Two-Factor Authentication: Use Login.gov With eRA Modules

On This Page 

Using Login.gov to Access eRA Modules

Steps for the Association Process

Steps to Log into eRA Commons (once the association is complete)

Find Help

Other Actions

What Do I Do Based on the Roles I Have?


Using Login.gov to Access eRA Modules

Accessing eRA requires two-factor authentication, a second layer of security that requires you have a Commons account and a Login.gov account that you associate with each other. Once this one-time association is complete, you will log in by clicking the Login.gov logo on the eRA Commons home screen.

eRA is offering users of eRA Commons, ASSIST and IAR two ways to comply:

* The ability of an organization to use its own credentials provided it supports NIH's two-factor authentication standards.

Note: Users with multiple eRA Commons accounts should hold off on moving to two-factor authentication until 2024. eRA will then have a solution for users to consolidate their multiple accounts into a single eRA account that contains all their organization affiliations and roles.  See ‘What Do I Do Based on Roles I Have?' section at the bottom of the page.

 

Steps for the Association Process

Step 1 - Ensure you have an eRA Commons account with current credentials

If you do have an eRA Commons account, verify that your username and password are current by logging in before following the directions below.

Tip: If needed, click on the Forgot Password/Unlock Account link to reset password.

Step 2 - Ensure you have a Login.gov account
Do you have a Login.gov account?
No, I need to create a Login.gov account Yes, I need to login to my account
  1. On the eRA Commons screen, click the Login.gov logo
    Login gov logo
  2. Click the Create an Account button
  3. Enter your email address, accept the Rules of Use and click Submit
  4. Confirm the email address in the email you receive from Login.gov
  5. You will be returned to the create a strong password screen to create a password.
  6. Choose an authentication method (For e.g. enter your cellphone number to get a security code by text).
  7. Enter the security code you receive.
  8. Click the Agree and continue button and you will be taken to the Associate Your eRA Account Screen.
  1. On the eRA Commons screen, click the Login.gov logo
    Login gov logo
  2. Enter your Login.gov email address and password and click Sign In.
  3. Authenticate with the two-factor authentication method you set up and you will be taken to Associate Your eRA Account screen.
Step 3 - Associate your Login.gov account with your eRA Commons account

On the Associate Your eRA Account screen, you will enter your eRA Commons username and pass- word and click Continue to complete the association.

Tip: Do NOT enter your Login.gov credentials here.

 

Steps to Log into eRA Commons (once the association is complete)

  1. Go to the eRA Commons home screen.
  2. Click on the Login.gov logo
    Login gov logo
  3. Enter your Login.gov credentials.
  4. Once logged in, the Commons landing screen will be displayed.
Resources: For additional details with screenshots see the 2FA Flyer.

 

Find Help

 

Other Actions

 

What Do I Do Based on the Roles I Have?

Principal Investigators (PIs) and Key Personnel: All principal investigators (PIs) and key personnel associated with an application or Research Performance Progress Report (RPPR) are required to transition to the use of two-factor authentication 45 days after the submission of their competing grant application (Type 1 or 2) or their RPPR.

After 45 days of this triggering event, these users will not be able to access eRA modules until they set up and use a two-factor authentication service provider - Login.gov and/or an InCommon Federated account (that supports NIH’s two-factor authentication standards).

Note: PIs and key personnel do not have to wait for the 45-day trigger after submitting an application or RPPR to start using two-factor authentication.

Reviewers: The transition for reviewers to use two-factor authentication when using the Internet Assisted Review (IAR) module is ongoing and unchanged. Reviewers will continue to be required to use two-factor authentication as soon as they are enabled for a review meeting. Most reviewers have transitioned already.

Administrative Accounts: As a reminder, those with one administrative account in eRA Commons, such as signing official, need not wait and can go ahead now and set up and start using two-factor authentication.

Users with Multiple eRA Commons Accounts: Users with multiple eRA Commons accounts should hold off on moving to two-factor authentication until 2024. eRA will then have a solution for users to consolidate their multiple accounts into a single eRA account that contains all their organization affiliations and roles.  More importantly, once users complete the consolidation process, they will be able to associate their Login.gov or InCommon Federated account with one eRA account to support all their authentication needs. (See eRA Commons roles).

Multiple Accounts Combinations Example Advice
Two separate administrative role accounts A person with signing official and business official accounts Hold off on moving to two-factor authentication for those accounts.
Administrative role and scientific role or other role A person with signing official and principal investigator accounts (typically small business applicants)

You could move your principal investigator account to two-factor authentication now and hold off on using two-factor authentication for your other account.

Keep in mind, your principal investigator account may automatically be transitioned to require two-factor authentication as part of the transition timeline described above.
Scientific role and other role A person with principal investigator and assistant accounts You could move your principal investigator account to two-factor authentication now and hold off on using two-factor authentication for your other account.

eRA Partner Agency Applicants/ Recipients: eRA partner agency applicants/recipients are encouraged to move to two-factor authentication, but not required to at this time (except for reviewers whose transition is ongoing; or applicants/recipients who apply to NIH or have an NIH grant). The updated plan applies only to NIH applicants/recipients.