WIXLIB

Self-Service Local SecurityAdministrator (SSLSA) User GuideEffective Date: MAR-01-2020Public ManualSelf-Service Local SecurityAdministrator (SSLSA) User GuideVersion No: 1.4Publish Date: March 1, 2020MISO720 City Center DriveCarmel, IN 46082-4202Tel.: 317-249-5400 Fax: 317-249-5703http://www.misoenergy.orgPage 1 of 44

Self-Service Local SecurityAdministrator (SSLSA) User GuideEffective Date: MAR-01-2020CONTENTS1.Introduction . 51.1About this User Guide . 51.2Purpose of Local Security Administrator (LSA) Role . 51.3Purpose of the Self-Service LSA Application (SSLSA) . 51.4Description of SSLSA Functions . 51.5Helpful Resources. 61.6Providing Feedback . 72.Accessing SSLSA . 82.1Access SSLSA . 82.2Navigation. 83.Managing Portal Users . 93.1 Activate Portal User . 93.1.1User Information . 113.1.1.1Distinguished Name String . 113.1.2Market Participant User Roles and Permissions . 123.1.2.1Metering Agent. 133.1.2.2Market Participant User Roles . 143.1.2.3Purchase-Selling Entity (PSE) Code for Ramp Reservation System . 153.1.2.4GADS Roles . 16Asset Owner User Roles . 163.1.33.1.3.1DART Market User Interface (MUI) Roles . 183.1.3.2MISO Communication System (MCS) Roles . 183.1.4Saving a User . 193.2Edit Portal User . 193.3Copy Portal User . 203.4Inactivate Portal User . 223.5Reactivate Portal User . 223.6Delete Portal User . 234.Portal User Search. 254.15.Market Portal User Report . 265.16.Searching for a Portal User . 25Executing the Market Portal (MP) User Report . 26user Sync Status . 27Page 2 of 44

Self-Service Local SecurityAdministrator (SSLSA) User GuideEffective Date: MAR-01-20206.17.Viewing User Sync Status . 27Audits . 287.1 Viewing Audit Information . 287.1.1Filtering by Date . 287.1.2Exporting Audit Data . 297.1.3Searching Audit Data . 298.Feedback . 30Appendix A: How to Obtain a Client-Side Digital Certificate . 31Appendix B: Examples of Distinguished Name Information. 32I.IdenTrust . 33II.OATI and Entrust . 33Appendix C: Available roles by template . 34Market Participant Certified (MP) . 35MP Withdrawn or MP Restricted (MP). 39Local Balancing Authority Certified (NMP-B) . 40Transmission Owner Certified (NMP-T) . 42Reliability Coordination or Approved Neighbouring Entity Certified (NMP-R) . 43Electric Distribution Company Certified (NMP-E) . 44Page 3 of 44

Self-Service Local SecurityAdministrator (SSLSA) User GuideEffective Date: MAR-01-2020DISCLAIMERSThis reference is prepared for discussion and information purposes and provided "as is” withoutrepresentation or warranty of any kind, including without limitation, accuracy, completeness orappropriateness for any particular purpose. MISO assumes no responsibility for theconsequences of any errors or omissions. MISO may revise or withdraw this reference at anytime at its discretion without notice. Even though every effort will be made by MISO to updatethese references and inform its membership of changes, it is the user’s responsibility to ensureyou are using the most recent edition.DOCUMENT CHANGE HISTORYDoc NumberDescriptionEffective Date1.0Original User GuideJUL-01-20171.1Updated Guide for Launch to Customer ConnectivityEnvironment (CCE)NOV-28-20171.2Updated Guide for Launch to Production EnvironmentDEC-11-20171.3Include details on digital certificate authorities; addedrole alignment; updated screen shotsMAR-01-2020Page 4 of 44

Self-Service Local SecurityAdministrator (SSLSA) User GuideEffective Date: MAR-01-20201. INTRODUCTION1.1 About this User GuideThis document is a user guide outlining key functions of MISO’s Self-Service Local SecurityAdministrator (LSA) application, also referred to as SSLSA. This user guide does not replace the LSAPolicy. For a copy of the LSA Policy, refer to the Market Participant Resources area in the MarketParticipation section of MISO’s public website.1.2 Purpose of Local Security Administrator (LSA) RoleAn individual serving in the LSA role is responsible for creating and maintaining Portal User accounts foran approved entity. Each entity is responsible for identifying individual(s) to perform the LSA function,as Portal User account maintenance is the responsibly of the entity, not MISO. The individual thatperforms the LSA role has the ability to establish and manage the access of employees of their companyto all, or part, of the information available in MISO’s Market Systems.Per MISO’s LSA Policy, the registered LSA is responsible for the creation and maintenance of PortalUser accounts which access MISO’s Market Systems. Additionally, the LSA is responsible for ensuringthat any Portal User who accesses a MISO system which has been identified as providing Critical EnergyInfrastructure Information (CEII) has a signed CEII Non-Disclosure Agreement and is included on theentity’s Universal Non-Disclosure Agreement (UNDA) Appendix A in the appropriate function. Shouldyou have any questions on Non-Disclosure Agreements, contact Client Relations atclientrelations@misoenergy.org.All LSAs must be registered through MISO’s Client Services and Readiness team. If you or your entityhas questions regarding the creation and/or maintenance of an LSA account, please contact a member ofthe team by emailing help@misoenergy.org.Please note that if a LSA also wishes to serve as a Portal User, that LSA must create a separate PortalUser account and separate digital certificate from his or her LSA account.1.3 Purpose of the Self-Service LSA Application (SSLSA)To support the LSA’s role of creating and maintaining Portal User accounts, MISO developed anapplication named Self-Service Local Security Administrator (LSA), also known as SSLSA.Only active LSAs have access to SSLSA to create and maintain Portal User accounts for an approvedentity. All LSAs must be registered through MISO’s Client Services and Readiness team. If you or yourentity has questions regarding the creation and/or maintenance of an LSA account, please contact amember of the team by emailing help@misoenergy.org.1.4 Description of SSLSA FunctionsThe following is a list of functions available to active LSAs through SSLSA. These functions will bedescribed in detail in this user guide.1) Create/Manage Portal User Allows an LSA to create and manage Portal Users for its entity. From this area of the tool,LSAs can:Page 5 of 44

