|
Dear eRA User,
We would like to remind you that eRA needs you to use two-factor authentication [also known as multi-factor authentication] to make your eRA account more secure. Read on to learn when you will be required to make the transition to two-factor authentication to access the eRA Commons, ASSIST and Internet Assisted Review.
NIH is providing more time to make this transition than previously announced. Instead of requiring all users to transition to Login.gov by September 15, 2021, eRA will begin a phased approach for enforcing the two-factor authentication requirement for the recipient community as described below. This phased approach will apply to everyone - all scientific account holders should take action now, while administrative account holders will be required to move to two-factor authentication in early 2022.
NIH now has two ways you can comply with the two-factor authentication requirement. You can use Login.gov, or, beginning September 15, 2021 you can securely log in to eRA systems using an InCommon Federated account (this is when participating InCommon Federation organizations authenticate their own users). Your InCommon Federated institution must support NIH’s two-factor authentication standards and you must have two-factor authentication enabled for your InCommon Federated Account. Note, use of InCommon Federated accounts without having two-factor authentication enabled will no longer be permitted starting on September 15, 2021.
Switching to using two-factor authentication instead of an eRA username and password to log in to eRA external modules is increasingly the industry standard for maintaining confidential information. Use of Login.gov also has the advantage of allowing users to sign into various government agency systems with a single set of credentials. You can use your Login.gov credentials to access Grants.gov, the System for Award Management (sam.gov), MyNCBI (see login tips), SciENcv, MyBibliography, and other Federal systems.
In order to ensure a smooth transition, we have adjusted the timing for when this two-factor authentication requirement will apply to you. When two-factor authentication becomes required for your eRA account, you will now be able to use Login.gov and/or an InCommon Federated account that supports NIH’s two-factor authentication standards.
New Timeline
Starting on September 15, 2021, eRA will begin a phased approach for requiring the use of two-factor authentication. Enforcement of this requirement depends on the type of user account and, in some cases, a triggering event.
For users who only have a scientific account
- Users who have a scientific account should start using two-factor authentication now to access eRA systems before they are required to transition. Starting September 15, 2021, the requirement to transition will be enforced on a rolling basis as follows:
All PIs and key personnel associated with an application or Research Performance Progress Report (RPPR) will be required to transition to the use of two-factor authentication 45 days after the submission of their competing grant application (Type 1 or Type 2) or their RPPR. After 45 days, you will not be able to access eRA Commons until you set up and use a two-factor authentication service – Login.gov or an InCommon Federated account (that meets NIH’s two-factor authentication standards).
For users who only have one or more administrative accounts
- NIH is exempting administrative account holders from the requirement to use two-factor authentication until early 2022, when eRA will implement support for users with multiple accounts.
But we encourage administrations with only a single administrative account (signing official, administrative official, etc.) to start using two-factor authentication now to access eRA systems. You may use Login.gov and/or InCommon Federated account (only if your institution supports NIH’s two-factor authentication standards and you have it enabled for your InCommon Federated account).
Administrators with multiple eRA administrative accounts should not yet transition their accounts.
For users with both a scientific and administrative account
- Users with both a scientific account and an administrative account (for instance, principal investigator and signing official) should start using two-factor authentication for their scientific account now.
- Wait to switch your administrative account as eRA is working on a solution that will support users with multiple eRA accounts that should be available in early 2022.
- If you have already transitioned your administrative account to use two-factor authentication, but not your scientific account, you should request the eRA Service Desk remove the two-factor authentication account association from your eRA administrative account and have it added to your eRA scientific account. This should be done before your scientific account is required to transition.
Exceptions to the Adjusted Timeline and Approach:
For reviewers:
- The transition for reviewers (those with the IAR role) is ongoing and unchanged. Reviewers will continue to be required to use two-factor authentication as soon as they are enabled for a review meeting. However, reviewers will have the new option to use an InCommon Federated account (only if their institution supports NIH’s two-factor authentication standards and they have it enabled on their InCommon Federated account).
For eRA partner agency applicants/recipients
- The updated plan applies only to NIH applicants/recipients; while eRA partner agency users are encouraged to move to two-factor authentication now, they are not required to at this time (except for reviewers whose transition is ongoing; or applicants/recipients who apply to NIH or have an NIH grant). eRA partner agency users have the option to use a Login.gov and/or an InCommon Federated account (only if their institution supports NIH’s two-factor authentication standards and they have it enabled for their InCommon Federated account).
Note that it’s a simple, one-time, three-step process to associate your eRA account with your Login.gov account. Just go the eRA Commons home screen, click on LOGIN.GOV, and follow the on-screen prompts (Our cheat sheet provides detailed steps and screenshots so you can see how easy it really is!).
InCommon Federated users: For those who currently use an InCommon Federated account to login to eRA systems, your participating institution(s) will need to implement support for NIH’s two-factor authentication standards by September 15, 2021, so that you are able to continue to use those accounts to log in. If not, you will be required to switch to Login.gov to access eRA systems once you are required to transition to two-factor authentication according to the transition timeline stated above. The NIH has been working with the InCommon Federation, the organization that coordinates federated authentication across universities/institutions, on this effort.
Note that InCommon Federated users who have already transitioned to Login.gov can also use their InCommon Federated account once their organization’s Federated account authentication process supports the NIH’s two-factor authentication standards. Users can set up and use both Login.gov and InCommon Federated accounts (that comply with NIH’s two-factor authentication standards) with an eRA user account.
Federated accounts, currently limited to scientific accounts, will be opened up to administrative accounts effective September 15, 2021. However, if a user has more than one administrative account, hold off on switching those administrative accounts until eRA has implemented support for users with multiple eRA accounts that will be in place in early 2022.
eRA account credential maintenance will continue, at least for now, but will be much easier. Even though we are requiring the use of two-factor authentication, you will still need to maintain your eRA Commons username and password for the time being and will get reminders to renew those annually. But there is good news. NIH is moving from passwords to passphrases — a set of random words or a sentence at least 15 characters long — effective the end of 2021. A major plus of this move is that you will need to change your passphrase only once a year (as opposed to the current NIH policy that passwords need to be changed every 120 days).
Additional Tips
- Make sure your Commons account is active and you know your password before you begin the process to associate your Login.gov or InCommon Federated account with your Commons account. If you need to reset your eRA account password, please do this first by using the Forgot Password/Unlock Account?link on the main Commons home screen.
- To initiate the process of setting up your Login.gov or InCommon Federated account to work with your eRA account, make sure to start from the eRA Commons home screen - select the Login.gov login option or select your institution from the Login with Federated Account drop list. Do not go straight to Login.gov or your Institutions’ login page.
Resources
Help
Note: This is a genuine email from the electronic Research Administration (eRA) at the NIH Office of Extramural Research. Because we are using the Gov.Delivery platform, eRA links may appear different from the usual links.
|
