Multi-Factor Authentication

User Roles:

AM

AR

AC

D

V

Program Components:

User Management

This page contains answers to Common Questions about Multi-Factor Authentication (MFA).

Is MFA required?

ANSWER: Yes, updated Federal security policies require that each RDS Secure Website account must activate Multi-Factor Authentication (MFA) prior to accessing the RDS Secure Website. Beginning in 2019, you will be required to enter the time-sensitive unique token generated by Google Authenticator, in addition to your RDS Login ID and Password, to access the RDS Secure Website.

Note: CMS' RDS Center will provide Plan Sponsors additional information prior to implementing the MFA login requirement in the RDS Secure Website.

MFA activation only needs to be completed once for each new Secure Website Account, unless you are setting up a new MFA device or you need to reset your MFA token. Ensure you have received the registration confirmation email before activating MFA; you must have an active and valid RDS Secure Website account prior to activating MFA.

Individuals are responsible for maintaining and protecting their RDS Secure Website account access. It is a violation of Federal law to share or transfer user accounts or Login and Password information.

Refer to Multi-Factor Authentication for additional information.

Answer ID: 8000-1
Date Posted: 5/24/2019

Return to top

When will MFA be required to log into the Secure Website?

ANSWER: Beginning in 2019, you will be required to enter the time-sensitive unique token generated by Google Authenticator, in addition to your RDS Login ID and Password, to access the RDS Secure Website.

Note: CMS' RDS Center will provide Plan Sponsors additional information prior to implementing the MFA login requirement in the RDS Secure Website.

Individuals are responsible for maintaining and protecting their RDS Secure Website account access. It is a violation of Federal law to share or transfer user accounts or Login and Password information.

Refer to Multi-Factor Authentication for additional information.

Answer ID: 8000-2
Date Posted: 5/24/2019

Return to top

How do I activate MFA?

ANSWER: You may activate MFA for your RDS Secure Website account by selecting the hyperlink in your registration confirmation email or by navigating to the RDS Program Website and selecting the Manage MFA Settings button.

Note: CMS' RDS Center will provide Plan Sponsors additional information prior to implementing the MFA login requirement in the RDS Secure Website.

MFA activation only needs to be completed once for each new Secure Website Account, unless you are setting up a new MFA device or you need to reset your MFA token. Ensure you have received the registration confirmation email before activating MFA; you must have an active and valid RDS Secure Website account prior to activating MFA.

Individuals are responsible for maintaining and protecting their RDS Secure Website account access. It is a violation of Federal law to share or transfer user accounts or Login and Password information.

Refer to Multi-Factor Authentication for additional information.

Answer ID: 8000-3
Date Posted: 5/24/2019

Return to top

The system isn't recognizing my Secure Website account. How do I resolve this issue?

ANSWER: Ensure you are entering your personal information exactly as it was entered during Registration. MFA activation only needs to be completed once for each new Secure Website Account, unless you are setting up a new MFA device or you need to reset your MFA token. Ensure you have received the registration confirmation email before activating MFA; you must have an active and valid RDS Secure Website account prior to activating or managing MFA.

Note: CMS' RDS Center will provide Plan Sponsors additional information prior to implementing the MFA login requirement in the RDS Secure Website.

Refer to Multi-Factor Authentication for additional information.

Answer ID: 8000-4
Date Posted: 5/24/2019

Return to top

Can I use a token generator other than Google Authenticator?

ANSWER: No, the Google Authenticator App is the only third-party token generator that can be used for the RDS Secure Website. You may download the Google Authenticator App for an Android or iOS device. Download and install the Google Authenticator App from your device's App Store. Refer to the installation instructions associated with your chosen device for assistance. The download links within the Activate Multi-Factor Settings page will take you to an external page not controlled by RDS.

Note: CMS' RDS Center will provide Plan Sponsors additional information prior to implementing the MFA login requirement in the RDS Secure Website.

