Self-Service Local Security Administrator (SSLSA) User Guide
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
Public Manual
Self-Service Local Security
Administrator (SSLSA) User Guide
Version No: 1.4
Publish Date: July 1, 2021
MISO
720 City Center Drive
Carmel, IN 46082-4202
Tel.: 317-249-5400 Fax: 317-249-5703
http://www.misoenergy.org
Page 1 of 44
Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
CONTENTS
1. Introduction ................................................................................................................. 5
1.1 About this User Guide...........................................................................................................5
1.2 Purpose of Local Security Administrator (LSA) Role ................................................................5
1.3 Purpose of the Self-Service LSA Application (SSLSA) ...............................................................5
1.4 Description of SSLSA Functions .............................................................................................5
1.5 Helpful Resources .................................................................................................................6
1.6 Providing Feedback...............................................................................................................7
2. Accessing SSLSA ........................................................................................................... 8
2.1 Access SSLSA ........................................................................................................................8
2.2 Navigation ............................................................................................................................8
3. Managing Portal Users ................................................................................................. 9
3.1 Activate Portal User ..............................................................................................................9
3.1.1 User Information ................................................................................................................... 11
3.1.1.1 Distinguished Name String ................................................................................................ 11
3.1.2 Market Participant User Roles and Permissions ................................................................... 12
3.1.2.1 Metering Agent.................................................................................................................. 13
3.1.2.2 Market Participant User Roles ........................................................................................... 14
3.1.2.3 Purchase-Selling Entity (PSE) Code for Ramp Reservation System ................................... 15
3.1.2.4 GADS Roles ........................................................................................................................ 15
3.1.3 Asset Owner User Roles ........................................................................................................ 16
3.1.3.1 DART Market User Interface (MUI) Roles.......................................................................... 17
3.1.3.2 MISO Communication System (MCS) Roles....................................................................... 18
3.1.3.3 Demand Side Resource Interface (DSRI) Roles .................................................................. 18
3.1.4 Saving a User ......................................................................................................................... 18
3.2 Edit Portal User .................................................................................................................. 19
3.3 Copy Portal User ................................................................................................................. 20
3.4 Inactivate Portal User ......................................................................................................... 22
3.5 Reactivate Portal User ........................................................................................................ 22
3.6 Delete Portal User .............................................................................................................. 23
4. Portal User Search ...................................................................................................... 25
4.1 Searching for a Portal User.................................................................................................. 25
5. Market Portal User Report ......................................................................................... 26
5.1 Executing the Market Portal (MP) User Report .................................................................... 26
Page 2 of 44
Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
6. User Sync Status ......................................................................................................... 27
6.1 Viewing User Sync Status .................................................................................................... 27
7. Audits ........................................................................................................................ 28
7.1 Viewing Audit Information.................................................................................................. 28
7.1.1 Filtering by Date .................................................................................................................... 28
7.1.2 Exporting Audit Data ............................................................................................................. 29
7.1.3 Searching Audit Data ............................................................................................................. 29
8. Feedback.................................................................................................................... 30
Appendix A: How to Obtain a Client-Side Digital Certificate ................................................... 31
Appendix B: Examples of Distinguished Name Information.................................................... 32
I. IdenTrust ............................................................................................................................... 33
II. OATI and Entrust .................................................................................................................... 33
Appendix C: Available roles by template ............................................................................... 34
Market Participant Certified (MP) ................................................................................................. 35
MP Withdrawn or MP Restricted (MP) .......................................................................................... 39
Local Balancing Authority Certified (NMP-B) .................................................................................. 40
Transmission Owner Certified (NMP-T) ......................................................................................... 42
Reliability Coordination or Approved Neighbouring Entity Certified (NMP-R) ................................. 43
Electric Distribution Company Certified (NMP-E) ........................................................................... 44
Page 3 of 44
Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
DISCLAIMERS
This reference is prepared for discussion and information purposes and provided "as is” without
representation or warranty of any kind, including without limitation, accuracy, completeness or
appropriateness for any particular purpose. MISO assumes no responsibility for the
consequences of any errors or omissions. MISO may revise or withdraw this reference at any
time at its discretion without notice. Even though every effort will be made by MISO to update
these references and inform its membership of changes, it is the user’s responsibility to ensure
you are using the most recent edition.
DOCUMENT CHANGE HISTORY
Doc Number Description Effective Date
1.0 Original User Guide JUL-01-2017
1.1 Updated Guide for Launch to Customer Connectivity NOV-28-2017
Environment (CCE)
1.2 Updated Guide for Launch to Production Environment DEC-11-2017
1.3 Include details on digital certificate authorities; added MAR-01-2020
role alignment; updated screen shots
1.4 Updated to include Demand Side Resource Interface JUL-01-2021
(DSRI) tool, updated screen shots and tables
Page 4 of 44
Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
1. INTRODUCTION
1.1 About this User Guide
This document is a user guide outlining key functions of MISO’s Self-Service Local Security
Administrator (LSA) application, also referred to as SSLSA. This user guide does not replace the LSA
Policy. For a copy of the LSA Policy, refer to the Market Participant Resources area in the Market
Participation section of MISO’s public website.
1.2 Purpose of Local Security Administrator (LSA) Role
An individual serving in the LSA role is responsible for creating and maintaining Portal User accounts for
an approved entity. Each entity is responsible for identifying individual(s) to perform the LSA function,
as Portal User account maintenance is the responsibly of the entity, not MISO. The individual that
performs the LSA role has the ability to establish and manage the access of employees of their company
to all, or part, of the information available in MISO’s Market Systems.
