Dear Valued ARINCDirect Customer,  

In an upcoming change that will provide enhanced security on all your ARINCDirect touchpoints, shared login credentials will no longer be supported. We are undertaking this migration as part of the process to move forward from single, password-based authentication to multi-factor authentication, or MFA.

Our Request  

As an account admin, please go through the usernames in your company and ensure that each username is tied to a single user. That user can have more than one username (for example, an administrator account and a regular user account) but all accounts for the same individual need to have the same email address. And we are requiring that an email address be associated with a single individual, even if they have access to several usernames.  

If none of your people share usernames and each user has their own email address, then no action is required for this part of the migration. We do encourage you to check your company’s usernames now, though, to prevent future surprises.  

For example, let’s say that three individuals within your company access ARINCDirect via a single shared username today. Each of those three will need their own username tied to their own email address. If needed, here’s how you as an administrator can create new accounts:  

1. Navigate to My Company and click on the green “Create New User” button.  
2. Complete the form for the single individual and then click on the “Save New User” button at the bottom of the screen.  
3. The new user will be sent an invitation via email and will be prompted to set their password at that time.  
4. Finally, that new ARINCDirect account can be linked to the individual’s Izon account via the workspaces feature at the top right. More information can be found in the Izon Setup Guide. 

Further Information 

While NIST (National Institutes for Standards and Technology) guidelines do not specifically prohibit shared accounts in secure systems, NIST does highlight them as a potential vulnerability. From a customer-administrator perspective, the main benefit is clearly understanding which user made which change (for example, troubleshooting an inadvertently canceled filing). Additionally, as an administrator you can add or remove permissions for individual users, thus following the cybersecurity principle of “least privilege necessary.” We have written two Jump Seat articles (Personal Cybersecurity and Corporate and Aviation Cybersecurity) to help you understand the cybersecurity landscape in which our changes are happening. 

We’re Here to Help 

Thank you in advance for taking action on this matter as soon as possible. This will help forestall any problems with usernames and emails as we move toward using Izon for authentication and application launching. We place great value on the privacy of your data and operations and we are taking steps to follow industry best practices for cybersecurity. If you have questions, please reach out to ad-flightops@collins.com or 410-266-2266.