Frequently Asked Questions

IDM has several MFA options where you can receive your code instantly, and you can add them to your account at any time.

MFA Options include:

• E-mail (slow)
• SMS - MFA code via text message (Instant)
• IVR - Interactive Voice Response (Instant)
• Google Authenticator - Code via browser extension or cell phone app (Instant)
• Okta Verify - Code via cell phone app (Instant)

These instructions apply to IDM users who want to add Interactive Voice Response (IVR), and/or Text Message (SMS) as an MFA device.

Once you have signed into the IDM system, you can add Interactive Voice Response (IVR), and Text Message (SMS) as MFA devices by the following these steps:

1. Click the My Profile button.
2. Click the Manage MFA and Recovery Devices button.
3. Use the Add another device menu to select the Interactive Voice Response (IVR) option or Text Message (SMS). You can only add one device at a time. The device configuration window appears.
4. Follow the online instructions.

Note: To add Google Authenticator, Okta Verify, and YubiKey as an MFA, please refer to the IDM User Guide.

Users are able to sign in using either their IDM or EUA User ID. Users will have access to different applications and functionalities based on which ID they use to sign into the system.

IDM User ID and password users

1. Enter your IDM User ID and Password.
2. Read the Terms & Conditions, click the Checkbox to acknowledge agreement, and then click the Sign In button. A verification code request window appears for users who are required to use Multi-Factor Authentication (MFA). Users who have multiple MFA devices registered to their profile can choose the one they wish to use.
3. Click the Send me the code or Request Code button. The screen refreshes and the code request window appear.
4. Enter the Verification Code. If the user has an MFA device that uses push notifications, a verification code is not required.
5. (Optional) Click the Checkbox to select the option “Do not challenge me on this device for the next 30 minutes”. If the checkbox is selected, users will bypass the MFA verification if they sign out and sign back into the system again within 30 minutes of their initial sign-in.
6. Click the Verify button. The IDM Self Service Dashboard appears.

CMS EUA ID Users Only

1. Enter your EUA User ID and Password.
2. Read the Terms & Conditions, click the Checkbox to acknowledge agreement, and then click the Sign In button. A verification code request window appears for users who are required to use Multi-Factor Authentication (MFA). Users who have multiple MFA devices registered to their profile can choose the one they wish to use.
3. Click the Send me the code or Request Code button. The screen refreshes and the code request window appear.
4. Enter the Verification Code. If the user has an MFA device that uses push notifications, a verification code is not required.
5. (Optional) Click the Checkbox to select the option “Do not challenge me on this device for the next 30 minutes”. If the checkbox is selected, users will bypass the MFA verification if they sign out and sign back into the system again within 30 minutes of their initial sign-in.
6. Click the Verify button. The IDM Self Service Dashboard appears.

Before using the CMS PIV Card Only button on the IDM Sign In page, EUA users must first sign in one time with their four-character EUA ID and password. For instructions, please see above section “How do I sign in with User ID and Password?” After a successful sign-in with an EUA ID and password, the CMS PIV Card Only button will be available to enable subsequent sign-ins using the steps below:

1. Click the checkbox to acknowledge agreement with the Terms & Conditions.
2. Click the CMS PIV Card Only button.
3. Follow the online instructions.

NOTE: PIV Cards can only be used with your EUA ID

IDM User ID and password users

Users that login to IDM with their User ID and password will be automatically redirected to the Unlock Account page, if their account is locked. You can also access the Unlock Account page by using the Self-Service feature located at the bottom of the IDM Sign In page, or if you wait 60 minutes your account will unlock automatically.

To use the Self-Service feature you must meet the following conditions:

1. You must remember the answer to the security question used to create your account.
2. You must have an Email, IVR, or SMS recovery device registered and active in your user profile. You must also have the MFA devices with you when you unlock your account.

If you do not meet these conditions you will not be able to use the Self-Service feature and must contact your Application Help Desk.

Once the above conditions are met, please use the following steps to unlock your account:

1. Click the Unlock Account link and the Unlock Account window will display.
2. Enter your User ID and select your MFA device.
3. Follow the online instructions.

CMS EUA Users Only

For users that login to IDM with their EUA credentials, please wait 60 minutes for your account to automatically unlock. If you need further assistance, please contact the CMS IT Service Desk at (800) 562-1963 or (410) 786-2580 or via Email at CMS_IT_SERVICE_DESK@cms.hhs.gov.

Users that login with an IDM User ID and password

You can change your password by using the Self-Service feature which is located at the bottom of the IDM Sign In window. Users must meet the following conditions:

1. You must remember the answer to the security question used to create your account.
2. You must have an Email, IVR, or SMS recovery device registered and active in your user profile. You must also have the MFA devices with you when you change your password.

If you do not meet these conditions you will not be able to use the Self-Service feature and must contact your Application Help Desk.

Once the above conditions are met, please use the following steps to reset your password:

1. Click the Forgot Password link and the Reset Password window will display.
2. Enter your User ID and select your MFA device.
3. Follow the online instructions.

You can also change your password once you have signed into the IDM system by using the following steps:

1. Select the My Profile button located on the IDM Self Service page.
2. Select the Change Password link.
3. Follow the online instructions.

CMS EUA Users Only

You can change your password by accessing the EUA Site. Once you are signed in use the following steps:

1. Select the Change My Password button.
2. Follow the online instructions.

Users that login with an IDM User ID and password

You can reset your password by using the Self-Service feature, which is located at the bottom of the IDM Sign In window. Users must meet the following conditions:

1. You must remember the answer to the security question used to create your account.
2. You must have an Email, IVR, or SMS recovery device registered and active in your profile. You must also have the MFA devices with you when you reset your password.

If you do not meet these conditions you will not be able to use the Self-Service feature and must contact your Application Help Desk.

Once the above conditions are met, please use the following steps to reset your password:

1. Click the Forgot Password link and the Reset Password window will display.
2. Enter your User ID and select your MFA device.
3. Follow the online instructions.

CMS EUA Users Only

You can use the CMS Enterprise User Administrative (EUA) Forgot Password Reset link to reset your password. You must enter your User ID and verify your identity by answering the question to your Password Hint.

Users that login with an IDM User ID and password

When you attempt to login to the IDM system with an expired password, the IDM Self-Service window will display to notify you that your password has expired. You must enter your old password and then follow the online instructions.

CMS EUA Users Only

When your password expires you must contact the CMS IT Service Desk at (800) 562-1963 or (410) 786-2580. You will receive instructions on how to update your password.