Per MISO’s LSA Policy, the registered LSA is responsible for the creation and maintenance of Portal
User accounts which access MISO’s Market Systems. Additionally, the LSA is responsible for ensuring
that any Portal User who accesses a MISO system which has been identified as providing Critical Energy
Infrastructure Information (CEII) has a signed CEII Non-Disclosure Agreement and is included on the
entity’s Universal Non-Disclosure Agreement (UNDA) Appendix A in the appropriate function. Should
you have any questions on Non-Disclosure Agreements, contact Client Services & Readiness at
help@misoenergy.org.
All LSAs must be registered through MISO’s Client Services and Readiness team. If you or your entity
has questions regarding the creation and/or maintenance of an LSA account, please contact a member of
the team by emailing help@misoenergy.org.
Please note that if a LSA also wishes to serve as a Portal User, that LSA must create a separate Portal
User account and separate digital certificate from his or her LSA account.
1.3 Purpose of the Self-Service LSA Application (SSLSA)
To support the LSA’s role of creating and maintaining Portal User accounts, MISO developed an
application named Self-Service Local Security Administrator (LSA), also known as SSLSA.
Only active LSAs have access to SSLSA to create and maintain Portal User accounts for an approved
entity. All LSAs must be registered through MISO’s Client Services and Readiness team. If you or your
entity has questions regarding the creation and/or maintenance of an LSA account, please contact a
member of the team by emailing help@misoenergy.org.
1.4 Description of SSLSA Functions
The following is a list of functions available to active LSAs through SSLSA. These functions will be
described in detail in this user guide.
1) Create/Manage Portal User
Allows an LSA to create and manage Portal Users for its entity. From this area of the tool,
LSAs can:
Page 5 of 44
Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
i) Create Portal Users
ii) Edit Portal Users, including inactivating and/or deleting
iii) Copy Portal Users
iv) Search for Portal Users
v) Export a Portal User Report
2) User Sync Status
Allows an LSA to view status for specific roles that are performed differently than the
majority of application roles available through SSLSA. From this area of the tool, LSAs can:
i) View status of the role actions for the following applications:
(i) MISO Communications System (MCS)
(ii) Demand Side Resource Interface (DSRI)
(iii) Generation Availability Data System (GADS)
(iv) Outage Scheduler (CROW)
3) Audits
Allows an LSA to view audit events for its entity. From this area of the tool, LSAs can:
i) View all audit events associated to Portal User creation and maintenance
ii) View all audit events associated to LSA creation and maintenance
a. NOTE: MISO is responsible for all LSA creation and maintenance;
these audit records will be visible to the LSA
iii) Filter audit events by date
iv) Export audit event log to .csv
v) Search for audit event
Please note, MISO is still responsible for the creation and maintenance of LSA accounts. Please contact
the Client Services and Readiness team if you need to add, update, or inactivate an LSA account for your
entity by emailing help@misoenergy.org.
1.5 Helpful Resources
This is a user guide only. Within SSLSA, high-level help text has been added on features such as user
role assignments to help LSAs better understand the roles being assigned to a specific Portal User. For
more detailed descriptions, or for questions regarding resulting system access, please refer to a supporting
Business Practice Manual or User Guide for that specific application.
LSAs should be familiar with MISO’s LSA Policy which describes the responsibilities of the LSA, as
well as MISO, with regard to establishing, maintaining, and monitoring LSA accounts. For a copy of the
LSA Policy, refer to the Market Participant Resources area in the Market Participation section of MISO’s
public website.
Page 6 of 44
Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
1.6 Providing Feedback
SSLSA is a recently developed application intended to improve the current user maintenance functions
available to LSAs. As you use the tool, MISO welcomes any suggestions for improvements that we can
add to our product backlog. To submit feedback, please send an email to help@misoenergy.org and
provide as much detail as possible, including screen shots, if applicable.
Page 7 of 44
Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
2. ACCESSING SSLSA
2.1 Access SSLSA
Only active LSAs can access SSLSA. The application can be accessed through via MISO’s Market Portal
in both the Production and Customer Connectivity Environment (CCE) via the link below.
Production Environment: https://markets.midwestiso.org/marketportal/
Customer Connectivity Environment (CCE): https://cce.midwestiso.org/marketportal/
The LSA will be prompted to select the digital certificate that is registered to the LSA account. Once in
the Market Portal, navigate to the Self-Service LSA (SSLSA) card and select the Create/Manage Portal
Users link. SSLSA will launch in a new browser window or tab based on your browser configuration.
2.2 Navigation
After authenticating with a digital certificate, LSAs will be presented with a Welcome/Home screen.
Below is a sample of the Home Page:
From the Home Page, an LSA can perform Portal User maintenance as well as view Audit information
related to both Portal User and LSA activity. To access these functions, the LSA may select the
hyperlinks from the Home Page (see above screen shot) or use the drop-down arrow next to the user name
in the top menu. This selection also presents the same functional options (see below screen shot).
To return to the Home Page from within any area of the application, select Home from the top menu.
Page 8 of 44
Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
3. MANAGING PORTAL USERS
To create and manage Portal User accounts, the LSA can access the Create/Manage Portal User link from
the Home Page or username drop-down menu action. This area of the application will allow a LSA to:
View all Portal Users, including active and inactive Portal Users
Create new Portal Users
Edit existing Portal Users
Copy a Portal User
Search for a Portal User
Execute a Portal User Report
Below is an example of the Create/Manage Portal User screen; this example does not contain any users.
