Market Participant Identity Management Overview (MPIM) Role of Account Management at ERCOT Introduction Welcome to Texas Market Link (TML) Market Participant Identity Management (MPIM) The following slides provide a tour of the new MPIM application to familiarize you with managing your USA certificate and your users certificates. It should be used as a compliment to the Introduction and Use of Market Participant Identity Management (MPIM) and Digital Certificates document. This tour will explain: – – – – The User Interface (UI) Business functions allowed by the system When to expect Market Participant communications Contact information for Help MPIM OVERVIEW Page 2 Overview Objectives This overview presentation provides how to: Access MPIM Receive your ERCOT Digital Certificate (DC) Create a new MP User Create DC for MP User Modify a current MP User’s information and Roles Terminate and remove all access for a MP User Add or revoke a MP User’s certificate Run different reports for your entity MPIM OVERVIEW Page 3 Current vs. New Digital Certificate Functionality Before Implementation After Implementation Digital Certificates (DC) were shipped via Fed Ex in 5 – 6 business days from ERCOT authorization. Receive two emails one containing the URL and the other containing the password. DC can then be picked up the same day they are authorized. MP USA could not revoke DC MP USA has the ability to revoke DC, with the exception of another MP USA. The MP USA would access the TML to request User DC. The MP USA will access MPIM via TML link to request User DC. The MP USA had the ability to have a centralized mailbox for all DC. Digital Certificates will now be delivered to each user’s email address for their DC. The MP USA managed all User DC renewals. Individual User can manage their own DC renewal. No reporting functions. MP USA can now run reports for their entity. MPIM OVERVIEW Page 4 Overview Topics • Receiving your MP USA Digital Certificate • Accessing MPIM • Managing Users – Create User Accounts – Grant Certificates – Modify User Accounts – Terminate User Accounts – Run Reports – MPIM Errors • Losing MP USA access • Reference Documents / Important Contact information MPIM OVERVIEW Page 5 Receiving a Digital Certificate Once ERCOT has received a Market Participant’s Application or Notice of Change of Information form (NCI), then ERCOT will begin the process of issuing the Digital Certificate (DC) for the MP USA(s) upon ERCOT authorization. ERCOT USA will then enroll the new USA(s) via the Market Participant Identity Management (MPIM) system. MPIM OVERVIEW Page 6 Receiving a Digital Certificate (cont’d) After ERCOT USA has created an MP USA Account, the MP USA will receive an informational email notification from MPIM similar to the one below. From: helpdesk@ercot.com Date: 10/01/2007 12:00 PM To: user@ercot.com Cc: Subject: MPIM Notification: <Type> Creation <User (First Name Last Name)> Dear <User (First Name Last Name)>, Your account has successfully been created. Please contact your requestor <Requestor (First name Last Name)>, regarding the information for your account. If you have a question related to this email, then please contact the ERCOT Helpdesk at (512) 248-6800. Thank you, MPIM Administrator At this point, the MP USA does not have a Digital Certificate. MPIM OVERVIEW Page 7 Receiving a Digital Certificate (cont’d) Upon authorization the ERCOT USA will then grant the MP USA a DC. Two notifications will be sent to the MP USA; one email containing a certificate URL link and ... Email containing certificate URL From: helpdesk@ercot.com Date: 10/01/2007 12:00 PM To: user@ercot.com Cc: Subject: MPIM Notification: Certificate Pickup URL<User (First Name Last Name)> Dear <User (First Name Last Name)>, Your VeriSign Digital Certificate has been requested. Please contact your requestor <Requestor (First Name Last Name)> for the next steps to download your digital certificate. Certificate URL: <Certificate URL> If you have a question related to this email, then please contact the ERCOT Helpdesk at (512) 248-6800. Thank you, MPIM Administrator MPIM OVERVIEW Page 8 Receiving a Digital Certificate (cont’d) … another containing a certificate password. Email containing certificate password From: helpdesk@ercot.com Date: 10/01/2007 12:00 PM To: user@ercot.com Cc: Subject: MPIM Notification: Certificate Pickup <User (First Name Last Name)> Dear <User (First Name Last Name)>, Your VeriSign Digital Certificate has been requested. Please contact your <Requestor (First Name Last Name)> for the next steps to download your digital certificate. Certificate URL Password: <Random generated password> If you have a question related to this