Two-Factor Authentication: Access eRA Modules via login.gov

Quick Links

Timeline

Log-in Options for eRA Modules

Initial Set-up at login.gov

Resources

Help

Federated Users


eRA is moving to two-factor authentication via login.gov, meaning that log-in will require something you know (password) and something you have (a phone or other device). This new log-in method will be required in 2021 for users of eRA Commons, Commons Mobile, IAR and ASSIST.

The move is part of HHS’s Reinvent Grants Management Initiative to provide the applicant and grantee community the ability to log in to four different grants systems (eRA, Grants.gov, GrantSolutions and Payment Management System) using the same username and password via login.gov.

Timeline

eRA is first phasing in the requirement for reviewers using IAR. On December 14, 2020, the new requirement started being phased in for reviewers, effective for review meetings February 1, 2021 and beyond. As reviewers are enabled for meetings, their accounts will be transitioned to require login.gov to access IAR.

IMPORTANT: Reviewers, make sure your eRA Commons account is active and you know your account password; if you are unsure of either, then use the the Forgot Password/Unlock Account? link on the main Commons home screen to change your password and unlock your account.  Also, ensure that you not are not using old bookmarked URLs to access eRA Commons. The URL for eRA Commons is https://public.era.nih.gov/commons/

All users of eRA Commons, ASSIST, IAR and Commons Mobile are encouraged to switch to 2FA through login.gov now, before the mandatory deadline of September 15, 2021.  Although InCommon Federated credentials (use of an organization’s credentials) are not currently supported by NIH for meeting 2FA requirements, it is anticipated that InCommon's existing support for 2FA will be implemented by NIH before the deadline to allow continued use of InCommon Federated credentials.

If you have multiple eRA Commons accounts

Note: Once you start using login.gov to access eRA Commons or ASSIST; the use of other login methods such as Commons credentials (username/password) or InCommon federated credentials (use of an organization’s credentials) is not permitted. This requirement to use login.gov also applies to any activities you may subsequently do in eRA Commons as a principal investigator, reviewer, etc.  For those who utilize InCommon federated credentials, NIH is working to implement the necessary two-factor authentication processes already supported by InCommon's federation protocol to allow that login method to continue in the future.

Log-in Options for eRA’s Modules

Module

Two-factor authentication via Login.gov

eRA credentials

PIV/CAC card*

Federated**

eRA Commons

Yes

Yes

Yes

Yes

Commons Mobile

Yes

Yes

   

IAR (via eRA Commons)

Yes

Yes

Yes

Yes

ASSIST

Yes

Yes

 

 

*Federal staff only

**When organizations authenticate their own users.  Only available to users who have not yet transitioned to the required use of login.gov.   See note above about InCommon Federation support of 2FA.

Initial Setup at login.gov

Here are the steps for the initial setup at login.gov.

IMPORTANT: Before completing the following steps, make sure your eRA account is active and you know your account password.  If you need to reset your eRA account password, please do so by using the Forgot Password/Unlock Account? link on the main Commons homepage.

Note: We have used eRA Commons as an example below.

A screenshot of a cell phone Description automatically generated

 

STEP 1Click on the login.gov option on eRA Commons

  1. When you click on the login.gov option on the eRA Commons home screen, you will be redirected to https://login.gov/

Note: If you already have a login.gov username and password, enter it. You will go directly to Step 3 below.

STEP 2 — Create a login.gov account

  1. Enter email address at login,gov
  2. Receive email verification
  3. Verify email address
  4. Create password
  5. Choose a primary authentication method – for instance, select phone
    1. Enter phone number
    2. Enter security code received by text message
    3. Set up is confirmed
  6. Your account creation at login.gov is confirmed. Click Continue to return to eRA Commons.

 STEP 3 — Associate your login.gov account with your eRA Commons account (one-time only)

  1. The eRA Commons mapping page is displayed. Enter your eRA credentials – username and password – to associate your login.gov account with your eRA Commons account. You will only do this once.

YOU ARE DONE — You will be returned to eRA Commons. The next time you log into eRA Commons using login.gov, you will automatically be redirected to eRA Commons without having to log in again.

Make sure you are not using old eRA system bookmarks that may interfere with the login.gov process.

Here are the URLs for:

  1. eRA Commons: https://public.era.nih.gov/commons/
  2. ASSIST: https://public.era.nih.gov/assist/
  3. IAR: https://public.era.nih.gov/iar
  4. Commons Mobile: http://m.era.nih.gov/cmb

Resources

Help

 

Federated Users

Please note that NIH is currently working with the InCommon Federation (https://www.incommon.org/about/), the organization that coordinates federated authentication across universities/institutions, to implement support for the 2FA requirement by or before September 15, 2021.  It will be dependent upon each institution that participates in the InCommon Federation to implement support for 2FA and to express that via its federated login system. If your institution does not implement the needed 2FA support by the deadline, then you will be unable to use your InCommon Federated credentials after September 15, 2021.

We are asking you to take action on two items:

  1. Check if your InCommon Federated credentials meet NIH and InCommon Federation’s two-factor authentication standards via this compliance website. If your Federated credentials pass the check, it is good news. You can continue using your federated credentials instead of moving to login.gov.
  2. If your Federated credentials do not pass the check, then we recommend you contact your university/institution’s administrators (the IT administrators who manage authentication) and encourage them to get compliant so you can continue using your InCommon Federated credentials. If the administrators have any technical questions, they can reach out to InCommon Federation at help@incommon.org.

Note: Two-factor authentication is now mandatory for all reviewers. Once they are assigned to a meeting, they will need to use 2-factor authentication for all eRA logins. Currently, the only 2-factor authentication method supported is login.gov. Once eRA can accept Federated 2-factor authentication and the user’s institution implements the needed 2FA support, eRA will be able to assist reviewers in reverting to Federated credentials.