Refer to Multi-Factor Authentication for additional information.

Answer ID: 8000-5
Date Posted: 5/24/2019

Return to top

How do I get the Google Authenticator App?

ANSWER: You may download the Google Authenticator App for an Android or iOS device. Download and install the Google Authenticator App from your device's App Store. Refer to the installation instructions associated with your chosen device for assistance. The download links within the Activate Multi-Factor Settings page will take you to an external page not controlled by RDS.

Note: CMS' RDS Center will provide Plan Sponsors additional information prior to implementing the MFA login requirement in the RDS Secure Website.

Refer to Multi-Factor Authentication for additional information.

Answer ID: 8000-6
Date Posted: 5/24/2019

Return to top

I don’t have an Android or iOS device. How do I activate MFA?

ANSWER: Updated Federal security policies require that each RDS Secure Website account must activate Multi-Factor Authentication (MFA) prior to accessing the RDS Secure Website. Beginning in 2019, you will be required to enter the time-sensitive unique token generated by Google Authenticator, in addition to your RDS Login ID and Password, to access the RDS Secure Website. Android and iOS devices are the only device options CMS' RDS Center recommends for Google Authenticator.

Note: CMS' RDS Center will provide Plan Sponsors additional information prior to implementing the MFA login requirement in the RDS Secure Website.

Refer to Multi-Factor Authentication for additional information.

Answer ID: 8000-7
Date Posted: 5/24/2019

Return to top

The Secure Website QR code won't scan. Is there an alternative?

ANSWER: Ensure you allow Google Authenticator access to your device's camera. Refer to the instructions associated with your chosen device for assistance. If you have a problem with scanning the QR code, select the Having trouble scanning the barcode box within the Activate Multi-Factor Settings page and manually enter the Secret Key into your Google Authenticator app.

Note: CMS' RDS Center will provide Plan Sponsors additional information prior to implementing the MFA login requirement in the RDS Secure Website.

Refer to Multi-Factor Authentication for additional information.

Answer ID: 8000-8
Date Posted: 5/24/2019

Return to top

Can I activate MFA on multiple devices?

ANSWER: No, MFA may only be activated on a single device at a time. If you performed a factory reset of your MFA device or you need to activate your MFA with a new device, select the Manage MFA Settings button from the RDS Program Website, enter your registered information, and select the Setup Google App button on the Manage Multi-Factor Authentication Settings page to reset your MFA activation. A new QR code and associated Secret Key will be generated for you to enter into your device's Google Authenticator App. Any tokens generated by previous installations of Google Authenticator in the original or other devices will no longer work.

Note: CMS' RDS Center will provide Plan Sponsors additional information prior to implementing the MFA login requirement in the RDS Secure Website.

Refer to Multi-Factor Authentication for additional information.

Answer ID: 8000-9
Date Posted: 5/24/2019

Return to top

The Google Authenticator token is not being accepted by the Secure Website.

ANSWER: Ensure you enter the Google Authenticator token exactly as it is displayed in your device's app. Ensure the token is still displayed on your device and hasn't expired and changed to a new token when you select the Activate button.

Note: CMS' RDS Center will provide Plan Sponsors additional information prior to implementing the MFA login requirement in the RDS Secure Website.

Refer to Multi-Factor Authentication for additional information.

Answer ID: 8000-10
Date Posted: 5/24/2019

Return to top

I re-registered and have a new Secure Website account; do I need to activate MFA again?

ANSWER: Yes, just as each new account requires users to re-register, each unique RDS Secure Website account must activate MFA, even if the Secure Website role type associated with the new account is the same as the previous. Activation only needs to be completed once for each new Secure Website Account, unless you are setting up a new MFA device or you need to reset your MFA token. Ensure you have received the registration confirmation email before activating MFA; you must have an active and valid RDS Secure Website account prior to activating MFA.

Note: CMS' RDS Center will provide Plan Sponsors additional information prior to implementing the MFA login requirement in the RDS Secure Website.

