Procurement Integrated Enterprise Environment - User Profile Support
 

Certificates

Digital certificates are encrypted files containing private keys that are verified against a chain of trust that is known to the br/owser. PKI certificates are optional for Vendors and required for government personnel. Due to infrastructure limitations, a government user is permitted to use a user ID/password to log on to the system, while awaiting receipt of his/her PKI certificate.


Reference Guide PDF Notes
User Account Reactivation Process Click this link to go to the User Account Reactivation Process on how to Reactivate a User Account when all roles are inactive/archived. (PDF). This guide provides instructions on how to Reactivate a User Account when all roles are inactive/archived.
User Role Activation/Deactivation Process Click this link to go to the PIEE User Training Overview of how to add user training to User Role Activation/Deactivation Process (PDF). This guide provides instructions on how to Reactivate a User's Role once it is deactivated.
Certificate Export for Registration Click this link to go to the Certificate Export for Registration (PDF). This guide will demonstrate how to export the certificate with ActivClient, Internet Explorer, “New” Microsoft Edge, and Google Chrome. The following steps can be followed to check for the appropriate certificate for a PIEE user to export for registration. The user will check the Smart Card for the certificate with the Friendly Name equal to Authentication – USERNAME, if not present on the Smart Card then the user must use the ID – USERNAME certificate.
Change Authentication Type Click this link to go to the Change Authentication Type (PDF). This an overview of how to how to review of Changing Authentication Type.
Inter/Intra Agency Transfers Click this link to go to the PIEE User Training Overview of how Inter/Intra Agency Transfers are completed (PDF). This guide provides instructions on how Inter/Intra Agency Transfers are completed.
Updating Agency Information Click this link to go to the PIEE User Training Overview of how to update Agency Information (PDF). This guide provides instructions on how a users updates their account Agency Information.
GAM Updating User Agency Information Click this link to go to the PIEE User Training Overview of how a GAM updates a User’s Agency Information (PDF). This guide provides instructions on how a GAM updates a User’s account Agency Information.

User Profile Support Demos:

Document Demo Doc Last Updated Notes
Adding Roles to an Existing User This is an overview of how to "Add Roles" to an existing User Demo video. This is an overview of how to "Add Roles" to an existing User Demo document. July 2020 This is an overview to demonstrate a User adding roles for an existing user. Described is the process of following the 'Certificate Login' button and successfully adding roles for users.
Entering An Alternate Supervisor In The User Profile This is an overview of how to Entering An Alternate Supervisor In The User Profile Demo video. This is an overview of how to Entering An Alternate Supervisor In The User Profile Demo document. July 2020 If an Alternate Supervisor is associated to a user’s profile, then a tokenized email notification will be sent to Alternate Supervisors for user’s requesting approvals. Email Notifications will include a message that they have been designated as the Alternate Supervisor and the approval is required by wither the primary Supervisor or Alternate Supervisor. NOTE: Existing Notifications will continue to be sent to the primary Supervisor. Email notifications will include a message that an Alternate Supervisor has been designated. NOTE: Notifications will be sent to the Alternate Supervisor as well, if they are listed.
User Account Changes User Maintenance and Security User Maintenance and Security February 2022 This is an overview to demonstrate the User account changes. This demo describes the navigation of the 'My Account' page and how to Manage Roles from this page.

Digital PIN and Time-Based One Time Password Setup

Reference Guide





Changes to PIEE Signature Requirements

Digital Signature – User Logging in with a User ID/Password

PIEE will now require users logging in with a User ID/Password to enter a PIN and a Time-Based One Time Password for all digital signatures in the PIEE application. The following will show the necessary one-time setups for this process.

  • Setup Digital PIN
  • Setup Time-based One Time Password

In PIEE signing documents as a user that is logged in with a User ID and Password will now be required to enter a self-defined 6 digit pin and a One Time Password delivered via E-Mail, alternatively if the user is having issues receiving the OTP via E-Mail they may also set-up an OTP on their mobile device Instructions for both will follow.

Sample Digital Signature

The image provides a preview of the Digital PIN and One Time Password Sample Digital Signature.

