Identity & Access Management for Users

We provide access to applications and services at the level you need so that you can do your job.

Obtain and Manage NUIDs

Obtain a new NUID or manage existing NUIDs for KP employees and contingent workers.

Getting Started

Request Remote Access

Set up remote access through a virtual private network (VPN) connection from a KP computer or device.

Getting Started

Reset Password

Reset your desktop, ACA, or web single sign-on (WSSO) password.

Getting Started

Request Application Access

Request access to KP applications and systems that you need for your job.

Getting Started

Obtain and Manage NUIDs

Obtaining a National User Identifier (NUID) is the first step in setting up access for new hires. The NUID is intended to be the one and only ID needed to create network access, set up an email account, and access applications across Kaiser Permanente.

Who can request this service?
Managers who need to obtain or manage NUIDs for new employees and contractors.

Resources

Getting Started

Request a new NUID:

  1. Log in to KPIM > Manage Identity > Create Identity > Create Employee or Create Contingent Worker.
  2. Populate the required fields and click “submit.”
  3. The request will be routed  for approvals.
  4. You will be notified of the new NUID via email.

Manage existing NUIDs:

  1. Log in to KPIM > Manage Identity > View/Modify Identity or Terminate Identity.
  2. Enter the NUID and complete requested information.

Note: The status of all requests can be viewed under the section “My Items” when you log in to KPIM. Do not use KPIM to create identities for affiliate providers; these requests must be routed through the regional affiliate coordinators.

Request Remote Access

KP workforce users may sign up to access the secure KP network through a virtual private network (VPN) connection from a KP computer or device, allowing them to work remotely. Most will use GlobalProtect, a VPN software already installed on all KP computers, combined with PingID, KP’s multifactor authentication solution. PingID also allows access to many applications without a VPN connection. Per KP policy, personal devices may not be connected to the KP Network due to significant cybersecurity risks.

PingID
Access to secure KP applications and network via authentication using PingID

Who can request this?
Any KP workforce member (employee or non-employee)

Resources

Getting Started

  1. Set up PingID at the MFA Registration Site
  2. Use it when prompted after logging in.
  3. Do not respond to unsolicited PingID prompts

Download the PingID app to a KP or personal device (mobile or laptop/desktop) and then register the device at the MFA Registration Site. Users may register up to 10 devices and manage existing registered devices. Additional information and instructions are available at mfa.kp.org.


Related IT Service

APPS RAS and Office 365

The APPS RAS portal allows users to connect to KP HealthConnect and other resources. O365 read-only access allows users to receive/send emails via webmail. Per KP policy, personal devices may not be connected to the KP Network due to significant cybersecurity risks.

GlobalProtect
Connect remotely to the KP network and applications using VPN software GlobalProtect and authentication using PingID.

Who can request this?
All KP employees can leverage GlobalProtect.

Resources

Getting Started

  1. If you are an employee, to request remote access, log in to KPIM. Go to “Manage My Access” or “Manage Other’s Access.” Click “Request Access” at the bottom, enter “Remote access using PingID and Global Protect” into the “Search Applications” field, and click “Add Access.”
  2. To set up PingID, go to the MFA Registration Site.
  3. GlobalProtect is installed on all computers. View the instructions to the left to get started.

Reset Password

Reset your desktop, ACA, or web single sign-on (WSSO) password used to access KP machines, applications, and network.

Reset Windows Desktop, Advanced Central Authentication (ACA) or Active Directory Password

This password reset self-service allows KP workforce users to reset passwords for their Windows desktop, their Active-Directory accounts, and their ACA (Advanced Central Authentication) password for logging into applications like VPN. The users will use this service by clicking the “Forgot Password” link on the ACA login page.

Getting Started

  1. Go to the Advanced Central Authentication (ACA) login page by opening a KP application such as KP Learn.
  2. You will see a grey login screen. Click on the “Forgot Password” link that is located below the password field.
  3. You will be required to use PingID, phone number, or verify your identity using a government-issued photo ID (e.g. a driver’s license, or passport).

Reset Web Single Sign-On Password
The password self-service enables users to reset web single sign-on (WSSO) passwords when they forget passwords, or to manage security questions and answers.

WSSO provides a way to sign on to multiple applications and websites using a single name and password. Many online destinations at Kaiser Permanente are included in the WSSO program.

Refer to the end of the WSSO User Guide for a list of sites and applications that are supported by WSSO.

Who can request this service?
Any KP employee or contingent worker with an active NUID.

Resources

Getting Started

Reset your WSSO password

There are two options to reset your WSSO password:

Related IT Services

Reset other passwords (non-WSSO)

There are three options to reset other passwords (non-WSSO):

  • Use Password Express for resetting passwords for common applications such as Windows desktop logon, Outlook, Office 365, Skype for Business, iNotes, and Sametime.
  • Use your voice print on SecureVoice to reset common passwords without calling the KP Service Desk.
  • Call the KP Service Desk at 888-457-4872.

Request Application Access

KP Identity Manager (KPIM) is a self-service application that allows you to submit access requests for supported KP applications and infrastructure systems.

Who can request this service?
Any KP employee or contingent worker.

Resources

Getting Started

Request application access:

  1. Log in to KPIM >  Manage My Access or Manage Other’s Access.
  2. Click “Request Access.”
  3. Search for the application and click “Add Access.” Follow instructions to complete the request.
  4. Your request will be routed for approval.
  5.  The status of all requests can be viewed under the section “My Items” when you log in to KPIM.

If the application is not listed within KPIM, please submit your request through ServiceNow > Make a Request > Access > Applications or call the IT Service Desk at 1-888-457-4872 for assistance..