Self-Service Local SecurityAdministrator (SSLSA) User GuideEffective Date: MAR-01-2020i)Create Portal Usersii) Edit Portal Users, including inactivating and/or deletingiii) Copy Portal Usersiv) Search for Portal Usersv) Export a Portal User Report2) User Sync Status Allows an LSA to view status for specific roles that are performed differently than themajority of application roles available through SSLSA. From this area of the tool, LSAs can:i)View status of the role actions for the following applications:(i) MISO Communications System (MCS)(ii) Generation Availability Data System (GADS)(iii) Outage Scheduler (CROW)3) Audits Allows an LSA to view audit events for its entity. From this area of the tool, LSAs can:i)View all audit events associated to Portal User creation and maintenanceii) View all audit events associated to LSA creation and maintenancea. NOTE: MISO is responsible for all LSA creation and maintenance;these audit records will be visible to the LSAiii) Filter audit events by dateiv) Export audit event log to .csvv) Search for audit eventPlease note, MISO is still responsible for the creation and maintenance of LSA accounts. Please contactthe Client Services and Readiness team if you need to add, update, or inactivate an LSA account for yourentity by emailing help@misoenergy.org.1.5 Helpful ResourcesThis is a user guide only. Within SSLSA, high-level help text has been added on features such as userrole assignments to help LSAs better understand the roles being assigned to a specific Portal User. Formore detailed descriptions, or for questions regarding resulting system access, please refer to a supportingBusiness Practice Manual or User Guide for that specific application.LSAs should be familiar with MISO’s LSA Policy which describes the responsibilities of the LSA, aswell as MISO, with regard to establishing, maintaining, and monitoring LSA accounts. For a copy of theLSA Policy, refer to the Market Participant Resources area in the Market Participation section of MISO’spublic website.Page 6 of 44

Self-Service Local SecurityAdministrator (SSLSA) User GuideEffective Date: MAR-01-20201.6 Providing FeedbackSSLSA is a recently developed application intended to improve the current user maintenance functionsavailable to LSAs. As you use the tool, MISO welcomes any suggestions for improvements that we canadd to our product backlog. To submit feedback, please send an email to help@misoenergy.org andprovide as much detail as possible, including screen shots, if applicable.Page 7 of 44

Self-Service Local SecurityAdministrator (SSLSA) User GuideEffective Date: MAR-01-20202. ACCESSING SSLSA2.1 Access SSLSAOnly active LSAs can access SSLSA. The application can be accessed through via MISO’s Market Portalin both the Production and Customer Connectivity Environment (CCE) via the link below. Production ortal/ Customer Connectivity Environment (CCE):https://cce.midwestiso.org/marketportal/The LSA will be prompted to select the digital certificate that is registered to the LSA account. Once inthe Market Portal, navigate to the Self-Service LSA (SSLSA) card and select the Create/Manage PortalUsers link. SSLSA will launch in a new browser window or tab based on your browser configuration.2.2 NavigationAfter authenticating with a digital certificate, LSAs will be presented with a Welcome/Home screen.Below is a sample of the Home Page:From the Home Page, an LSA can perform Portal User maintenance as well as view Audit informationrelated to both Portal User and LSA activity. To access these functions, the LSA may select thehyperlinks from the Home Page (see above screen shot) or use the drop-down arrow next to the user namein the top menu. This selection also presents the same functional options (see below screen shot).To return to the Home Page from within any area of the application, select Home from the top menu.Page 8 of 44

Self-Service Local SecurityAdministrator (SSLSA) User GuideEffective Date: MAR-01-20203. MANAGING PORTAL USERSTo create and manage Portal User accounts, the LSA can access the Create/Manage Portal User link fromthe Home Page or username drop-down menu action. This area of the application will allow a LSA to: View all Portal Users, including active and inactive Portal Users Create new Portal Users Edit existing Portal Users Copy a Portal User Search for a Portal User Execute a Portal User ReportBelow is an example of the Create/Manage Portal User screen; this example does not contain any users.The name of the entity (Name), Entity Code, Entity Type, and Account Status are also displayed. Thesedata elements reflect how the entity has registered with MISO.Each entity also has an assigned entity access role template (Template) which is displayed next to theAccount Status. This template is a collection of available Market Portal User roles that an LSA canassign to its users. The template name values are a combination of entity type (Market Participant, NonMarket Participant) along with the entity status (Certified, Withdrawn, Restricted).The example above shows a template of “MP Certified” which contains all applicable Market Portal userroles for a Certified Market Participant.If you feel your entity has been assigned an inaccurate entity access role template, please send an email tothe Client Services and Readiness team at help@misoenergy.org.For a list of roles available for each template, please refer to Appendix C of this user guide.3.1 Activate Portal UserTo activate a new Portal User, the LSA can select New or From Contacts from the action bar.Page 9 of 44