Notice from National Institutes of Health - Adjusted Timeline for Requiring Two-Factor Authentication to Access eRA Modules Using Login.Gov or InCommon Federated Accounts

Notice Number NOT-OD-21-172 

Released August 6, 2021

The National Institutes of Health recently released an updated notice on the requirement of use of two-factor authentication using Login.Gov for eRA's external modules. 

The deadline and approach to requiring two-factor authentication (also known as multi-factor authentication) to increase the security when accessing eRA modules (eRA Commons, Commons Mobile, ASSIST, Internet Assisted Review) are changing. NIH is providing more time to make the transition. Instead of requiring all users to transition to by a fixed deadline of September 15, eRA will begin a phased approach beginning September 15, 2021 for enforcing the two-factor authentication requirement for the NIH recipient community. In this phased approach to enforcement, all scientific account holders should take action now, while administrative account holders will be required to move to two-factor authentication in early calendar year 2022.

NIH is also implementing an additional option to securely login to eRA systems using InCommon Federated accounts (when organizations participate in the InCommon Federation and authenticate their own users). Beginning September 15, 2021, users will also now have the option to use an InCommon Federated account only if their institution supports NIH’s two-factor authentication standards and the user has it enabled for their InCommon Federated Account. Use of InCommon Federated accounts without two-factor authentication will no longer be permitted.

When two-factor authentication becomes required for a user, they will now be able to use and/or an InCommon Federated account that supports NIH’s two-factor authentication standards. Note that eRA cannot yet support two-factor authentication for users that have more than one eRA account; specific guidance for users with multiple accounts is provided on the NIH Notice.

For more details, visit Notice Number NOT-OD-21-172 at

The following provides information regarding when you need to make the transition and what steps you should take.

Steps for Setting Up Two-Factor Authentication to Access eRA Commons Modules

For Users with Scientific Accounts (principal investigators, trainees, etc.)

If you have a single eRA scientific account, you should make the transition as soon as possible. If not, the requirement for use of two-factor authentication will be enforced for all NIH PIs and key personnel 45 days after the first submission of their competing grant application (Type 1 or 2) or Research Performance Progress Report (RPPR) that occurs after September 15, 2021.

For Users with Administrative Accounts (signing official, administrative official, etc.)

If you have a single eRA administrative account, you are encouraged to make the transition as soon as possible.  And if you have multiple administrative accounts, eRA is developing a method to accommodate you using a single account. In either of these cases, transition to two-factor authentication will be required in early 2022.

For Users with a Combination of Scientific and Administrative Accounts

If you have a scientific account and one or more administrative accounts at eRA, transition your scientific account as soon as possible and wait to transition your administrative accounts until early 2022.

What you need to do

It’s a simple, one-time, three-step process to associate your eRA account with your account. Just go the eRA Commons home screen, click on LOGIN.GOV, and follow the on-screen prompts.


Contact info

Julie O'Connor

Director, Research Communications
Phone: 313-577-8845