The name of the entity (Name), Entity Code, Entity Type, and Account Status are also displayed. These
data elements reflect how the entity has registered with MISO.
Each entity also has an assigned entity access role template (Template) which is displayed next to the
Account Status. This template is a collection of available Market Portal User roles that an LSA can
assign to its users. The template name values are a combination of entity type (Market Participant, Non-
Market Participant) along with the entity status (Certified, Withdrawn, Restricted).
The example above shows a template of “MP Certified” which contains all applicable Market Portal user
roles for a Certified Market Participant.
If you feel your entity has been assigned an inaccurate entity access role template, please send an email to
the Client Services and Readiness team at help@misoenergy.org.
For a list of roles available for each template, please refer to Appendix C of this user guide.
3.1 Activate Portal User
To activate a new Portal User, the LSA can select New or From Contacts from the action bar.
Page 9 of 44
Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
(1) Selecting New presents the LSA with a blank screen to enter User Information.
(2) Selecting From Contacts presents the LSA with a list of contact candidates who are
specifically registered with MISO as a General Contact or Authorized Contact. By selecting
a contact from this list, some user information will be pre-populated on the User Information
section of the screen (First Name, Last Name, Email Address). This function is intended to
assist LSAs who are trying to create a Portal User with access to the Asset Registration Tool
which leverages these user details to perform authorized contact validation.
In both scenarios, an LSA may complete the following sections:
1) User Information (required)
Defines user level information, including First Name, Last Name, Email, Phone, Distinguished
Name String (DN String), and User Access Status.
2) Market Participant User Roles and Permissions (optional)
Displays available application user roles and permissions at the Market Participant level. The
LSA can view the available roles (left) and assign roles by using the arrows. Roles assigned to a
Portal User will be displayed on the right. This section also includes Metering Agent selection,
Purchase Selling-Entity Code (PSE Code) assignment, and Generator Availability Data System
(GADS).
Page 10 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
3) Asset Owner User Roles (optional)
Displays available application user roles and permissions at the Asset Owner level. All registered
Asset Owners are displayed; inactive Asset Owners are shown with their Start and End Dates in
red. Similar to the Market Participant section, the LSA can view the available Asset Owner roles
(left) and assign Asset Owner roles by using the arrows. Roles assigned to a Portal User will be
displayed on the right. The list of available roles will repeat for each Asset Owner.
Note that an LSA may create a Portal User without any assigned Market Participant or Asset Owner user
roles. While that Portal User may be displayed on the User List within SSLSA, the Portal User will be
unable to access applications until roles are assigned with the exception of Help Center (Service
Requests) and MUI 2.0 Member Readiness. All Portal User accounts have access to the Help Center
(Service Request) and MUI 2.0 Member Readiness cards as birth-right access.
3.1.1 User Information
The following fields are required for all users:
First Name
Last Name
Email
Phone
User Access Status (Active or Inactive)
Distinguished Name String (DN String)
3.1.1.1 Distinguished Name String
DN String is the unique identifier in MISO’s system. A DN String cannot already be in use by any
other LSA or Portal User registered with MISO, even if that user is not registered with your entity.
Additionally, formatting of the DN String is extremely sensitive. It is recommended that all LSAs
use MISO’s Certificate Validation Tool to format DN Strings appropriately. Once the DN String has
been formatted through the tool, copy the DN String at the bottom of the page and paste the copied
DN String into the User Information screen.
To access the tool, go to: https://cce.midwestiso.org/certtool/anon/.
When entering the DN String on the User Information form, a visual indicator will be displayed to
show if your string has been formatted correctly. Uniqueness of the DN String will be checked
when your user is saved.
An example of the User Information section can be found on the following page.
Page 11 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
An LSA may save a user without completing any additional role assignments. While that Portal User
may be displayed on the User List within SSLSA, the Portal User will be unable to access any
applications other than Help Cetner (Service Requests) and MUI 2.0 Member Readiness until roles are
assigned as described in the following sections.
3.1.2 Market Participant User Roles and Permissions
The Market Participant is the entity that is registered with MISO and is the “parent” of any identified
Asset Owners in the MISO Market System. A collection of roles are applicable at this parent level versus
the Asset Owner level that will be described in the next section of this user guide.
The Market Participant User Roles and Permissions section allows a LSA to assign roles to a Portal User.
This section includes available roles such as:
Metering Agent
Market Participant User Roles
Purchase-Selling Entity (PSE) Code
GADS Roles
The following page contains an example of the Market Participant User Roles and Permissions section.
The LSA grants appropriate access to a Portal user by assigning specific access or roles. Note that the
options displayed are simply a list of available role options; not all roles will be applicable for every
Portal User account.
Page 12 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
3.1.2.1 Metering Agent
To establish a Portal User account with a Metering Agent role, the LSA selects a Metering Agent
(company) from the drop-down list. The list is updated during the Commercial Model load process,
typically seven to ten days prior to the effective date of a Commercial Model, and reflects the
relationship established between a Market Participant and Metering Agent (company) for specific
Commercial Pricing Nodes (CPNodes).
Page 13 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
Assigning a Metering Agent (company) allows that Portal User to perform the following:
Upload Meter Data for any asset owned by the Market Participant as long as the selected
Metering Agent (company) matches the Metering Agent designated for the Asset.
