DISO IDAM End User Guidance
Access user guides, technical advice, and Identity and Access Management (IDAM) policies. Use this page to raise service requests and queries.
Service Requests
If your query does not match the requests below, email the DISO IDAM Team.
| Category | Task | How to raise the request |
|---|---|---|
| Account Management | Add user account (MOJO Production) | Request new user account |
| Delete user account (MOJO Production) | Request account deletion | |
| Request service account (MOJO Production) | Request service account access | |
| Add or remove guest account (MOJO Production) | Guest User Account | |
| Add or remove privileged account (MOJO LIVE, NLE, or DEV) | Manage privileged account | |
| Add or remove privileged account (DOM1 Dev / NLE) | Email the DISO IDAM Team | |
| Application Consent | Approve delegated application consent | Request via a formal demand for business justification review. Follow demand guidance |
| Security Groups | Add or remove a user | Group owners perform these tasks, via the Entra portal or MyGroups link. If the owner is unavailable, email the DISO IDAM Team |
| Create a new security group | Create New Security Group | |
| Access Packages | Add, amend, or delete a user | Manage access package user |
| Create or amend an access package | Submit new demand request | |
| Create custom roles or service principals | Submit new demand request | |
| Single Sign-On | Create an application registration | Submit new demand request or use self-service registration |
| Delete an application registration | Delete Application Registration | |
| Renew secret or certificate |
Renew Entra ID certificate/secret. N.B. Application owners can update secrets directly, please contact us to be added as an owner for your app if you are not already. |
|
| Multi-Factor Authentication | Manage MFA tokens | Use the MFA Token Assignment- MoJO to assign tokens. |
Ways of working
All requests must follow the correct request route as outlined above. Any other enquires are to be sent to be sent to IDAM@justice.gov.uk for work items to be raised. Any requests sent by any other means will be ignored.
New request items are triaged twice per week (Mondays and Wednesdays)
There is a minimum of a 5-day Service Level Expectation (SLE) for all requests, regardless of how trivial they may seem, as we get 100’s of requests a week all of which needs to be prioritised against existing workloads and commitments.
All updates on tickets are to be requested through IDAM@justice.gov.uk. Whilst the assigned engineer may reach out to you using Teams/Slack in order to progress the task, any requests for updates on work sent directly to engineers will be ignored.
Standard service offerings must be requested using the relevant offering on the service catalogue. This is the quickest way to make sure standard requests get processed as quickly as possible.
Any request that requires expediting faster than 5 days must include a business justification for the expedited change, so that this can be used to support justifications to the Technology Change Management team. All non-standard changes are subject to a 5-day change approval period, which will also need to be accounted for more complex work. The Technology Change Management Team will not accept justifications that do not clearly articulate why the standard approval windows cannot apply, so the emphasis needs to be on engaging with IDAM well in advance to prevent disruptions is essential so you can meet your planned timelines.
We are continually trying to improve our automation within the team, including the routes available for teams to be self-managing when engaging with our service. Please ensure you have read our End User Guidance Pages to benefit from those capabilities when they are available.
Entra ID Fundamentals
- Tenant Overview
- Integration Testing
- Token Lifetime Policy
- Entra Authentication Best Practice
- Handle error AADSTS75011
Entra ID Patterns
- Advanced SSO Authentication Patterns for Developers
- Deploy a secure multi-tenant backend API
- Set MFA requirements for your application
Services
Entra ID: Internal Justice Tenant
Integration guidance for the internal Ministry of Justice workforce.
Entra ID: External Facing Tenant
Integration guidance for professional bodies and non-Ministry of Justice users.
- External Tenant Overview
- Application Registrations (SSO)
- Administrator Account Access
- User Authentication Policies