Access and Recertification
CMS Enterprise Identity Management System
CMS EIDM MFA Device Mockup_508
Access and Recertification
OMB: 0938-1236
CMS
EIDM
Multi-Factor Authentication (MFA) DEVICE Registration
Multi-Factor Authentication (MFA) is a security mechanism that is implemented to provide an extra layer of security such as a security code, when logging in with your User ID and Password.
Registered CMS portal users who wish to access a CMS MFA-protected application will be directed through the MFA registration process.
During the MFA registration process, the CMS EIDM system requires registration of a phone or computer to add an additional level of security to a user’s account. The user is given five options from which to select, to complete the registration process:
Smart Phone: Users can download VIP access software on their smart phone/tablet. The user must enter the alphanumeric Credential ID that is generated by the VIP access client. The user will then enter the Security Code generated by the VIP client.
Computer: Users can download VIP access software on their computer. The user must enter the alphanumeric Credential ID generated by the VIP access client. The user will enter the Security Code generated by the VIP client.
Short Message Service (SMS): Users can use the SMS option to have their Security Code texted to their phone. The user must enter a valid phone number. The phone must be capable of receiving text messages. Carrier charges may apply.
Interactive Voice Response (IVR): The user can select the IVR option to receive a voice message containing their Security Code. The user must provide a valid phone number and (optional) phone extension.
E-mail: Users can select the E-mail option to receive an E-mail containing the Security Code required at login. The E-mail address on the user’s profile will be used.
Note: Delays in E-mail transmission, spam filters, and other issues outside the user’ control can make this the least desirable option to receive a security code.
To gain access to a CMS MFA protected application, follow these steps
Step |
Action |
Step 1 |
If you select a CMS MFA Protected application, you will first be directed to the Multi-Factor Authentication Information page. Select Next, to begin the MFA Registration process.
|
Step 2 |
To make your account more secure, you will be directed to the Register Your Phone, Computer, or E-Mail page. Select the MFA Device Type you wish to register from the drop-down menu.
Notes: For VIP Client: Enter the Credential ID generated by the VIP Access client. For Text: You will be asked to enter a valid phone number to receive your Security Code. For Interactive Voice Response (IVR): Enter the phone number and (optional) extension that will be used during login to obtain the Security Code. The extension may begin with any one of the following: asterisks‘*’; period ‘.’; comma ‘,’; pound ‘#’, followed by numeric 0 to 9. For example: 4885554444, 1112. , (comma) Creates a short delay of approximately 2 seconds; . (period) Creates a longer delay of approximately 5 seconds; *(asterisks) Used by some phone systems to access an extension; and # (pound/hash) Used by some phone systems to access an extension. You may use a comma if you are not sure of the special character supported by your company’s phone system. For E-mail: The E-mail on your profile will be used to send the Security Code required at login. |
Step 2a |
Using the VIP Client Follow these steps to use the VIP Access Client:
Place your cursor on the Credential ID field of the Register Phone or Computer page and right click to insert the Credential ID. |
Step 3 |
Enter the credentials of the device (VIP Client shown) and a short description in of the device in the MFA Device Description field. Then select Next to submit your registration.
|
Step 4 |
After submitting the registration, a message will be displayed that you have successfully registered your device. Select Next to continue the role request process.
|
Step-by-Step Instructions for User Logins Using MFA
These instructions demonstrate the login process for users who have MFA configured in their profile. Please follow each step listed below unless otherwise noted.
Step |
Action |
Step 1 |
Go to https://portal.cms.gov/ and select Login to CMS Secure Portal on the CMS Enterprise Portal. Note: The CMS Enterprise Portal supports the following browsers: Internet Explorer 11, Firefox, Chrome, and Safari.
|
Step 2 |
Read the Terms and Conditions page and select I Accept to continue.
|
Step 3 |
Enter your User ID and select Next.
|
Step 4 |
Enter your Password, select an MFA Device Type from the drop-down, enter the Security Code, and select Log In. Note: The ‘Security Code’ for the ‘e-mail’ and ‘One-Time Security Code’ options expires after 30 minutes. The ‘Security Code’ for the other MFA device types expires after 10 minutes. If you are unable to enter the code within the period, you will need to request a new one. If you do not have access to your registered MFA device, please refer to the ‘User Login’ QRG for step-by-step instructions on how to register an MFA Device.
|
Step 4a |
If you select Phone/Tablet/PC/ Laptop as the ‘MFA Device Type’, enter the VIP Access software’s ‘Security Code’ as the MFA Security Code and select Log In.
|
Step 4b |
If you select Text Message – Short Message Service (SMS), Interactive Voice Response (IVR), or e-mail as the ‘MFA Device Type,’ select Send to receive the code on the selected MFA device type. Enter the code in the Security Code field and select Log In.
|
Step 4c |
If you select One-Time Security Code as the ‘MFA Device Type,’ enter the code you receive either in the e-mail sent to your registered e-mail address via the ‘Unable to Access Security Code?’ link or from your Application Help Desk in the Security Code field and select Log In.
|
Step 5 |
Once you are successfully authenticated, your session will begin.
|
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Modified | 0000-00-00 |
| File Created | 2021-01-22 |
© 2024 OMB.report | Privacy Policy