View Meter Data for all assets owned by the Market Participant that have been assigned to
the Metering Agent (company).
Change Metering Agent Contact Information for any contact associated to the Metering
Agent (company) through the MDMA Change of Information tool accessed via the
Settlements tab.
Please note the following when creating a Portal User with Metering Agent permissions:
Only one Metering Agent (company) can be assigned to a Portal User.
Market Participants serviced by multiple Meter Agents need to create at least one Portal User
that is aligned to each Metering Agent.
It is not recommended to also grant the Meter Data View Role (Asset Owner role) to these
Portal Users. By default, assigning a Metering Agent (company) provides View access to
only the assets that are registered to the selected Metering Agent. Selecting the Meter Data
View Role gives unrestricted meter data viewing to all other Metering Agents assets that are
registered to an Asset Owner.
3.1.2.2 Market Participant User Roles
There are multiple application role options available to an LSA. Available Roles are listed in the left
column. To assign a role to a user, the LSA selects the role (checkbox enabled) and then clicks the
blue arrow (pointing right) to move the role into the Assigned Role column.
Page 14 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
Once assigned, the role will be listed in the Assigned Role column (see below screen shot).
To remove a role, simply perform a similar action. From the Assigned Role column, select the role
that needs to be removed and click the blue arrow (pointing left) to move the role back into the
Available Roles column.
3.1.2.3 Purchase-Selling Entity (PSE) Code for Ramp Reservation System
To enable access to the Ramp Reservation System (RRS), the LSA may assign a registered PSE Code
to a Portal User to allow the user to reserve ramp resources as a part of Congestion Management. The
LSA must first select the appropriate PSE Code from the drop-down and then click Allow Submit.
Please note that not all Market Participants have a PSE Code. If you do not see a PSE Code in the
available list of values and think this is in error, please contact the Client Services and Readiness
team by sending an email to register@misoenergy.org.
3.1.2.4 GADS Roles
To enable access to the Generator Availability Data System (GADS), also known as PowerGADS, an
LSA can choose either View or Submit access for one or more Utility / Units. A list of available
Utility and Unit codes will be listed in the GADS Role section based on data maintained in
PowerGADS by the MISO GADS Administrator. If there are no units available for assigning access,
and you feel that this is in error, please contact the MISO GADS Administrator.
An LSA can also search for GADS units by typing into the Search GADS Units search box. Simply
begin to type in the search field and the unit list will be filtered.
Page 15 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
3.1.3 Asset Owner User Roles
An Asset Owner is an entity that has been defined by the Market Participant in the Commercial Model.
An Asset Owner may contain a relationship to a physical asset, such as load or generation, or may
represent financial-only transactions. For purposes of Portal User management, some applications have
access granted at this more granular level to allow an LSA to provision access to a specific Asset Owner
or set of Asset Owners.
Within SSLSA, the LSA can view all Asset Owners that have been created for the Market Participant. As
with other model-dependent information, new Asset Owners or terminated Asset Owners are updated
during the Commercial Model load process, typically seven days prior to the effective date of the
Commercial Model. Inactive Asset Owners will be shown with Start and End Dates in red.
There are three options available to a LSA when viewing Asset Owner roles:
(1) Show Inactive AOs: default view which displays all Active and Inactive Asset Owners. If a
LSA does not wish to view Inactive AOs, simply click the Show Inactive AOs button.
(2) Expand All: default view displays a collapsed view of Asset Owner roles. Selecting Expand
All will show all available Asset Owner roles for every Asset Owner.
(3) Collapse All: selecting Collapse All will collapse the Asset Owner role listings and display
only the list of Asset Owner names (such as the screen shot below).
A LSA may expand the list of available roles for a specific Asset Owner by selecting the arrow to the left
of the Asset Owner name. To collapse the roles, simply click the arrow again.
There are multiple application role options available to a LSA. As with Market Participant Roles,
Available Roles for an Asset Owner are listed in the left column. To assign a role to a user, the LSA
Page 16 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
selects the role (checkbox enabled) and then clicks the blue arrow (pointing right) to move the role into
the Assigned Role column.
Once assigned, the role will be listed in the Assigned Role column (see below screen shot).
To remove a role, simply perform a similar action. From the Assigned Role column, select the role
that needs to be removed and click the blue arrow (pointing left) to move the role back into the
Available Roles column.
The LSA repeats this process for access that needs to be granted to all applicable Asset Owners.
3.1.3.1 DART Market User Interface (MUI) Roles
The Day-Ahead Real-Time (DART) Market User Interface (MUI) system has the following roles
available for assignment, each with associated functions in the MUI that is accessible via the Market
Portal. The differences between the roles are as follows:
Market / Scheduling: typically used by Market Participants which do not own assets and
will access information about virtual bids and offers and financial schedules. The Submit
capability allows for the submission of virtual bids and offers and financial schedules,
whereas the View capability allows for the viewing of this information. Assigning the
Page 17 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
Market/Scheduling Role will also allow access to Real-Time Offer Enhancement (RTOE)
functionality.
Operational: typically used by Market Participants which own assets and will access
information about these assets. The Submit capability allows for the submission of demand
bids and schedule offers, as well as virtual bids and offers and financial schedules, as
applicable to the Market Participant. View capability allows for the viewing of this
information.
Public Data: the most limited role, allowing the Portal User to only view data that is public.
Notification URL Tool: used by Market Participants to view and edit URLs used for
notifications.
