

DoD Contractor
Pending

DoD Contractor

DoD Contractor Pending

DoD Contractor Pending

DoD Contractor
Pending

Contractor

Denied

DoD Contractor
Pending

Denied

DoD Contractor
Pending

Retired/Unaffiliated
(D F H J L Q R W Y)

UNCLASSIFIED

24

UNCLASSIFIED

Appendix B. – OMB Statement

UNCLASSIFIED

25
File Typeapplication/pdf
File TitleMicrosoft Word - IAM Registration Journey.docx
AuthorCFrench
File Modified2021-10-21
File Created2021-10-19
© 2024 OMB.report | Privacy Policy