email, then please contact the ERCOT Helpdesk at (512) 248-6800. Thank you, MPIM Administrator •A one time use password for ERCOT Digital Certificate is valid for 5 Days. •On day 6, MP USA will have to contact ERCOT Client Services at (512) 248-3900. MPIM OVERVIEW Page 9 Receiving a Digital Certificate (cont’d) To download new DC, MP USA will contact ERCOT Client Services for their Username / Employee ID. Next click on the URL in the email and the ERCOT Digital Certificate (EDC) page will load. Using the Password from the email, the Employee ID from ERCOT Client Services and the DUNS number, fill out the login screen and download the certificate. MPIM OVERVIEW Page 10 Receiving a Digital Certificate – EDC Click Yes MPIM OVERVIEW Page 11 Receiving a Digital Certificate – EDC (cont’d) Click OK MPIM OVERVIEW Page 12 Receiving a Digital Certificate – EDC (cont’d) Do not close browser during download! MPIM OVERVIEW Page 13 Receiving a Digital Certificate – EDC Click Yes At this point, your Digital Certificate has been downloaded. MPIM OVERVIEW Page 14 Overview Topics • Receiving your MP USA Digital Certificate • Accessing MPIM • Managing Users – Create User Accounts – Grant Certificates – Modify User Accounts – Terminate User Accounts – Run Reports – MPIM Errors • Losing MP USA access • Reference Documents / Important Contact information MPIM OVERVIEW Page 15 Accessing MPIM • Only users that have completed the mandatory paperwork and are in compliance with ERCOT Protocols, “User Security Administrator and Digital Certificates” regarding User Security Administrators (USA), will be granted access to MPIM. • Each Market Participant must appoint a USA and has the option to register a Secondary USA. A Secondary USA is encouraged because they will prevent the loss of ERCOT resource functionality in the event the Primary USA is unavailable or leaves. • Once the MP USA has been created in MPIM and receives their Digital Certificate, they can access MPIM through a link on TML. Please note that the MPIM system will eventually be accessed through the Nodal Market Information System (MIS). MPIM OVERVIEW Page 16 Accessing MPIM as a MP USA Navigate to the TML Portal by inserting the following URL in a browser window: https://tml.ercot.com. Once prompted, select a certificate that corresponds to the entity you are managing, highlight the MP USA certificate, and click OK. MPIM OVERVIEW Page 17 Accessing MPIM - TML Once in TML, click on the Identity Management link. MPIM OVERVIEW Page 18 Overview Topics • Receiving your MP USA Digital Certificate • Accessing MPIM • Managing Users – – – – – – Create User Accounts Grant Certificates Modify User Accounts Terminate User Accounts Run Reports MPIM Errors • Losing MP USA access • Reference Documents / Important Contact information MPIM OVERVIEW Page 19 Managing Users – Create MPIM User Account MP USA clicks on the Create link. For more details to create MPIM User Account, please refer to Section 2.3 “Create MPIM User Account” of the Introduction and Use of Market Participant Identity Management (MPIM) and Digital Certificates document. MPIM OVERVIEW Page 20 Managing Users – Create MPIM User Account (cont’d) MP USA fills out the required fields, assigns roles and clicks on the Submit button. Note: The MP USA can select the Role Information link to learn which applications/resources the MP User will access by receiving the role(s). User’s Email Address Adds a selected role Removes a selected role Adds all roles Removes all roles MPIM OVERVIEW Page 21 Managing Users – Create MPIM User Account After the MP User account is successfully created, the following e-mail is generated and sent to the MP User. The notification is sent to the e-mail address provided during account creation. ====================================================================== From: helpdesk@ercot.com Date: 10/01/2007 12:00 PM To: user@ercot.com Cc: Subject: MPIM Notification: User Creation <User First Name User Last Name> Dear <User (First Name Last Name)>, Your account has successfully been created. Please contact your USA, <Requestor (First name Last Name)>, regarding the information for your account. If you have a question related to this email, please contact the ERCOT Helpdesk at (512) 248-6800. Thank you, MPIM Administrator MPIM OVERVIEW Page 22 Managing Users – Create Application Programming Interface (API) MPIM User Account In order to create an API account within the MPIM system, the MP USA will start at the MPIM Manage User screen. For more details to create MPIM API Account, please refer to Section 2.4 “Create Application Programming Interface (API) MPIM Account” of the Introduction and Use of Market Participant