3.1.3.2 MISO Communication System (MCS) Roles
Due to a technical limitation within MISO Communication System (MCS), a single user should not
have Generator Start/Stop Submit assigned to one Asset Owner and Generator Start/Stop View access
assigned to another Asset Owner. All Asset Owner role selections for a single user for Generator
Start/Stop should either be View or Submit across all Asset Owners, not a mix of both roles.
3.1.3.3 Demand Side Resource Interface (DSRI) Roles
The new Demand Side Resource Interface (DSRI) replaces the MCS for LMR-related functions.
DSRI is currently available in the CCE environment. Parallel Operations (MCS and DSRI) begin
tentatively July 1, 2021.
Any existing MCS User (Market Participants, Local Balancing Authorities, and Transmission
Owners) will have access to the DSRI since they share the same databases. However, if a user does
not have the MCS and DSRI: Manage LMR (submit) role, they will not be able to see any pertinent
information within the DSRI. At launch, the DSRI, will only replace LMR-related functions that MPs
perform in the MCS currently, such as updating LMR Availability, acknowledging Scheduling
Instructions, and submitting Resource Deployments (formerly known as LMR Advance
Reporting).At launch, the LMR-related functions to Non-Market Participants (LBAs and
Transmission Owners) will not be available in the DSRI, but they will be during a future release.
3.1.4 Saving a User
Once the LSA has entered all appropriate information, the LSA can select Save or Cancel. These
functions can be found at the top of the User Information section or at the bottom of the form. To save,
select the Save button. To cancel, select Cancel.
If successful, the LSA will be prompted with a success message as seen below and the user will be added
to the User List for the entity.
Page 18 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
If there are errors, such as using a duplicate DN String, the LSA is provided an Error message such as the
example below. Selecting OK takes the LSA back to the User Information page where errors can be
addressed.
3.2 Edit Portal User
To edit an existing Portal User, both Active and Inactive, the LSA selects the user from the list and then
selects the Edit button.
The details for that user, including all assigned roles, are displayed. From this screen, the LSA can update
any necessary information for the Portal User, including User Access Status.
Page 19 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
Once all edits are complete, the LSA may choose to Save or Cancel.
If successful, the LSA will be prompted with a success message as seen below.
If there are errors, the LSA is provided an Error message. Selecting OK takes the LSA back to the User
Information page where errors can be addressed.
3.3 Copy Portal User
MISO has added the ability to copy a Portal User. This functionality will copy User Information and any
assigned Market Participant and Asset Owner roles with the exception of DN String. After a user is
copied, the LSA can update any information for the new user. A unique DN String must be provided.
To copy an existing Portal User, the LSA selects the user from the list and then selects the Copy button.
Page 20 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
In this example, we have copied Portal User (portal@test.com). All user information except the DN
String has been copied, including all assigned Market Portal and Asset Owner roles. See below screen
shots.
Once all edits are complete, the LSA may choose to Save or Cancel.
If successful, the LSA will be prompted with a success message as seen below.
If there are errors, the LSA is provided an Error message. Selecting OK takes the LSA back to the User
Information page where errors can be addressed.
Page 21 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
3.4 Inactivate Portal User
The LSA can revoke a Portal User account when the Market Participant determines that the user no
longer needs access to MISO Market Systems. When a Portal User account is revoked by making it
inactive, the account information is still maintained in MISO Market Systems; however, the Portal User
will no longer be able to access any MISO Market Systems.
To inactivate a Portal User, the LSA selects the appropriate user from the User List and selects Edit.
From the User Information section, the LSA updates the User Access Status to be Inactive and selects
Save.
If successful, the LSA will be prompted with a success message as seen below.
Once inactive, the Portal User will be displayed on the User List in pink. The DN String will also be
appended with a date/time stamp as seen below.
3.5 Reactivate Portal User
If deemed appropriate by the LSA, a Portal User account can be reactivated. To reactivate a Portal user,
the LSA selects the appropriate user from the User List and selects Edit. From the User Information
section, the LSA updates the User Access Status to be Active and selects Save.
Page 22 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
Note that after changing the status back to Active, the DN String will be automatically updated to remove
the date/time stamp. If the DN String needs to be updated to a new value (ex. Digital Certificate has
expired), the LSA can make that update before saving the user.
If successful, the LSA will be prompted with a success message as seen below.
Once reactivated, the Portal User will be displayed on the User List with an active DN String.
3.6 Delete Portal User
Based on feedback from the LSA community, the SSLSA tool has the functionally to fully delete a user
from the system. This action is irrevocable and all audit information related to that Portal User will
be lost. MISO strongly suggests the use of making Portal Users inactive versus using the Delete
functionality.
If an LSA determines deleting a Portal User is necessary for business or compliance purposes, the LSA
selects the appropriate user from the User List and selects Edit. From the User Information section, the
LSA may choose the Delete button in the upper right corner.
Note that in order to delete a Portal User, that Portal User must first be in an Inactive state. After the
Portal User is made Inactive, the Delete button is enabled.
Page 23 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
After selecting Delete, the LSA will see the following warning message:
If the LSA chooses to continue with the Delete action, the LSA will be prompted with a success message
as seen below.
The deleted Portal User is completely removed from the User List.
Page 24 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
4. PORTAL USER SEARCH
4.1 Searching for a Portal User
Search functionality has been added to the User List page. To search for a Portal User, a LSA may type
in the Search Users box found in the upper right corner of the User List screen.
The LSA can enter things like First Name, Last Name, Email, or DN String which will filter the User List
as seen below.
