SECURITY REMINDER: Protect Your Personal CMS Portal Credentials

View in browser

agents and brokers - selling in the healthcare dot gov marketplace

Never Share Your Personal User ID or Password

Security Reminders

In accordance with the privacy and security agreements you signed as part of your Marketplace registration, logging into another user’s Centers for Medicare & Medicaid Services (CMS) Enterprise Portal user account, as well as sharing passwords and multifactor authentication access, is an unauthorized and improper use of the system and is prohibited. The Classic Direct Enrollment (Classic DE) and Enhanced Direct Enrollment (EDE) pathways are included in this prohibition.

 

The Marketplace implemented updated login functionality for Classic DE and EDE pathways that require you to use your personal credentials for the CMS Enterprise Portal. These improvements allow you to utilize multifactor authentication (MFA) tools for enhanced security of your personal credentials. This change requires you to log in using your own personal CMS Federally-facilitated Marketplace (FFM) User ID and password.

 

Additionally, CMS has required all EDE partners to ensure that each agent and broker using their platform must reauthenticate (similar to a banking application) to confirm only you are using your personal CMS Portal account every 12 hours instead of the current 30-day period. You are prohibited from being logged in on different devices or using multiple sessions with the same credentials.  This means that you will now need to renew your log-in session every 12 hours instead of every 30 days.

 

You are encouraged to log in to the CMS Enterprise Portal to ensure that your personal User ID and password are up to date. We recommend using a personal mobile device for fast and secure texting of MFA information rather than email which could be delayed. If you need to reset your CMS Enterprise Portal account password or update your MFA device method or details, complete the following steps:

  1. Visit the CMS Enterprise Portal landing page at https://portal.cms.gov
  2. Click the “Password” link under the “Login” button.
  3. Enter your CMS FFM User ID. Click the “Next” button. An error will display if invalid data is entered.
  4. Answer the challenge questions and enter a new password in the “Create New Password” field and again in the “Confirm New Password” field. An error will display if invalid data is entered.
    • After successfully submitting your information, you will receive confirmation that your information has been successfully verified. You will receive an email notification indicating that you successfully changed your password.
  5. Click the link in the confirmation message to log into the CMS Enterprise Portal.
  6. Check that your multifactor authentication device is up to date with your current information on your CMS FFM User profile.


Remember, only the person creating a CMS Enterprise Portal account may use their login credentials. Sharing login credentials is not allowed, including for credentials used to access approved Classic DE and EDE partner’s websites. Passwords and MFA access must never be shared with others. Agents and brokers should check that their EDE or DE account is correctly linked to and integrated with their personal CMS Enterprise Portal account.

 

Have additional questions? For additional assistance, contact the Agent/Broker Email Help Desk at FFMProducer-AssisterHelpDesk@cms.hhs.gov.