Identity Management (MPIM) and Digital Certificates document. MPIM OVERVIEW Page 23 Managing Users – Create Application Programming Interface (API) MPIM User Account (cont’d) MP USA checks the API check box, fills out the required fields, assigns roles and clicks on the Submit button. Heselmeyer, Sarah Email address of API server manager • The API_ text will be prepended to the employee ID when the request is submitted. Employee ID should be the server or application name. EXAMPLES: API_SERVER_NAME or API_APPLICATION_NAME (min 4/max 19 characters) • First Name, Last Name and e-mail address should the contact information for the server/application owner. MPIM OVERVIEW Page 24 Managing Users – Create Application Programming Interface (API) MPIM User Account (cont’d) After the API/MP User account is successfully created, the following e-mail is generated and sent to the User. The notification is sent to the e-mail address provided during account creation. From: helpdesk@ercot.com Date: 10/01/2007 12:00 PM To: user@ercot.com Cc: Subject: MPIM Notification: User Creation <User First Name User Last Name> Dear <User (First Name Last Name)>, Your account has successfully been created. Please contact your USA, <Requestor (First name Last Name)>, regarding the information for your account. If you have a question related to this email, please contact the ERCOT Helpdesk at (512) 248-6800. Thank you, MPIM Administrator MPIM OVERVIEW Page 25 Overview Topics • Receiving your MP USA Digital Certificate • Accessing MPIM • Managing Users – Create User Accounts – Grant Certificates – Modify User Accounts – Terminate User Accounts – Run Reports – MPIM Errors • Losing MP USA access • Reference Documents / Important Contact information MPIM OVERVIEW Page 26 Managing Users – Creating User Certificate in MPIM After user account is created the MP USA is ready to create the associated users DC. MP USA clicks on the Certificates link. For more details to create MPIM User and API Digital Certificates, please refer to Section 2.6.1 “Creating User Certificate” in the Introduction and Use of Market Participant Identity Management (MPIM) and Digital Certificates document. MPIM OVERVIEW Page 27 Managing Users – Creating User Certificate in MPIM (cont’d) MP USA enters search parameters for a User (employee id, first name, or last name). MP USA clicks the Search button. MPIM OVERVIEW Page 28 Managing Users – Creating User Certificate in MPIM (cont’d) MP USA checks the boxes of the User(s) for whom certificates should be generated. MP USA clicks the Submit button. • • • • Multiple users can be granted certificates. After the certificate is granted, the user must download the certificate before it will be considered Valid. Certificates in any status but Valid or Revoking will appear on the Request Certificates page. Certificates in Valid or Revoking status will appear on the Revoke Certificate page when the radio button is selected. MPIM OVERVIEW Page 29 Managing Users – Creating User Certificate in MPIM (cont’d) The MP User receives the following two e-mails with information on how to retrieve their Digital Certificate. From: helpdesk@ercot.com Date: 10/01/2007 12:00 PM To: user@ercot.com Cc: Subject: MPIM Notification: Certificate Pickup <User (First Name Last Name)> Dear <User (First Name Last Name)>, Your VeriSign Digital Certificate has been requested. Please contact your requestor <Requestor (First Name Last Name)> for the next steps to download your digital certificate. Certificate URL Password: <Random generated password> If you have a question related to this email, then please contact the ERCOT Helpdesk at (512) 248-6800. From: helpdesk@ercot.com Date: 10/01/2007 12:00 PM To: user@ercot.com Cc: Subject: MPIM Notification: Certificate Pickup URL<User (First Name Last Name)> Dear <User (First Name Last Name)>, Your VeriSign Digital Certificate has been requested. Please contact your requestor <Requestor (First Name Last Name)> for the next steps to download your digital certificate. Certificate URL: <Certificate URL> If you have a question related to this email, then please contact the ERCOT Helpdesk at (512) 248-6800. Thank you, MPIM Administrator •A one time use password for Digital Certificate is valid for 5 Days. •On day 6, the User will have to contact their MP USA. MP USA will re-issue certificate for the User. •User will contact MP USA for their Employee ID. MPIM OVERVIEW Page 30 Overview Topics • Receiving your MP USA Digital Certificate • Accessing MPIM • Managing Users – Create User Accounts – Grant Certificates – Modify User Accounts – Terminate User Accounts – Run Reports – MPIM Errors • Losing MP USA access • Reference Documents / Important