To clear the search, simply click the x in the search box.
Page 25 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
5. MARKET PORTAL USER REPORT
5.1 Executing the Market Portal (MP) User Report
SSLSA includes the ability to execute a report that will contain a list of all Portal Users, including Local
Security Administrators.
To run a report, select MP User Report.
This will start the file downloading. When it has loaded, and depending on your browser, a message will
display asking if you want to open or save the report.
The report will have the following data elements:
Title: Market Portal Users Report
Publish Date: Date when the report was run
User Details: Entity Code, First Name, Last Name, Email Address, Work Phone, Distinguished
Name String, Status, and Account Type
Role Details: Roles assigned to each user will be listed in the subsequent columns
Page 26 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
6. USER SYNC STATUS
6.1 Viewing User Sync Status
There are several systems that perform user creation and updates in an asynchronous approach. Those
systems include:
MISO Communications System (MCS), including DSRI
Generation Availability Data System (GADS)
Outage Scheduler (CROW)
To provide visibility into the success or failures of those actions, LSAs can access the User Sync Status
page. From this view, the LSA can see the following data:
Timestamp: when the user action was requested
Action Type: LISTENER_SUCCESS indicates the user action was performed successfully.
LISTENER_FAILURE indicates the user action was not successful and the LSA
should review the data in the Error Details column.
Returned by: indicates which system was invoked – GADS, MCS, or CROW
First Name: First Name of the user
Last Name: Last Name of the user
Error Details: if an error occurred, the LSA can click the magnifying icon to view error messages
Below is a screen shot of the User Sync Status page and example error.
Page 27 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
7. AUDITS
Actions taken by all LSAs for an entity are audited and accessible through the Audits page of SSLSA.
Additionally, any action taken by MISO on a LSA account is also audited and accessible through the
Audits page of SSLSA.
7.1 Viewing Audit Information
To view audit information, the LSA can access the Audits link from the Home Page or username drop-
down menu action.
The audits page displays information on audit events, including:
Date: date of the audit event
Username: individual who performed the action
Event: audit event such as
o User Create Event: creation of Portal User
o User Update Event: update of Portal User, including status updates
o User Delete Event: deletion of Portal User
o LSA User Create: creation of LSA (MISO Event)
o LSA User Update: update of LSA, including status updates (MISO Event)
Extra Data: displays extra information such as the username and status
7.1.1 Filtering by Date
A LSA can choose to filter the audit events by date range. To view audit events for a specific date range,
the LSA uses the Filter from / to function. In the Filter from selection, the LSA chooses the beginning
date for the range. In the Filter to selection, the LSA chooses the end date for the range. To execute the
filter, the LSA selects Apply.
Page 28 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
7.1.2 Exporting Audit Data
If the LSA wishes to export the audit data, the LSA can select the Export button. The LSA will be
prompted to Save/Open the file or Cancel. Note that choosing the export audit data after a date filter has
been applied will only export the selected date range.
7.1.3 Searching Audit Data
Similar to searching on the User List page, an LSA may search the Audits page. To search for an audit
event, an LSA may type in the Search Audits box found in the upper right corner of the Audits screen.
The LSA can enter things like username, status, DN String, etc.
Note that if an LSA already applied a date filter, the search will only use the selected date range. To
search all audit events, the LSA must remove the date filter before searching.
To clear the search, simply click the x in the search box.
Page 29 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
8. FEEDBACK
As mentioned previously, SSLSA is a recently developed application intended to improve the current user
maintenance functions available to LSAs. As you use the tool, MISO welcomes any suggestions for
improvements that we can add to our product backlog. To submit feedback, please send an email to
help@misoenergy.org and provide as much detail as possible, including screen shots, if applicable.
Page 30 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
APPENDIX A: HOW TO OBTAIN A CLIENT-SIDE DIGITAL CERTIFICATE
MISO recognizes client-side digital certificates issued by the following trusted Certificate Authorities:
IdenTrust – www.identrust.com
o You may purchase a “TrustID Business Certificate” from IdenTrust
(http://identrust.com/certificates/trustid.html)
Entrust – www.entrust.com
o You may purchase a “Entrust Secure Email Cert (Enterprise)” from Entrust
(http://www.entrust.net/secure-email/enterprise.htm)
OATI – http://www.oaticerts.com/
o For new customers please call 763-201-2020 to start the process, for existing
customers email support@oati.net
o OATI customer service will direct on what type of certificate to purchase
MISO will not accept any private-label certificates or certificates issued by a Certificate Authority
that is not one of the trusted authorities listed above. It is recommended that any digital certificate
request should originate from the machine that will utilize it.
Digital certificates are issued based on a policy of strong authentication and identity proofing. It
warrants the following credentials:
The identity of the certificate holder
The authenticity of the business that employs the applicant
The acknowledgement that the holder is authorized to represent the business in digital
transactions.
The Market Participant should address questions related to their client-side digital certificate to the
Certificate Authority from which they acquired the certificate.
To ensure that you are purchasing the correct Digital Certificate, please refer to samples provided in
Appendix B. You may want to send a sample Distinguished Name String to the corresponding
Certificate Authority and advise them that you would like to purchase a Digital Certificate that most
closely matches the sample Distinguished Name String provided below.