Refer to Multi-Factor Authentication for additional information.

Answer ID: 8000-11
Date Posted: 5/24/2019

Return to top

How do I reset my MFA configuration?

ANSWER: If you performed a factory reset of your MFA device or you need to activate your MFA with a new device, select the Manage MFA Settings button from the RDS Program Website, enter your registered information, and select the Setup Google App button on the Manage Multi-Factor Authentication Settings page to reset your MFA activation. A new QR code and associated Secret Key will be generated for you to enter into your device's Google Authenticator App. Any tokens generated by previous installations of Google Authenticator in the original or other devices will no longer work.

Note: CMS' RDS Center will provide Plan Sponsors additional information prior to implementing the MFA login requirement in the RDS Secure Website.

Refer to Multi-Factor Authentication for additional information.

Answer ID: 8000-12
Date Posted: 5/24/2019

Return to top

What is a text-enabled device?

ANSWER: A text-enabled device is any device that has the capability to receive text (SMS) messages for multi-factor authentication purposes. Providing a text-enabled device number is optional. However, if you do not register a text-enabled device with your RDS user account, a one-time token cannot be provided to you via text (SMS) message. For text (SMS) messages, there is no charge from CMS' RDS Center, however standard rates from your carrier may apply. Refer to your device's plan for guidance.

Note: CMS' RDS Center will provide Plan Sponsors additional information prior to implementing the MFA login requirement in the RDS Secure Website.

Refer to Multi-Factor Authentication for additional information.

Answer ID: 8000-13
Date Posted: 5/24/2019

Return to top

How do I change the text-enabled device number I already provided?

ANSWER: In order to modify the text-enabled device number associated to your registered RDS Secure Website account, navigate to the RDS Program Website and select the Manage MFA Settings button. You will be prompted to provide your current, registered account information. After your user account has been successfully validated, follow the prompts to provide your new text-enabled device number.

Note: CMS' RDS Center will provide Plan Sponsors additional information prior to implementing the MFA login requirement in the RDS Secure Website.

Refer to Multi-Factor Authentication for additional information.

Answer ID: 8000-14
Date Posted: 5/24/2019

Return to top

What is a one-time token?

ANSWER: A one-time token is a six-digit token that can be sent to your registered email address or registered text-enabled device in the event that your RDS MFA device is lost, damaged, or not working, and you are unable to reset your MFA configuration and need immediate access to the RDS Secure Website. Providing a text-enabled device number is optional. However, if you do not register a text-enabled device with your RDS user account, a one-time token cannot be provided to you via text (SMS) message. For text (SMS) messages, there is no charge from CMS' RDS Center, however standard rates from your carrier may apply. Refer to your plan for guidance.

Note: CMS' RDS Center will provide Plan Sponsors additional information prior to implementing the MFA login requirement in the RDS Secure Website.

Refer to Multi-Factor Authentication for additional information.

Answer ID: 8000-15
Date Posted: 5/24/2019

Return to top

I provided a text-enabled number but haven’t received the Verification Code. What do I need to do?

ANSWER: Ensure your device is permitted to receive SMS (text) messages. Within the Text-Enabled Number pop-up window, enter your text-enabled device number and select the Send Verification Code button. Enter the verification code that is sent to your device and select Submit. The code may take a few minutes to be received.

If you do not receive the code after a few minutes, you may select the Resend Verification Code button to have another code sent to your device. Any previous codes will be invalidated.

If you need to change the number you provided, you may edit the text-enabled device number and select the Resend Verification Code button to have the code sent to the new updated number you entered. Any previous codes will be invalidated.

Note: CMS' RDS Center will provide Plan Sponsors additional information prior to implementing the MFA login requirement in the RDS Secure Website.

Refer to Multi-Factor Authentication for additional information.

Answer ID: 8000-16
Date Posted: 5/24/2019

Return to top