User Access Administrator (UAA)
Companies that are market participants must designate one or more UAAs to manage user access to ISO applications (excluding OASIS, which is a public application). All requests for application access, removal and revocation of certificates must be submitted by your company's authorized UAA. If you don't know who your company's UAA is, contact UAARequests@caiso.com.
UAA benefits and responsibilities
Benefits
- Greater control over access to company data
- Better position to meet regulatory/audit requirements
- Greater accuracy in requests, which correlates to faster provisioning of access
Responsibilities
- All ISO application access requests will be submitted from UAAs based on their area of responsibility.
- UAAs must warrant the identity of users requesting access to ISO systems through means agreeable with their company’s practices.
- UAAs must warrant that users requesting access to ISO systems are authorized for the applications and permissions being requested.
- UAAs must warrant all data on the ISO Application Access Request Form or Device Certificate Request form is accurate and valid.
- When any company changes occur, which will impact the designated UAAs, an established UAA or other authorized representative of the company must notify ISO with enough advance notice to make any required changes.
- When a user’s access to ISO applications is no longer required due to termination or a change in job responsibilities, the UAA must immediately revoke the user’s certificate or remove the user’s access.
- UAAs must understand the requirements of utilizing ISO certificates, which are defined in the ISO’s Certificate Policies and Certification Practice Statements, including the requirement that all transactions occurring under a user’s certificate are the responsibility of that user, and that sharing certificates is not allowable.
- If a user or UAA suspect a user’s certificate has been compromised, the UAA must contact ISO immediately to revoke the suspect certificate.
User Access Administrator Guide
1. Complete non-disclosure agreements (if applicable)
Certain secure planning and market systems data are available upon compliance with the applicable submission instructions and submittal of a non-disclosure agreement (NDA). Requesting entities must be members of the Western Electricity Coordinating Council (WECC) or have an approved WECC Confidentiality Agreement prior to requesting access to this data.
The NDA must first be submitted to the ISO per the instructions below, and once the NDA is approved, the UAA may provision access for the affected users.
2. Designate the UAA or update agreements
At least two UAAs must be established and maintained for each company. The establishment of UAAs must be made by an individual at the external entity that has an appropriate level of authority to designate the UAAs. Submit a UAA agreement below to establish a UAA, update contract types and/or IDs.
3. Install certificates and review security standards
A certificate allows a UAA to securely connect to ISO applications. This may not apply to current UAAs. Follow the certificate guides to install your certificate and review certificate policies and Certification Practice Statements (CPS).
4. Provision access
As a UAA, the primary way to provision users access is through the Access and Identity Management (AIM) application. For MRI-S financial statements through Secure File Transfer Protocol, use the Application Request Form (SFTP AARF). For the RMR Discussion Board use the Application Access Request Form (AARF).
Resources
ISO User Access Administrator (UAA) Establishment and Requirements
Access and Identity Management (AIM)
UAAs will receive an email on how to access AIM once approved as a UAA.
AIM provides UAAs with the ability to view application-level access for all of their organization’s users as well as any users from other organizations who have access to their resources. Additionally, the AIM application will allow a UAA to view the expiration date of their users’ certificates and automatically request a renewal from within the application.
Training
See the Access and Identity Management (AIM) page for training materials including an overview, user guide and other supporting information.