Access and Recertification

CMS Enterprise Identity Management System

CMS EIDM MFA Device Mockup_508

Access and Recertification

OMB: 0938-1236

Document [docx]
Download: docx | pdf


CMS EIDM
Multi-Factor Authentication (MFA) DEVICE Registration



  1. Introduction

Multi-Factor Authentication (MFA) is a security mechanism that is implemented to provide an extra layer of security such as a security code, when logging in with your User ID and Password.

Registered CMS portal users who wish to access a CMS MFA-protected application will be directed through the MFA registration process.

During the MFA registration process, the CMS EIDM system requires registration of a phone or computer to add an additional level of security to a user’s account. The user is given five options from which to select, to complete the registration process:

  • Smart Phone: Users can download VIP access software on their smart phone/tablet. The user must enter the alphanumeric Credential ID that is generated by the VIP access client. The user will then enter the Security Code generated by the VIP client.

  • Computer: Users can download VIP access software on their computer. The user must enter the alphanumeric Credential ID generated by the VIP access client. The user will enter the Security Code generated by the VIP client.

  • Short Message Service (SMS): Users can use the SMS option to have their Security Code texted to their phone. The user must enter a valid phone number. The phone must be capable of receiving text messages. Carrier charges may apply.

  • Interactive Voice Response (IVR): The user can select the IVR option to receive a voice message containing their Security Code. The user must provide a valid phone number and (optional) phone extension.

  • E-mail: Users can select the E-mail option to receive an E-mail containing the Security Code required at login. The E-mail address on the user’s profile will be used.

Note: Delays in E-mail transmission, spam filters, and other issues outside the user’ control can make this the least desirable option to receive a security code.

  1. User Instructions

To gain access to a CMS MFA protected application, follow these steps

Step

Action

Step 1

If you select a CMS MFA Protected application, you will first be directed to the Multi-Factor Authentication Information page.

Select Next, to begin the MFA Registration process.

MFA Information Page

Step 2

To make your account more secure, you will be directed to the Register Your Phone, Computer, or E-Mail page.

Select the MFA Device Type you wish to register from the drop-down menu.

Register Your Phone, Computer, or E-mail

Notes:

For VIP Client: Enter the Credential ID generated by the VIP Access client.

For Text: You will be asked to enter a valid phone number to receive your Security Code.

For Interactive Voice Response (IVR): Enter the phone number and (optional) extension that will be used during login to obtain the Security Code. The extension may begin with any one of the following: asterisks‘*’; period ‘.’; comma ‘,’; pound ‘#’, followed by numeric 0 to 9. For example: 4885554444, 1112.

, (comma) Creates a short delay of approximately 2 seconds;

. (period) Creates a longer delay of approximately 5 seconds;

*(asterisks) Used by some phone systems to access an extension; and

# (pound/hash) Used by some phone systems to access an extension.

You may use a comma if you are not sure of the special character supported by your company’s phone system.

For E-mail: The E-mail on your profile will be used to send the Security Code required at login.

Step 2a

Using the VIP Client

Follow these steps to use the VIP Access Client:

  1. Depending on the registration option you select, download the VIP Access software from the URL provided on the Register Your Phone or Computer page.

  2. Once downloaded, select the VIP Access Icon on your desktop to activate the VIP Access window.

  3. Select the lcon next to the Credential ID to copy the alphanumeric code.

VIP Access

Place your cursor on the Credential ID field of the Register Phone or Computer page and right click to insert the Credential ID.

Step 3

Enter the credentials of the device (VIP Client shown) and a short description in of the device in the MFA Device Description field. Then select Next to submit your registration.

Register Your Phone, Computer, or E-mail

Step 4

After submitting the registration, a message will be displayed that you have successfully registered your device. Select Next to continue the role request process.

MFA Verification Page



  1. Step-by-Step Instructions for User Logins Using MFA

These instructions demonstrate the login process for users who have MFA configured in their profile. Please follow each step listed below unless otherwise noted.

Step

Action

Step 1

Go to https://portal.cms.gov/ and select Login to CMS Secure Portal on the CMS Enterprise Portal.

Note: The CMS Enterprise Portal supports the following browsers: Internet Explorer 11, Firefox, Chrome, and Safari.

The CMS Enterprise Portal

Step 2

Read the Terms and Conditions page and select I Accept to continue.

Terms and conditions Page

Step 3

Enter your User ID and select Next.

CMS Portal Landing Page

Step 4

Enter your Password, select an MFA Device Type from the drop-down, enter the Security Code, and select Log In.

Note: The ‘Security Code’ for the ‘e-mail’ and ‘One-Time Security Code’ options expires after 30 minutes. The ‘Security Code’ for the other MFA device types expires after 10 minutes. If you are unable to enter the code within the period, you will need to request a new one.

If you do not have access to your registered MFA device, please refer to the ‘User Login’ QRG for step-by-step instructions on how to register an MFA Device.

Welcome to CMS Enterprise Portal

Step 4a

If you select Phone/Tablet/PC/ Laptop as the ‘MFA Device Type’, enter the VIP Access software’s ‘Security Code’ as the MFA Security Code and select Log In.

VIP Access

Step 4b

If you select Text Message – Short Message Service (SMS), Interactive Voice Response (IVR), or e-mail as theMFA Device Type,’ select Send to receive the code on the selected MFA device type.

Enter the code in the Security Code field and select Log In.

Step 4c

If you select One-Time Security Code as theMFA Device Type,’ enter the code you receive either in the e-mail sent to your registered e-mail address via the ‘Unable to Access Security Code?’ link or from your Application Help Desk in the Security Code field and select Log In.

Step 5

Once you are successfully authenticated, your session will begin.

Welcome to CMS Enterprise Portal




File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File Modified0000-00-00
File Created2021-01-22

© 2024 OMB.report | Privacy Policy