Animal Care and UseAward ManagementConflicts of InterestContracts and SubawardsControlled SubstancesEnvironmental Health and SafetyExport ControlHIPAAHuman Stem Cell ResearchHuman Subjects Research

NIH, CDC, FDA, AHRQ, ORD/VA, SAMHSA: eRA Commons Required Use of Two-Factor Authentication Using Login.Gov

Published April 27, 2021

In April 2020, eRA launched the availability of for its external modules for optional use. is a shared service authentication provider managed by General Services Administration (GSA). With one account, users can sign into multiple government agency systems while taking advantage of’s two-factor authentication capabilities that ensure the security of their personal information.

NIH/eRA and its partner agencies are now expanding the use of two-factor authentication via for all external user communities that access eRA’s external modules including Commons, Commons Mobile, Internet Assisted Review (IAR) and ASSIST. Beginning soon, NIH/eRA and its partner agencies will require all external users to only use to access eRA’s external modules including Commons, Commons Mobile, IAR and ASSIST.

In December 2020, two-factor authentication requirements were enforced for using the IAR module for reviewers, meeting by meeting, effective for review meetings February 1, 2021, and beyond.

By September 15, 2021, all external users will be required to use when logging into eRA systems. All users of eRA Commons, Commons Mobile and ASSIST are encouraged to begin the switchover now, before the mandatory deadline.

Note that when an external user is transitioned to the required use of, the ability to use eRA credentials (username and password) or InCommon Federated credentials (where organizations authenticate their own users) will no longer be supported.

At this time, users can only have one account associated with one eRA account.

Please read NIH Guide Notice NOT-OD-21-040 for complete information.

If you have questions about this material, please contact the Office of Sponsored Research Services.