Page 31 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
APPENDIX B: EXAMPLES OF DISTINGUISHED NAME INFORMATION
This section provides examples of the Distinguished Name (“DN”) information that will be found
with several of the major Certificate Authorities that MISO supports. This section is intended to
illustrate that there are different formats to the DN information between different Certificate
Authorities. All DN information is required to be entered for each LSA and portal user account to
enable the authentication process to execute successfully.
It is important to note the following in regards to DN information:
Information should be entered in all lowercase; this conversion will usually happen
automatically during the submission by an LSA, but certain characters in a DN string will
require the string to be manually converted to all lowercase before submission (in
particular, a comma embedded within a field value typically prevents the automatic
conversion from happening)
All fieldName=value pairs entered must be in the same order left-to-right as originally
displayed on the certificate in either left-to-right or top-to-bottom order; note, if utilizing
OASIS to expose a DN string, the content is displayed in reverse field order compared to
how it should be entered for a Market Portal account
The state field name must be entered as “st” in the DN information field, rather
than just "s" as shown within Internet Explorer
The email address field name must be entered as “emailaddress” in the DN information
field, rather than just "e" as shown within Internet Explorer
Each fieldName=value pair must be separated by a comma from the subsequent
fieldName/value pair (no leading/trailing comma at front or end of entire string)
The information maintained in the Distinguished Name field is different between certificates from
each Certificate Authority. The position of the fields may also differ.
There may be instances where, upon renewal or reissue, the DN information changes, that may be
different between the various Certificate Authorities. For example, when a certificate is renewed, a
value in one or more fields in the DN information may change. If this occurs, the LSA is responsible
for updating the DN information for the affected portal user account. This is necessary for the portal
user to access the MISO Market Portal using the digital certificate that has had the DN information
modified.
Page 32 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
I. IdenTrust
The following information depicts the DN information that is displayed when the Subject field of
the digital certificate is displayed.
0.9.2342.19200300.100.1.1 = D01E4742000000FCA7E82BDA000050CF
E = user@orgunit.com
CN = User Name
OU = Markets
OU = MISO
O = TrustID business certificate
C = US
The following string represents the DN information, as shown above, when entered by the LSA in
the Market Portal during the Create User Account process or the modify User Account process.
uid=d01e4742000000fca7e82bda000050cf,emai
laddress= user@orgunit.com,cn=user name,ou=markets,ou=miso,o=trustid business
certificate,c=us
II. OATI and Entrust
The following information depicts the DN information that is displayed when the Subject field of
the digital certificate is displayed.
CN = User Name
OU = Markets
O = Midwest ISO
L = Carmel
S = IN
C = US
E = user@orgunit.com
The following string represents the DN information, as shown above, when entered by the LSA in
the Market Portal during the Create User Account process or the modify User Account process.
cn=user name,ou=markets,o=midwest iso,l=carmel,st=in,c=us,emailaddress=user@orgunit.com
Page 33 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: JUL-01-2021
APPENDIX C: AVAILABLE ROLES BY TEMPLATE
As mentioned in Section 3 of this user guide, each entity has an assigned entity access role template
(Template) which is displayed next to the Account Status. This template is a collection of available
Market Portal User roles that an LSA can assign to its users. The template name values are a combination
of entity type (Market Participant, Non-Market Participant) along with the entity status (Certified,
Withdrawn, Restricted).
This appendix provides a list of available roles for the most common templates. If you have questions on
role availability for your entity, please contact Client Services and Readiness at register@misoenergy.org.
Note: Only Market Participants have roles available at the Asset Owner level (refer to ASSET OWNER
in the Role Type column).
Page 34 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: MAR-15-2019
___________________________________________________________________________________________________________________________
Market Participant Certified (MP)
Mutual
Role Type Role ID Role Name Role Description
Exclusion
PORTALUSER 33 Asset Registration Access to Asset Registration Tool to view all MP assets and confirm changes. User must be
Tool (confirm) registered as a General or Authorized Contact
PORTALUSER 32 Asset Registration Access to Asset Registration Tool to view all MP assets and download templates. User must be
Tool (submit) registered as a General or Authorized Contact
PORTALUSER 39 Change Fund Access to request a change to fund allocation via Service Request
Allocation
PORTALUSER 38 Change Virtual MWh Access to update Virtual Megawatt Hour Limits via Service Request
Limit
PORTALUSER 40 Contact Access to add, update, and inactivate contacts as well as corporate address information
Management Tool
(update)
PORTALUSER 41 Credit Exposure Access to view a detailed credit exposure and credit limit report posted to the Market Portal on
Reports (view) a daily basis
PORTALUSER 36 FTR Auction Access to increase and decrease the amount available to bid on Financial Transmission Right
Allocation (FTR) Auctions via Service Request
PORTALUSER 28 FTR: Admin (submit) Access to perform all the functions required for FTR Registration, FTR Nomination, and FTR 27
Auction
PORTALUSER 27 FTR: Admin (view) Access to view FTR Registration, FTR Nomination, and FTR Auction information 28
PORTALUSER 57 FTR: ARR Admin Tool Access to submit ARR Registration
(submit)
PORTALUSER 5 Market Invoices Access to view net settlement invoices based on the charges and credits that result from the
(view) Market Settlement Statements. Included are invoices for the prior week’s Settlement 14,55,
and 105 activity as well as all of the Settlement 7 statements from the week before the
previous week
PORTALUSER 4 Market Settlements Access to view Daily Summary Statements and view EQR Statements
Summaries (view)
PORTALUSER 29 MCS and DSRI: Access to view the primary modules of MISO Communication System (MCS) and the Demand
Market Participant Side Resource Interface (DSRI) as an MP
(view)
Page 35 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: MAR-15-2019
___________________________________________________________________________________________________________________________
Mutual
Role Type Role ID Role Name Role Description
Exclusion
PORTALUSER 35 Module E Capacity Access to MECT to submit RAR obligations, including but not limited to. The transfer and 34
Tracking (MECT) delegation of ZRCs, and RAR attributes, and information
(submit)
PORTALUSER 34 Module E Capacity Access to MECT to track and analyze Resource Adequacy information 35
Tracking (MECT)
(view)
PORTALUSER 10 Non-MISO Trans BBS Access to Non-MISO Bilateral Transactions Bulletin Board (submit) 9
(submit)
PORTALUSER 9 Non-MISO Trans BBS Access to Non-MISO Bilateral Transactions Bulletin Board (view) 10
(view)
PORTALUSER 15 Outage Scheduler Access to CROW Outage Scheduler to submit new outages and update existing outages for 14
(submit) their assets
PORTALUSER 14 Outage Scheduler Access to CROW Outage Scheduler to view all existing outages, regardless of owner 15
(view)
PORTALUSER 112 Ramp Reservation Submit Access to Ramp Reservation System.