Accessing My Account

Log into PIEE with a User ID and Password user and click the My Account button at the top of the window.

The image provides a preview of the PIEE Portal page and the My Account link.

My Account

The Setup Digital PIN and Setup Time Based One Time Password options will be available on the My Account screen.

The image provides a preview of the Digital PIN and Time-Based One Time Password Setup Links on the My Account page.

Setup Digital PIN

Select the Setup Digital PIN link, the user will be taken to a new screen where they will follow the instructions for creating a Digital PIN to be used when performing signature actions in PIEE. This is a one-time setup process.

Step 1. Enter your current password

Step 2. Enter a 6 Digital PIN and Confirm PIN.

This PIN will be needed to perform signature within PIEE applications.

Once the steps are completed click the Submit button to finalize the Digital PIN.

The image provides a preview of the Setup Digital PIN page.

Time-Based One Time Password (TOTP)

Users may setup a Time-based One Time Password to be used instead of the E-Mail OTP this is an optional step and the E-Mail OTP will be the default method for receiving OTPs for signing documents.

Select the Setup Time Based One Time Password link, the user will be able to taken to a new screen where they will follow the instructions for setting up the Mobile App Authentication for Time-based One Time Passwords.

Prerequisite –

Download an Authenticator App which supports Time-based One Time Password from either the Apple App Store or the Android Google Play store. These applications are typically free of cost. Please use appropriate application that is compliant within your organization.

Examples of mobile applications which support TOTP:

  • Microsoft Authenticator
  • Google Authenticator
  • Adobe Authenticator
  • 2FAS Authenticator

Setup –

Step 1. Enter your current password

Step 2. Click on the 'Submit' button to generate secret key for TOTP

Once the steps are completed click the Submit button to finalize the Time-based One Time Password.

The image provides a preview of the Setup Time-Based One Time Password (TOTP) page.

Sample OTP E-Mail

The image provides a preview of the Sample OTP E-Mail.


MFA (Multi-Factor Authentication) Requirement

Reference Guide





MFA Requirement

In addition to traditional login credentials, PIEE mandates the setup of at least one authentication method to enhance account security. This requirement for Multi-Factor Authentication (MFA) is necessary when logging in with a user ID and password. However, MFA is not required for users logging in with Common Access Card (CAC) or software certificates. This critical layer of protection significantly safeguards sensitive information, ensuring that only authorized users can access accounts and reducing the risk of unauthorized access.

Different Authentication Methods

It is encouraged that users add two authentication methods to their account: an authenticator application and email. This approach ensures that if access to the primary method, such as a phone, is lost, recovery can still occur through a secondary option. This dual strategy provides greater flexibility and peace of mind, catering to diverse individual and organizational needs. Implementing these methods not only strengthens account security but also facilitates easier recovery in case of issues. Each method has its own advantages depending on specific preferences. Below are descriptions of two common MFA methods, along with their pros and cons, to assist in making an informed decision.

  • Authenticator Application
  • Email
Authenticator Application

Authentication applications are tools that users install on their devices to generate secure, time-sensitive one-time passcodes (OTP) for account sign-ins. When a user attempts to access their PIEE account, they first enter their login credentials. Then, the system prompts for a unique six-digit OTP code from the authentication app. This code, which refreshes every 30 seconds, is essential to complete the login process. By requiring both the password and the constantly changing OTP, this method adds an additional layer of security, effectively preventing unauthorized access to the account. The combination of these two factors greatly enhances overall account protection.

Pros: Stronger Security, Offline Accessibility, convenience, easy access, App is free to use, Phishing resistance.

Cons: Smartphone required, Device loss, Phone malfunction, App deletion, App availability.

How to – Set-up an Authenticator Application

Set-up:This is a onetime set-up process. Please follow these recommended steps to download and install one of the supported applications and configure it to work with user’s PIEE account.

Step 1: Choose a device, such as a computer or mobile device (phone or tablet), on which user can install apps.

