LoginMN - Identity and Access Management

Perfect for the State of Minnesota applications used only by the public. This level provides secure access for users without the need for administrative oversight or annual access reviews. It includes:

• Easy self-registration and password reset.
• Strong security with multi-factor authentication (MFA).
• A smooth, user-friendly login experience.
• Assurance Level 1.

Designed for applications that involve agency partners or users with administrative responsibilities. These users can help manage access for others and must go through regular access reviews to meet security standards. Advanced features include: 

• Two main authorization options for partners with a delegated admin console for management 
  • Roles and Groups are stored within the application 
  • High level Roles and Groups stored within LoginMN and passed to application 
• Automated onboarding and offboarding. 
• Integration with other systems and APIs. 
• Detailed audit and compliance reporting.
• Assurance Level 1+ and 2.  

See MNIT’s Service Level Matrix for service level objectives related to incident resolution. 

Flexible Tiers for Advanced Services

There are multiple cost tiers for applications within the Advanced service. The assigned tiers depend on factors like the number of users authenticating to the application, the complexity of requirements such as handling multivalued attributes, the variety of user roles, and whether the application uses modern authentication methods. The LoginMN technical team determines the appropriate tier during the integration discovery sessions.  Advanced tier placement will not change monthly, and is reviewed quarterly for any changes.  All applications are billed separately (unless agency requests otherwise) and do not affect the tier level of other applications - even if at the same agency.

As a guideline, the tiers are defined as follows:

• xSmall Tier: 1–300 unique authentications per month with modern authentication methods, with no customizations for multivalued attributes or roles.
• Small Tier: 301–10,000 unique authentications per month with modern authentication methods, with no customizations for multivalued attributes or roles.
• Medium Tier: 10,001–100,000 unique authentications per month with modern authentication methods, requiring fewer than 5 multivalued attributes or roles.
• Large Tier: 100,001–500,000 unique authentications per month with either modern or non-modern authentication methods, needing between 5 and 10 multivalued attributes or roles.
• xLarge Tier: More than 500,000 unique authentications per month with either modern or non-modern authentication methods, requiring heavy customization due to complex multivalued attributes and multiple role choices upon authentication.

Support you can count on

• MNIT offers training, documentation, integration guidance, and sample code to help your team succeed. MNIT also provides job aids and troubleshooting documentation for agency teams to provide Tier 1 user support.
• MNIT Enterprise provides Tiers 2 and 3 support for agency application staff.

Built for the Future

LoginMN is a cloud-based solution built on trusted platforms like Oracle Access Governance (OAG) and Azure. It’s designed to grow with your agency, support modern security protocols, and integrate with your applications.

Adoption Standards

To ensure consistency and security across the enterprise, MNIT requires:

• Use of modern authentication protocols (OIDC, SAML).
• No wildcard searches.
• Use of dynamic groups over static ones.
• Centralized identity management - no external user management portals.

Agencies using LoginMN are responsible for:

• Providing Tier 1 support such as unlocking accounts and helping with password resets.
• Participating in access reviews (for advanced services only).
• Following MNIT’s integration and security standards.
• Using modern authentication methods like OIDC and SAML.
• Avoiding unsupported practices like Secure LDAP.