An official website of the United States government

Official websites use .gov

A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CMS.gov logo that links to CMS.gov's IDM home page

Identity Management

Frequently Asked Questions

Find your most commonly asked questions, here.

General

For step-by-step instructions on how to use the IDM system, go to the  IDM User Guide.

Most questions can be answered with the information on this page. If you need further assistance, you can find your Application Help Desk here.

MFA requirements are determined by your sign-in method. If you use Login.gov MFA is managed within your Login.gov account, not IDM.

Login.gov requires MFA and supports:

Supported Methods:

  • Authentication apps
  • SMS or voice
  • Security keys (PIV/CAC, FIDO)

To manage MFA for Login.gov:

  1. Sign in to your Login.gov account
  2. Go to Account Settings.
  3. Add or update authentication methods.

If you use EUA or IDM credentials:

You can configure MFA devices directly in IDM.

  • E-mail (slower delivery time)
  • SMS (text message)
  • IVR (phone call)
  • Google Authenticator (browser extension or smart phone app)
  • OKTA Verify (smart phone app)

Note: To add Google Authenticator, Okta Verify, and YubiKey as an MFA, please refer to the IDM User Guide.

For step-by-step instructions on how to perform Annual Role Certification for manually approved roles, please refer to the Annual Role Certification Quick Reference Guide.

Signing In

A CSP is a trusted external service that allows you to securely sign in to IDM using an existing account or create a new account. IDM supports CSPs such as Login.gov to provide a secure, streamlined sign-in experience.

When using a CSP, you authenticate through the provider (e.g., Login.gov) instead of entering your IDM User ID and password directly.

CSP credentials are used to sign into applications that are external to CMS. External applications are designed for use by the general public, healthcare providers, beneficiaries, insurers, or other external partners outside of CMS.

At this time, CSP credentials cannot be used to sign in to applications that are internal to CMS. Internal applications are designed for use by CMS employees, contractors, and other authorized federal/state agency personnel who operate within the CMS Network environment.

CSPs are leveraged by multiple government agencies, including the Department of Veterans Affairs (VA), Social Security Administration (SSA), and the Internal Revenue Service (IRS).

CSPs in government offer secure identity proofing credential issuance, and authentication,resulting in reduced fraud, enhanced security, and an overall better user experience.CMS uses trusted CSP partners to keep your account secure and reduce the number of accounts and passwords for our users.

If you don’t already have a Login.gov account, you’ll be guided to create one during sign-in. You only need to create a Login.gov account once. Once that's done, you willuse the same Login.gov email address and password, plus one of the two-factor authentication methods you set up, every time you sign into IDM.

Yes, once created, your Login.gov account can be used across participating government agencies.

Option 1: PIV Card

To enable PIV as a login option on the Sign In Page, EUA users must first sign in (once) with their four-character EUA ID and password. For instructions, please see the section below, EUA or IDM User ID & Password. After a successful sign in with an EUA ID and password, you will be able to leverage your CMS PIV Card for subsequent sign-ins using the steps below.

  1. Click Continue on the Personal Identity Verification tile on the Sign In Page.
  2. Follow the online instructions.

NOTE: PIV Cards can only be used with your EUA ID.

Option 2: Login.gov

New users of CMS systems and applications should use Login.gov credentials to sign in. If you already have existing Login.gov credentials, complete the following:

  1. Click Continue on the Login.gov tile on the Sign In Page.
  2. Enter your Login.gov email and password
  3. Complete MFA using your Login.gov authentication method.
  4. Upon successful authentication, you will be redirected to the IDM dashboard.

If you do not have a Login.gov account, you will need to create one. Click Continue within the Login.gov tile on the Sign In Page and follow the prompts to create your account.

Option 3: EUA or IDM ID & Password

Existing users can sign in using either their EUA or IDM User ID. Access to different applications and functionalities is based on which ID they use to sign into the system.

EUA IDs are used to sign into applications that are internal to CMS. Internal applications are designed for use by CMS employees, contractors, and other authorized federal/state agency personnel who operate within the CMS network environment.

IDM IDs (and CSP credentials) are used to sign into applications that are external to CMS. External applications are designed for use by the general public, healthcare providers, beneficiaries, insurers, or other external partners outside of CMS.