Contact information MPIM OVERVIEW Page 31 Managing Users – Modifying a User and API MPIM Account with Roles MP USA clicks on the Modify link. For more details to Modify MPIM User, please refer to Section 2.5 “Modifying an User and API MPIM Account with Roles” in the Introduction and Use of Market Participant Identity Management (MPIM) and Digital Certificates document. MPIM OVERVIEW Page 32 Managing Users – Modifying a User and API MPIM Account with Roles (cont’d) MP USA enters search parameters for a User (employee id, first name, or last name). MP USA clicks the Search button. MPIM OVERVIEW Page 33 Managing Users – Modifying a User and API MPIM Account with Roles (cont’d) MP USA selects a User. MP USA clicks on the Submit button. MPIM OVERVIEW Page 34 Managing Users – Modifying a User and API MPIM Account with Roles (cont’d) MP USA modifies the required fields if needed. If a change is made to your First/Last Name or Email address through a modification, the MP USA must then revoke and reissue a new certificate through MPIM. This will update any new changes on the Digital Certificate. MPIM OVERVIEW Page 35 Managing Users – Modifying a User and API MPIM Account with Roles (cont’d) After the user account is successfully modified, the following e-mail will be sent to the User. **NOTE**: The assignment of roles may generate additional e-mails. From: helpdesk@ercot.com Date: 10/01/2007 12:00 PM To: user@ercot.com Cc: Subject: MPIM Notification: User Modified <User (First Name Last Name)> Dear <User (First Name Last Name)>, Your account has successfully been modified. Please contact your USA, <Requestor (First name Last Name)>, regarding the information for your account. If you have a question related to this email, please contact the ERCOT Helpdesk at 512-248-6800. Thank you, MPIM Administrator MPIM OVERVIEW Page 36 Overview Topics • Receiving your Digital Certificate • Accessing MPIM • Managing Users – Create User Accounts – Grant Certificates – Modify User Accounts – Terminate User Accounts – Run Reports – MPIM Errors • Losing MP USA access • Reference Documents / Important Contact information MPIM OVERVIEW Page 37 Managing Users – Terminating a MPIM User Account MP USA clicks on the Terminate link. For more details to Terminate MPIM User Digital Certificates, please refer to Section 2.7 “Terminating a MPIM User Account” in the Introduction and Use of Market Participant Identity Management (MPIM) and Digital Certificates document. MPIM OVERVIEW Page 38 Managing Users – Terminating a MPIM User Account (cont’d) MP USA enters search parameters for a User (employee id, first name, or last name). MP USA clicks the Search button. MPIM OVERVIEW Page 39 Managing Users – Terminating a MPIM User Account (cont’d) MP USA checks the boxes of the User(s) they would like to terminate. MP USA clicks on the Submit button. **NOTE**: Terminating a user will remove the user from the MPIM system and also revoke the user’s certificate and roles. **NOTE**: Once a user is Terminated, the account cannot be reactivated. A new account will need to be created for the User with a new Employee ID. MPIM OVERVIEW Page 40 Managing Users – Terminating a MPIM User Account (cont’d) MPIM sends a revoke certificate email to the MP USA. From: helpdesk@ercot.com Date: 10/01/2007 12:00 PM To: requestor@ercot.com Cc: Subject: MPIM Notification: Certificate Revoked <User (First Name Last Name)> Dear <Requestor (First Name Last Name)>, The certificate belonging to <User (First Name Last Name)> has successfully been revoked. If you have a question related to this email, then please contact the ERCOT Helpdesk (512) 248-6800. Thank you, MPIM Administrator MPIM sends a successful notification to the MP USA. From: helpdesk@ercot.com Date: 10/01/2007 12:00 PM To: requestor@ercot.com Cc: Subject: MPIM Notification: User Disabled <User (First Name Last Name)> Dear <Requestor (First Name Last Name)>, The account belonging to <User (First Name Last Name)> has successfully been disabled. If the User had any resource accounts and/or certificates, then those accounts and certificates have also been successfully revoked. If you have a question related to this email, then please contact the ERCOT Helpdesk at (512) 248-6800. Thank you, MPIM Administrator MPIM OVERVIEW Page 41 Overview Topics • Receiving your Digital Certificate • Accessing MPIM • Managing Users – Create User Accounts – Grant Certificates – Modify User Accounts – Terminate User Accounts – Run Reports – MPIM Errors • Losing MP USA access • Reference Documents / Important Contact information MPIM OVERVIEW Page 42 Managing Users – Reports MP USA clicks on the Reports link. For more details to Run Reports for MPIM User