Two-Factor Authentication: Use an InCommon Federated Account to Log In to eRA Modules

On This Page 

Using a Federated Account to log in to eRA modules

Summary of Steps for logging into eRA modules with an InCommon Federated Account

Can users use Federated if they have already transitioned to Login.gov?

Check if your organization’s Federated account complies with NIH standards

Resources

Help

Log-in Options for eRA Modules

 

Using a Federated Account to login to eRA modules

What is two factor authentication? eRA has begun moving to two-factor authentication (also known as multi-factor authentication) for accessing its external modules, meaning that log-in will require something you know (password) and something you have (a phone or other device). eRA is offering users of eRA Commons, ASSIST and IAR two ways to comply:

* The ability of an organization to use its own credentials provided it supports NIH’s two-factor authentication standards.

What is an InCommon federated account and how does it relate to eRA modules? Organizations participating in the InCommon Federation, the organization that coordinates federated authentication across universities/institutions, authenticate their own users.

For instance, eRA system users can securely log in to eRA modules* using their own organization’s account credentials (username/password) if the organization participates in the InCommon Federation, provided:

  • their organization supports NIH’s two-factor authentication standards, and
  • the user has it enabled for their InCommon federated account. 

Use of InCommon Federated accounts without two-factor authentication is no longer permitted.

The NIH is collaborating with the InCommon Federation on this effort.

*Users can use federated accounts for eRA Commons and ASSIST.

Summary of Steps for logging into eRA modules with an Incommon Federated Account

Read these steps to acquaint yourself with the process. For more instructions with screen shots see our detailed step-by-step instructions. We use eRA Commons as an example here.

Step 1 – Go to the Federated Account option on the eRA Commons login screen. On the eRA Commons login screen, you will see an option to log in using an InCommon Federated account — Login with Federated Account. 

image-20210805142338-1

Step 2 — Select your own organization on the dropdown. You will type part of your organization’s name and then select the organization from the dropdown menu (which displays all InCommon Federation organizations that are supported). 

Step 3 — Click the Login button

Step 4 — Enter your credentials on your organization’s sign in screen — You are directed to your organization’s login site, where you will enter your organization’s credentials (username and password). 

Step 5 — You are redirected back to eRA Commons — Once the organization has authenticated you, you are redirected back to eRA Commons and automatically logged in if your organization’s account is compliant with NIH’s two-factor authentication standards (see steps).

Note: If the organization is not compliant, a message will inform you that your InCommon Federated account cannot be used, and you will be required to use Login.gov if your eRA account has transitioned to require the use of two-factor authentication.

The message:

Login to NIH modules requires multi-factor authentication (MFA). Either your institution does not support multi-factor authentication, or your institution has not enabled your account for multi-factor authentication. Please contact your local IT department at <Organization’s contact information> to inquire about the ability to support multi-factor authentication for your account. If multi-factor authentication is not available through your institution, you may also register for and use an account from Login.gov.

For more information about your institution's support contact, please refer to: <Organization’s website link>

Note: Federated accounts, currently limited to scientific accounts, were opened up to administrative accounts in 2021. However, if you have more than one administrative account, wait to switch any of your administrative accounts as eRA is working on a solution that will support users with multiple eRA accounts that should be available in 2023.

Can I continue to use my existing Federated Account if I have transitioned to login.gov?

Yes, InCommon Federated users who have already transitioned to use Login.gov can also use their Federated account (provided their organization’s federated account authentication process meets NIH’s two-factor authentication standards). Users can set up and use both Login.gov and InCommon Federated accounts (that support NIH’s two-factor authentication standards) with an eRA user account.

 

Check if your organization’s Federated Account complies with NIH standards

With the goal of encouraging more organizations to move to InCommon Federated accounts that are compliant with NIH’s two-factor authentication standards, we ask you to act on two items:

  1. Check if your InCommon Federated account meets NIH and InCommon Federation’s two-factor authentication standards via this compliance website. If your Federated account passes the check, it is good news. You can continue using your InCommon Federated account instead of moving to Login.gov after your eRA account is transitioned to require two-factor authentication.
  2. If your InCommon Federated account does not pass the check, then we recommend you contact your organization’s administrators (the IT administrators who manage authentication) and encourage them to implement support for NIH’s two-factor authentication standards so you can continue using your InCommon Federated account. If the administrators have any technical questions, they can reach out to the InCommon Federation at help@incommon.org.

Resources

Help 

  • For any issues related to use of an InCommon Federated account, your eRA account or to associating your InCommon Federated account with your eRA account, please contact the eRA Service Desk at https://www.era.nih.gov/need-help

  • If you have questions you can also contact InCommon at https://www.incommon.org/help/
  • Specific questions about your organization’s ability to support NIH’s two-factor authentication standard or the availability of two-factor authentication for your InCommon Federated account can also be directed to your Organization Administrators which can be found here: https://auth.nih.gov/CertAuthV3/forms/help/compliancecheckhelp.html

 

Log-in Options for eRA's Modules 

Module

Login.gov

eRA Account*

 

InCommon Federated Account**

eRA Commons

Yes

Yes

 

Yes

IAR (via eRA Commons)

Yes

Yes

 

Yes

ASSIST

Yes

Yes

 

Yes

 *Users accessing eRA modules are being transitioned to require two-factor authentication.  Once a user’s account is transitioned, they are no longer permitted to use eRA Account credentials (username/password) to login and must either use Login.gov or an InCommon Federated account that supports NIH’s two-factor authentication standards.

**When participating organizations authenticate their own users.  Effective September 15, 2021, InCommon Federated authentication requires support of NIH’s two-factor authentication standards.