Introduction: Strengthening CJIS Compliant Authentication

Large parts of the Criminal Justice Information Security (CJIS) policy revolve around authentication and verifying that a user is who they claim to be. Historically, this meant “one set of credentials per system,” which required different username and password combinations for every system an officer needed to access.

Detectives may be superhuman in many dimensions, but their appetite for remembering dozens of passwords is normal. With many personal and workplace credentials already in use, adding yet another agency specific password is not something most officers look forward to.

Why Single Sign On (SSO) Matters for Agencies

Single sign on (SSO) addresses this challenge by allowing officers to log in with one username and password, along with MFA, and then use that authentication seamlessly across multiple systems.

A modern police department typically wants:

• One secure, centrally managed login per officer

• MFA delivered through a CJIS compliant hardware authenticator

• The ability for IT staff to provision or deprovision access in a single place

This is especially valuable when officers retire, transfer, or change roles. Managing access across many systems manually is time consuming and prone to errors, which is something CJIS standards aim to avoid.

The Rise of Federated Authentication

Consumers are familiar with “Login with Google” or “Login with Facebook.” Agencies can accomplish the same approach, but with their own private identity provider (IDP) or broader identity and access management (IAM) system.

Historically, Microsoft Active Directory has been the most widely used IAM. In Microsoft Azure, this system is now known as Microsoft Entra. Entra provides the tools an agency needs to manage secure access to computing resources.

Longeye’s Approach: Seamless Integration with Existing IAM Systems

Longeye’s authentication system is built on the Okta cloud based IAM platform. While Okta can manage its own users and credentials, it also supports federation, which is the key enabling technology behind SSO.

When properly configured, federation is straightforward to set up. Longeye’s security team partners with an agency’s IT staff to integrate their SAML (Security Assertion Markup Language) or OIDC (OpenID Connect) IDP, and the process is usually completed in less than an hour.

Benefits of Federated Authentication for Agencies

Federated authentication offers several advantages beyond convenience.

1. Simplified Identity Proofing

Identity proofing, which verifies a user’s identity using government IDs, does not need to be repeated. If a user is already proofed in the agency’s IAM, they are automatically validated for Longeye.

2. No Coordination Needed for User Provisioning

New users can be assigned to Longeye inside the agency’s IAM. There is no need to contact Longeye or manage another account.

Two key reasons make this simple:

• Longeye has no per user licensing charges

• Users can log in at their convenience once access is assigned

Microsoft Entra ID Is Only the Beginning

Entra is the first federated IAM system Longeye officially supports, but agencies across the country use a variety of IAM platforms. Longeye is committed to integrating with whatever systems agencies rely on to deliver fast and secure access.

SSO reduces onboarding friction and provides detectives with a simple and fully CJIS compliant authentication experience. It is not often that increased security results in a smoother user workflow, but this is one of those cases.