EUA or IDM ID & Password

  1. Click Continue within the EUA or IDM User tile on the Sign In Page.
  2. Enter your Login.gov email and password
  3. Enter your EUA or IDM User ID and Password and click Sign In.
  4. If a Multi-Factor Authentication is required, select the Multi-Factor Authentication option you wish to use and follow the subsequent prompts

IDM User ID and password users

Users who login to IDM with their User ID and password will be automatically redirected to the Unlock Account page, if their account is locked. You can also access the Unlock Account page by selecting the Unlock IDM Account link at the bottom of the EUA or IDM User ID Sign In page. Additionally, if you wait 60 minutes, your account will unlock automatically

To use the Self-Service feature you must meet the following conditions:

  1. You must remember the answer to the security question used to create your account.
  2. You must have an Email, IVR, or SMS recovery device registered and active in your user profile. You must also have the MFA devices with you when you unlock your account.

If you do not meet these conditions you will not be able to use the Self-Service feature and must contact your Application Help Desk to have your account unlocked.

Once the above conditions are met, please use the following steps to unlock your account:

  1. Click the Unlock IDM Account link and the Unlock Account window will display.
  2. Enter your User ID and select your MFA device.
  3. Follow the online instructions.

CMS EUA Users

For users who login to IDM with their EUA credentials, please wait 60 minutes for your account to automatically unlock. If you need further assistance, please contact the CMS IT Service Desk at (800) 562-1963 or (410) 786-2580 or via Email at CMS_IT_SERVICE_DESK@cms.hhs.gov.

Login.gov Users

If you are locked out of your Login.gov account:

  • Use the Forgot your password? option on Login.gov
  • Or follow Login.gov account recovery steps.

IDM and Application Help desk cannot unlock Login.gov accounts. If you continue to experience issues, contact Login.gov support for assistance.

Passwords

Login.gov Users

If you sign in using Login.gov, you must change your password through Login.gov:

  1. Go to the Login.gov sign-in page.
  2. Select Forgot your password? or access account settings.
  3. Follow the instructions.

IDM does not manage Login.gov passwords. If you continue to experience issues, contact Login.gov support for assistance.

Users who login with an IDM User ID and password

IDM users can change their own password once per 24-hour period using the Self-Service feature which is located at the bottom of the EUA or IDM User ID Sign In page. Users must meet the following conditions:

  1. You must remember the answer to the security question used to create your account.
  2. You must have an Email, IVR, or SMS recovery device registered and active in your user profile. You must also have the MFA devices with you when you change your password.

If you do not meet these conditions you will not be able to use the Self-Service feature and must contact your Application Help Desk.

Once the above conditions are met, please use the following steps to reset your password:

  1. Click Continue within the EUA or IDM User ID tile on the Sign In page.
  2. Click on the Forgot IDM Password link, and the Reset Password window will display.
  3. Enter your User ID and select your MFA device.
  4. Follow the online instructions.

You can also change your password once you have signed into the IDM system by using the following steps:

  1. Select the My Profile button located on the IDM Self Service page.
  2. Select Change Password.
  3. Follow the online instructions.

CMS EUA Users

You can change your password by accessing the EUA Site. Once you are signed in use the following steps:

  1. Select the Change My Password button.
  2. Follow the online instructions.

Login.gov Users

If you sign in using Login.gov, you must change your password through Login.gov:

  1. Go to the Login.gov sign-in page.
  2. Select Forgot your password? or access account settings.
  3. Follow the instructions.

IDM does not manage Login.gov passwords. If you continue to experience issues, contact Login.gov support for assistance.

Users who log in with an IDM User ID and password

You can reset your password by using the Self-Service feature, which is located at the bottom of the EUA or IDM Sign In page. Users must meet the following conditions:

  1. You must remember the answer to the security question used to create your account.
  2. You must have an Email, IVR, or SMS recovery device registered and active in your profile. You must also have the MFA devices with you when you change your password.

If you do not meet these conditions, you will not be able to use the Self-Service feature and must contact your Application Help Desk.

Once the above conditions are met, please use the following steps to reset your password:

  1. Click Continue within the EUA or IDM User ID tile on the Sign In page.
  2. Click on the Forgot IDM password link, and the Reset password window will display.
  3. Enter your User ID and select your MFA device.

CMS EUA Users

You can use the CMS Enterprise User Administrative (EUA) Forgot Password Reset link to reset your password. You must enter your User ID and verify your identity by answering the question to your Password Hint.

Login.gov Users

Login.gov passwords do not expire in the same way as IDM passwords do, but you may be required to reset your password periodically for security reasons. If you continue to experience issues, contact Login.gov support for assistance.

Users who log in with an IDM User ID and password

When you attempt to login to the IDM system with an expired password, the IDM Self-Service window will display to notify you that your password has expired. You must enter your old password and then follow the online instructions.

CMS EUA Users

When your password expires you must contact the CMS IT Service Desk at (800) 562-1963 or (410) 786-2580. You will receive instructions on how to update your password.