Digital Certificates, please refer to Section 2.8 “Reporting” in the Introduction and Use of Market Participant Identity Management (MPIM) and Digital Certificates document. MPIM OVERVIEW Page 43 Managing Users – Reports (cont’d) MP USA clicks the link for the desired Report Type • Each report can be viewed in three formats: on screen, csv, and pdf. • Because some entities have many users, the reports may take longer than a few seconds to load. • Current Status Report will contain all Active Users for the Market Participant. • Full Report will contain all users, including inactive users for the Market Participant. MPIM OVERVIEW Page 44 Managing Users – Reports (cont’d) If your organization’s ERCOT registered unique identifier (DUNs number plus four) contains 13 digits, it will appear in scientific notation. Also, if the unique identifier begins with a zero; the leading zeros will be cut off. To correct this in the downloaded MPIM reports, please follow the steps below. • MP USA right clicks on desired Report Type and Save Target to desired location. • Open Excel and click on Data Tab • Select Import External Data • Click on Import Data • Go to Desired File to be imported and click Open to import file MPIM OVERVIEW Page 45 Managing Users – Reports (cont’d) •Text import wizard should appear, choose file type as Delimited MPIM OVERVIEW Page 46 Managing Users – Reports (cont’d) • Select Delimiters as Tab and Comma then Click next MPIM OVERVIEW Page 47 Managing Users – Reports (cont’d) • In Data Preview select third column in Column Data Format select Text then click Next and Finish MPIM OVERVIEW Page 48 Managing Users – Reports (cont’d) • Click ok to Import Data into Excel and Duns number should display correctly MPIM OVERVIEW Page 49 Managing Users – Summary Diagram MP USA Perform MP USA duties TML Access MPIM through TML using an MP USA Digital Cert. MPIM MP Note: The specific format of each of these emails can be found in the Introduction and Use of Market Participant Identity Management (MPIM) and Digital Certificates Document. MP User Notifications sent to MP User from MPIM Create – Grant Roles This diagram describes the duties of an MP USA and their relationship to the MP User through MPIM. MPIM will automatically generate notifications to the MP User’s email address. MP User Access applications using Certificate Email confirming the MP User is created Modify – Grant Roles Email confirming the MP User has changed Terminate Email confirming the MP has been terminated Email confirming the MP User Cert has been revoked Grant / Revoke Certificate Email with Cert Password Email with URL Email confirming the MP User Cert has been revoked Reports MPIM OVERVIEW Page 50 Overview Topics • Receiving your Digital Certificate • Accessing MPIM • Managing Users – Create User Accounts – Grant Certificates – Modify User Accounts – Terminate User Accounts – Run Reports – MPIM Errors • Losing MP USA access • Reference Documents / Important Contact information MPIM OVERVIEW Page 51 Managing Users – MPIM Errors Below are examples of Error messages that may occur if the MP USA does not enter all required fields in the MPIM tool. • Each field in MPIM has specific form edits that confirm that the information entered meets requirements. • Some fields have multiple edits which can be generated depending on the information that is entered. MPIM OVERVIEW Page 52 Managing Users - MPIM Errors (cont’d) When MPIM does not complete a request because of connectivity or configuration issues, an error notification is sent to the MP USA and to the Helpdesk. The MP USA will need to contact the ERCOT Helpdesk for more information. MPIM OVERVIEW Page 53 Overview Topics • Receiving your Digital Certificate • Accessing MPIM • Managing Users – Create User Accounts – Grant Certificates – Modify User Accounts – Terminate User Accounts – Run Reports – MPIM Errors • Losing MP USA access • Reference Documents / Important Contact information MPIM OVERVIEW Page 54 Losing MP USA Access - Assignment When Market Participant request NCI for changes to MP USA the ERCOT USA will remove their USA role. The following email is received by the former MP USA. MPIM OVERVIEW Page 55 Contacting ERCOT • ERCOT Helpdesk – Technical Issues – (512) 248-6800 option 3 – Send an email to helpdesk@ercot.com – Contact the ERCOT Helpdesk with any technical issues. (The site is giving me this error.) • ERCOT Client Services – Business Issues – (512) 248-3900 – Contact Client Services with any questions about business processes. (How do I….?) • NOTE: Only the MP USA should contact ERCOT in regards to MPIM and Digital Certificate problems. MPIM OVERVIEW Page 56 Questions? MPIM OVERVIEW Page 57