PIEE Training - Logon and User Maintenance Overview

Procurement Integrated Enterprise Environment - Logon and User Maintenance Overview

Logon and User Maintenance Overview

Password Failure

If a user enters their password incorrectly 3 times within 20 minutes then they are locked out of PIEE for 60 minutes. If they enter the password incorrectly 3 more times while the account is locked, all of their roles will be deactivated. Administrators are able to reset passwords via the admin console or reset certificates for a user under their span of control. Password resets are for one time use and should be given to the user over the phone, not through email. When login is successful, the user should be prompted to change their one-time password. Once a CAC card has expired, an administrator can reset a CAC through the admin console so the user can login with the new CAC.

Login Requirements

Users must login into PIEE within a certain amount of days or they will be deactivated. This timeframe is system property driven. Users should contact their GAM to activate their user roles.

Certificates

Digital certificates are encrypted files containing private keys that are verified against a chain of trust that is known to the br/owser. PKI certificates are optional for Vendors and required for government personnel. Due to infrastructure limitations, a government user is permitted to use a user ID/password to log on to the system, while awaiting receipt of his/her PKI certificate.

Session Expiration

To enhance security, the system automatically expires sessions after 30 minutes of inactivity. When 15 minutes remain before session expiration, a pop-up will appear in the active window, notifying the user that the session is about to end.

The user will have two options:

Extend Session: Selecting "Yes" will keep the session active for another 30 minutes.
End Session: Selecting "No" will close the pop-up without taking any action, and the session will expire at the time stated in the pop-up.

This feature ensures that sessions do not remain open after inactivity, reducing the risk of unauthorized access and helping to protect sensitive information.

Reference Guide	PDF	Notes
Inactivate/Activate Workflow Diagram (PDF)		This an overview of how to how to review of the Inactivate/Activate Workflow Diagram.
Reset User		This guide provides instructions on how a GAM resets a User's Certificate.

Logon Support Demos:

Document	Demo	Doc	Last Updated	Notes
Find My Account Administrator			April 2020	This is an overview of the Find My Account Administrator search functionality.
How to Log into PIEE Troubleshooting			January 2026	This is an overview of signing into the PIEE application with a User ID/Password or Certificate. This demo includes instruction on how to follow the Find My User ID, Reset My Password, and Get help with CAC / PIV Login links.

PIEE ICAM Login Enhancements

Overview	PIEE enhances its Identity, Credential, and Access Management (ICAM) capabilities to provide secure, standards-based, and federated authentication for CAC/PIV users, aligned with approved enterprise ICAM services. As part of this enhancement, the login experience is updated to help users easily choose the correct sign-in option based on their home organization, ensuring a smooth and secure authentication process. The login page supports both federated and non-Federated CAC users: The Login with User ID option on the right remains unchanged and can be used as before. The Login with Certificate section on the left displays two CAC-based options: Federated organizations: Select the second button to sign in using the home organization’s federated identity provider. This applies to users that login with DOW CAC, and currently includes Navy, Air Force, Army (in progress), DISA, and any 4th Estate Agency onboarding to DISA E-ICAM. Non-federated organizations: Select the first button to sign in using existing non-federated credentials. This applies to ALL users that currently use a non-DOW CAC certificate (e.g. PIV), and to any DOW users whose organizations are not yet onboard to a DOW ICAM NOTE: If a user is unsure whether their home organization is Federated, they should contact the Help Desk for guidance. NOTE: All new users must select the New User button on the PIEE Landing page to complete registration before logging in PIEE. (Please refer to Government / Government Support Contractor Registration and Vendor Registration to complete the new user registration process) Buttons: Authentication for PIV and non-federated CAC users Authentication for federated CAC users Log in
Who gets authenticated?	The following user types can be authenticated. Federated User Types: Government DOW Government Support Contractor DOW Non-Federated User Types: Government DOW Government Non-DOW Government Support Contractor DOW Government Support Contractor Non-DOW Vendor (Only Certificate)
Path 1: Login as a Federated CAC user (Second button)	NOTE: From this point, the login process splits into two separate paths. Only the section corresponding to the selected button should be followed. Path 1: Login as a Federated CAC user (Second button) Follow the steps in this section for the second button option. Prerequisite: Federated CAC users must complete new user registration and have their PIEE account approved and activated by an administrator prior to following the steps outlined below. On the PIEE Landing page, click the LOG IN button. Buttons: LOG IN Click the Authentication for Federated CAC User button. NOTE: The login button name may change based on configuration. If the label shown in the application differs from what is referenced here, the Federation Hub login option will appear as the second button on the login page. Buttons: Authentication for Federated CAC Users The user is redirected to the DISA Federation Hub page. From the drop-down list, select the home organization that is linked to the user. NOTE: Current drop-down list may subject to change based on new ICAMs being federated. NOTE: For DOW CAC users that are not certain of their home organization, select DoD E-ICAM. DISA drop-down list: Sign in with Army Sign in with DoD E-ICAM Sign in with NIS IdP (Navy) Sign in with Department of the Air Force DISA buttons: Go The user is then redirected to the Identity Provider associated with the selected organization (for this training purpose, user selected “Sign in with DoD E-ICAM” that redirects to the U.S. Department of Defense authentication page). Click the Sign in with CAC/PIV link. Buttons: Sign in with CAC/PIV Upon successful authentication using CAC/PIV, an existing PIEE user is redirected to the PIEE main page with the apps.
Path 2: Login as a Non-Federated CAC User (First button)	Path 2: Login as a Non-Federated CAC User (First button) Follow the steps in this section for the First button option. Prerequisite: Non-federated CAC users must complete new user registration and have their PIEE account approved and activated by an administrator prior to following the steps outlined below On the PIEE Landing page, click the LOG IN button. Buttons: Agree Click the Authentication for PIV and Non-Federated CAC User button. NOTE: The login button name may change based on configuration. If the label shown in the application differs from what is referenced here, the Non-Federated CAC login option will appear as the first button on the login page. Buttons: Authentication for PIV and Non-Federated CAC User Existing federated PIEE users access their PIEE account after successful authentication using their selected login method (CAC/PIV/certificate).

Previous Close