Step 2: Download and install any one authentication app which supports Time-Based One-Time Password (TOTP) from either the Apple App Store or the Android Google Play store to the chosen device. Please use the appropriate application that is compliant within your organization and preferably one that is recommended by the DoD. Some popular options include:

  • MS Authenticator with Passkey
  • Okta Verify with Fastpass
  • Army Mobile-Connect (MC) MFA

Step 3: Log in to PIEE. Navigate to My Account > Setup Authenticator App/Time-Based One-Time Password.

The image provides a preview of the PIEE Portal page and the My Account link.

The image provides a preview of the PIEE Portal page and the My Account link.

Step 4: Enter the current PIEE password, click the Submit button to generate Secret Key and QR Code scan for TOTP.

Sample screenshots are provided below.

The image provides a preview of entering a password to generate secret key and QR code.

Buttons:

  • Submit
  • Home

The image provides a preview of Secret key and QR Code.

Buttons:

  • Download QR Code
  • Home

Email notification will be sent once user successfully sets up the authenticator app as shown in the screenshot below.

The image provides a preview of email notification after the PIEE Authenticator App Setup.

Step 5: Setting Up an Account in the Authenticator App:

1. Open the App: Launch any of authenticator apps that is mentioned above on a mobile device or tablet.

2. Add an Account: Follow the app's instructions to add a new account. Typically, it can be done this by tapping the '+' icon.

3. Configure the Account:

  • Manual Input: Enter the Secret Key provided.
  • QR Code Scan: Alternatively, scan the QR code to configure the account automatically.

4. Check the Profile: Ensure a profile labeled with the PIEE username is visible.

5. Start Generating TOTP:The app will begin generating TOTP Passwords for secure access.

Email

Email-based Multi-Factor Authentication (MFA) enhances account security by requiring both a password and a One-Time Password (OTP) sent to a registered email address. This OTP, valid for 15 minutes, ensures that even if the password is compromised, unauthorized access to the account is prevented.

Pros: Simple to set up, user-friendly, no app required, cost-effective.

Cons: Email account vulnerability, delay delivery issues, Internet access required.

How to update Email Address:

1. Log in to PIEE.

2. Navigate to My Account > User.

The image provides a preview of the My Account link in PIEE.

The image provides a preview of User link in PIEE.

3. Update Email address, click the Submit button.

The image provides a preview of User link in PIEE.

Buttons:

  • Submit
  • Cancel
  • Help
  • Justifications/Attachments
MFA Login Process

1. Initiate Login: Navigate to the PIEE login page.

2. Input Credentials: Enter the username and password in the specified fields, click the LOG IN button.

The image provides a preview of User Login into PIEE.

Buttons:

  • LOG IN

3. MFA Prompt: Upon successful entry of credentials, a prompt will appear requesting a second form of authentication. Users will be asked how they would like to receive the OTP. Options typically include:

  • Email
  • Authenticator App

The image provides a preview of user's MFA OTP Method Selection options.

Buttons:

  • Email
  • Authenticator App
  • Help
  • Close

4. Email-based Method: If the user selects Email as his or her preferred factor for MFA, the system will send an OTP to the email address that is linked to the user’s account and will not prompt the user for a code from the authenticator application. Retrieve the OTP from the user’s registered email, enter it in the designated field, and click the LOG IN button to complete the authentication process.

The image provides a preview of email notification for PIEE OTP.

The image provides a preview of email based OTP field

Buttons:

  • LOG IN
  • Go Back
  • Help
  • Close

5. Authenticator app-based Method: If the user selects the Authenticator App as their preferred MFA method, the system will prompt them to enter the OTP from the approved Authenticator App, and no email-based OTP will be sent. Retrieve the OTP from the selected app and enter it in the designated field. Click the LOG IN button to complete the authentication process.

The image provides a preview of email notification for PIEE OTP.

Buttons:

  • LOG IN
  • Go Back
  • Help
  • Close

6. Access Account: After successful verification of the authentication code, access to the user’s PIEE account will be granted.

7. Troubleshooting: If the code is not received, verify the network connection, check the Spam, or junk folder, and ensure that the email information is correct. Alternatively, click on Re-send the OTP via Email link for a new OTP, or reinstall the authenticator app.