System (submit)
PORTALUSER 22 Transmission Access to update (own projects) and view (all projects) in MTEP Project Database 21
Planning (submit)
PORTALUSER 21 Transmission Access to view all projects in the MTEP Project Database (read-only) 22
Planning (view)
PORTALUSER 110 Transmission Access to download Monthly Charge and Monthly Revenue files.
Statements (view)
ASSETOWNER 42 Asset Registration Access to Asset Registration Tool to view asset information for selected Asset Owner
Tool (view)
ASSETOWNER 52 DART: Access for a non-asset owning entity to execute web page and XML submittals for the selected 51,53,54,55
Market/Scheduling Asset Owner that will modify virtual bids and offers, as well as financial schedule data. Role
(submit) also allows for Real-Time Offer Enhancement (RTOE) functionality
ASSETOWNER 51 DART: Access for a non-asset owning entity to view data for the selected Asset Owner via web pages 52,53,54,55
Market/Scheduling and XML queries regarding virtual bids and offers, as well as financial schedules. Role also
(view) allows for Real-Time Offer Enhancement (RTOE) functionality
ASSETOWNER 25 DART: Notification Access to view and edit the URLs used for notifications 24
URLs (submit)
Page 36 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: MAR-15-2019
___________________________________________________________________________________________________________________________
Mutual
Role Type Role ID Role Name Role Description
Exclusion
ASSETOWNER 24 DART: Notification Access to view the URLs used for notifications 25
URLs (view)
ASSETOWNER 54 DART: Operational Access to view asset information for selected Asset Owner and execute the submission of 51,52,53
(submit) demand bids, schedule offers, submit virtual transactions, and financial schedules via web
pages and XML queries
ASSETOWNER 53 DART: Operational Access to view asset information for selected Asset Owner via web pages and XML queries 51,52,54
(view) regarding demand bids, scheduled offers, virtual transactions, and financial schedules
ASSETOWNER 55 DART: Public Data Access to view public data for the selected Asset Owner via web pages and XML queries 51,52,53,54
(view)
ASSETOWNER 56 DART: Transaction Access to view Transaction Log data for selected Asset Owner via web pages and XML queries
Log (view)
ASSETOWNER 17 Demand Response Access to submit new Enrollments or edit existing Enrollments associated with a demand
Tool Enrollments response registration
(submit)
ASSETOWNER 16 Demand Response Access to view existing Enrollments associated with a demand response registration
Tool Enrollments
(view)
ASSETOWNER 3 Demand Response Access to submit data to validate Settlement events for demand response resources 2
Tool Settlements
(submit)
ASSETOWNER 2 Demand Response Access to view existing Settlement events and records for demand response resources 3
Tool Settlements
(view)
ASSETOWNER 50 EDR Data (submit) Access to submit Meter Data associated with Emergency Demand Response event 49
ASSETOWNER 49 EDR Data (view) Access to view submitted Meter Data associated with Emergency Demand Response event 50
ASSETOWNER 43 Financial Model Access to view Commercial Model information for selected Asset Owner
(view)
ASSETOWNER 4 Market Settlements Access to view Daily Summary Statements and view EQR Statements
Summaries (view)
ASSETOWNER 45 MCS: Generator Access to view and submit Generator Start/Stop information. NOTE: For users with Generator 44
Start/Stop (submit) Start/Stop roles for multiple Asset Owners, role selection should either be View or Submit
across all Asset Owners, not a mix of both roles
Page 37 of 44Self-Service Local Security
Administrator (SSLSA) User Guide
Effective Date: MAR-15-2019
___________________________________________________________________________________________________________________________
Mutual
Role Type Role ID Role Name Role Description
Exclusion
ASSETOWNER 44 MCS: Generator Access to view Generator Start/Stop information. NOTE: For users with Generator Start/Stop 45
Start/Stop (view) roles for multiple Asset Owners, role selection should either be View or Submit across all Asset
Owners, not a mix of both roles
ASSETOWNER 46 MCS and DSRI: Access to view and submit LMR availability information in both MCS and DSRI systems
Manage LMRs
(submit)
ASSETOWNER 47 Meter Data (view) Access to view Meter Data for all Assets under this Asset Owner. Metering Agent Company
should not be selected in drop-down menu
Page 38 of 44You can also read
