Join InCommon

05
Mar.
2021

Federation

NIH application to require multi-factor authentication

Sidewalks connecting together in the center of a campus.

Share

Array

March 5, 2021

The National Institutes of Health (NIH) announced new identity management requirements that could affect access for faculty, researchers, and scientists.

As of September 15, 2021, NIH will require multi-factor authentication and the release of attributes that are part of the REFEDS Research & Scholarship (R&S) bundle. All users of electronic Research Administration (eRA) modules will be affected. We expect other NIH applications to adopt these requirements in the months to come. This increases the security of personal and confidential information provided in NIH’s systems.

What do you need to do? 

  1. Immediately determine if you already support REFEDS Research & Scholarship (go to this page and click on the “Research & Scholarship” filter on the left-hand side). If you aren’t listed, you will find details on our wiki about how to support R&S by releasing the user directory information required. 
  2. If you may already release the necessary attributes to NIH in some way other than via R&S, we still highly recommend that you adopt R&S. This would allow your researchers to access the other hundreds of R&S services globally.
  3. Adopt multi-factor authentication (MFA) for faculty and research staff. This requires 1) enabling MFA for those users and 2) using the international standard (REFEDS MFA Profile) to communicate such use via your federated login system. Here are suggested configurations for several federation technologies.

The eRA office has emailed NIH-associated researchers and research administrators asking them to use the eRA Security Compliance Check Tool to check if their campus credentials already meet the new requirements. The tool checks for the released attributes and MFA. If not, they are asked to contact IT. eRA has said that if an eRA user’s campus credential does not meet the requirement, they must create an account with login.gov and use that for eRA access until such time as their campus credential meets the requirements. 

We will hold an open office hour on Wednesday, March 10, at 4 pm ET, to answer any questions you may have (Zoom link: https://internet2.zoom.us/j/96615320068). You can also email help@incommon.org

© Copyright 2024 InCommon.

Site Design by FIREANT STUDIO