An Official Website of the Commonwealth of Pennsylvania
Contact the Keystone Login Help Desk for all questions, concerns and issues with Keystone Login. The help desk can be reached by phone at 877-328-0995 or by email at KeystoneLoginSupport@randstadusa.com.
Note: If you have a Keystone ID through the Child Welfare Portal (CWIS),
State Employee Retirement System (SERS),
Disaster Training Registration,
COMPASS
Child Support,
or Consolidated Eligibility Letter (CELS) you can use those same credentials to log in.
For assistance with those applications, please contact the CWIS Support Center at 1-877-343-0494
What's New
Select any of the following Release Numbers to review previous end-of-sprint deployment updates and fixes for Keystone Login
Enhancements
• KL:
o Added four new verification types (3 FDSH, 1 NSTIC) from Department of Human Services.
Bug Fixes
• KL Admin:
o User search results remain on-screen when selecting the View and Edit options.
o User accounts in the Managed domain are now searchable by email address.
• KL Web:
o The Last Login details are loading correctly from the Active Directory.
o The Principal Context error no longer results in creating new accounts with existing email addresses.
o Multiple connection attempts are made when receiving a Principal Context error.
o During the Add User process, a Get-AD GUID is sent from the Active Directory when it is not first received from Identity Manager.
Enhancements
• KL Admin:
o Search results remain on the User Search page even after navigating to the View User page.
o Connected Reset Password, Change Password, and Edit Account to new Managed User API.
o Added Health Check page.
• KL Web:
o Added a requirement (“Do not use any dictionary words as your password”) to the Registration page when the Enhanced Security box is checked.
o Added Managed User feature flag for enabling/disabling.
o Connected Change Password and Edit Account page to new Managed User API.
o Added Edit Account to Home page for Managed Users.
o Adjusted Login to handle SiteMinder Managed User now returning the Active Directory GUID.
• KL:
o Added Managed User API functions:
- Get Managed User Data
- Update User
- Change Password
- Reset Password
o Updated to new version of Identity Manager Managed User API with fixes to change password and security questions.
o Added security questions to Managed User Edit Account.
Bug Fixes
• KL Admin:
o Removed Today and Last 24 Hours buttons on Exception and User Log pages.
• KL Web:
o Split email/username duplicate search between Managed and Non-Managed so fields are searched in each independently.
o Fixed handling of Expired Password response from Identity Manager.
• KL:
o Fixed spelling errors.
o Cleaned up warnings.
o Fixed password generator function to return a password of specified length (12 characters.)
Enhancements
• KL:
o Updates to Keystone Login UI and improved accessibility.
o Updates to NuGet packages.
• KL Admin:
o Admin users can remove email addresses from duplicate Keystone Login accounts.
o Admin users can sort Agency and Application lists in the admin tool.
• KL Web:
o Updates to improve user login experience and reduce errors due to internal timeouts.
o Users can search for and restore system-purged accounts.
o Users now receive a link to the Forgot Password screen when they try to register a new account with an email address already in use.
o Password length must be a minimum of 12 characters.
o First letters of names are capitalized during Registration.
o Added login text and branding for identification when redirecting to Keystone Login from another agency.
o SiteMinder Login now retrieves the Active Directory GUID without an LDAP call.
o Improved SiteMinder connection exceptions.
o Updated Main page display for Managed Users.
Bug Fixes
• KL Web:
o Forgot Username
o Managed SiteMinder Login call
o Added Purged User connection string to External Client.
o Users can no longer create accounts with a “b-“ prefix in all domains.
Enhancements
• KL:
o Updated NuGet packages.
• KL Web:
o Non-managed users can no longer create usernames starting with “b-”.
o Unsent One-Time Passcode emails are now logged as exceptions.
o Updated the copyright bar at the bottom of all pages.
o Added labels to the radio buttons on the Choose MFA, Choose Provider, Experian Verification, and Forgot Password pages for accessibility.
Fixes
• KL Web:
o Fixed double spinners on the MFA pages.
o Fixed typo in the HTML on the Choose MFA page.
Enhancements
• KL:
o Updated framework to .Net 8.0.
o Updated all libraries.
Fixes
• KL Web:
o SAML logging issues for CWOPA users.