Users of eRA Commons, ASSIST, Internet Assisted Review (IAR) and Commons Mobile are encouraged to begin their switchover to the new two-factor authentication (2FA) login method required to access eRA modules before the mandatory deadline of September 15, 2021 for all users. The authentication will help ensure the security of your personal and confidential information in these systems.
Users can currently access eRA modules in one of three ways:
- eRA credentials (username and password)
- InCommon Federated credentials (using their own university/institution’s authenticated credentials)
Effective September 15, 2021, all external users will be required to access eRA modules using a 2FA compliant login method. At this time, login.gov is the only 2FA compliant login method.
- Use of eRA credentials will no longer be supported after September 15, 2021
- Although InCommon Federated credentials do not currently support 2FA requirements, it is anticipated that 2FA support will be implemented before the deadline to allow continued use of InCommon Federated credentials.
Note: if you use InCommon Federated credentials, please note that NIH is currently working with the InCommon Federation to implement support for the 2FA requirement by or before September 15, 2021. It will be dependent upon each institution that participates in the InCommon Federation to implement support for 2FA. If your institution does not implement the needed 2FA support by the deadline, then you will be unable to use your InCommon Federated credentials after September 15, 2021.
eRA will continue to support both InCommon Federated credentials and eRA credentials until login.gov is made mandatory for all external users on September 15, 2021. However, if you are a reviewer who has been transitioned to require the use of login.gov prior to that date (as explained below) then the use of eRA credentials or InCommon Federated credentials will not be permitted once that transition occurs.
More information will be provided at a later date.
Transition of Reviewers to Login.gov
The new secure two-factor authentication login method requires users to create an account at login.gov, a centralized government portal, and associate their eRA credentials (Commons or ASSIST account) with it. The user must initiate the process from eRA Commons or ASSIST by clicking the login.gov login option on the Commons or ASSIST home screen, which will then redirect the user to login.gov. Users only need to do this association one time.
Reviewers have already begun the transition to using login.gov to access the IAR module via eRA Commons in a phased manner. Reviewers with meetings starting on February 1 and beyond had their IAR accounts transitioned to require the use of login.gov on December 14, 2020. The transition will continue daily, with reviewers migrated to login.gov meeting by meeting, until all reviewers are using login.gov.
IMPORTANT: Make sure your eRA Commons account is active and you know your account password; also ensure that you not are not using old bookmarked URLs to access eRA Commons as it may interfere with the login.gov process. The URL for eRA Commons is https://public.era.nih.gov/commons/
Login.gov Status in eRA Commons
Note that with the Account Management System (AMS) release of eRA Commons today, users who have the roles to manage eRA Commons accounts (signing officials, account administrators, etc.) will be able to see whether logging in using login.gov is required, optional or exempt. This will be visible, upon searching for user accounts, in the Search Results section of the Search Accounts screen of AMS as a new column. See Figure 1.
- If the value is ‘Required,’ the user is required to login to eRA modules using login.gov. Use of eRA credentials (username and password) or Incommon Federated credentials is not permitted.
- If the value is ‘Optional,’ the user can still login using their eRA credentials (username and password) or InCommon Federated credentials.
- If the value is ‘Exemption,’ the user can login using their eRA or InCommon Federated credentials until the ‘Exempt’ date expires. From that point forward, the user is required to login to eRA modules using login.gov.
Figure 1: Account Management System search results screen showing login.gov status.
On the Manage Account screen under User Information, a new field has been added: Login.gov Exemption Expiration Date. When Login via login.gov is set to Exempt, this field displays the end date for the exemption. See Figure 2.
Note: Login.gov exemptions are only granted on a limited basis by the eRA Service Desk and only the eRA Service Desk can modify this date.
Figure 2: Login.gov Exemption Expiration Date field on the Manage Account screen.
- Guide Notice NOT-OD-21-040
- Web page: Two-Factor Authentication: Accessing eRA Modules via login.gov
- Two-factor authentication video tutorials:
- One-page flyer
- Two-Factor Authentication FAQs
- eRA Commons Online Help
- ASSIST Online Help
- eRA Reminder: Transition Early to Use of Login.gov to Access eRA Commons, ASSIST, IAR and Commons Mobile - 01/11/21
- eRA Information: Required Use of Login.gov to Access eRA Commons, ASSIST, IAR and Commons Mobile Coming in 2021 - 12/14/20
- eRA Reminder: Two-Factor Authentication Login Option Available Today - 04/08/20
- eRA Enhancement: Two Factor Authentication Login Option Coming to eRA Modules - 04/06/20
- If you run into issues with login.gov or associating your login.gov account with your eRA account, please contact the eRA Service Desk at https://grants.nih.gov/support/index.html .
- You can also refer to login.gov for additional help at https://www.login.gov/help/
- Questions about using InCommon Federated Credentials with 2FA enabled campus credentials can be directed to firstname.lastname@example.org.