Skip to main content

Ensure Your RDS User Account and MFA are Active for Reconciliation

User Roles:





Program Components:

User Management


To avoid missed Reconciliation Deadlines and delayed subsidy payments, ensure that your RDS user accounts and Multi-Factor Authentication (MFA) are active and that you are able to access the RDS Secure Website today! Please encourage all users assigned to your RDS application(s) to log in to the Secure Website as soon as possible, and well in advance of your deadline date.

Do not wait until the last minute! When a user enters Login information incorrectly (i.e., invalid Login ID, Password, and/or MFA token), CMS’ RDS Center is prohibited by Federal Security Regulations to identify which login requirements were entered incorrectly. If your user account becomes locked after three consecutive failed login attempts, you will be forced to change your password. 

**UPDATED 1/25/24** New Password Policy Reminder: Passwords can be changed five (5) times in a 24-hour period. If a user changes their password the maximum five (5) times and then locks their account again on the same day, the user cannot change their password to unlock their account until 24 hours have passed. CMS' RDS Center cannot unlock user accounts. 

CMS’ RDS Center recommends resetting MFA for your mobile device before attempting to log in with a new password and before using all three of your login attempts. CMS’ RDS Center cannot circumvent the Federal Security Regulations enforcing password requirements.

Due to these security restrictions, the 24 hours IMMEDIATELY PRECEDING a deadline can be very difficult to obtain remediation regarding account login issues, potentially resulting in a missed deadline and possible loss of subsidy. 

If you need help accessing your account, refer to these helpful links:

CMS' RDS Center's official means of communication to the Plan Sponsor is through email; the RDS Center does not provide telephonic support. If you need assistance logging into the RDS Secure Website, contact CMS’ RDS Center for support. Do not include any Protected Health Information (PHI), as defined in the Health Insurance Portability and Accountability Act (HIPAA), or Personally Identifiable Information (PII) in the email or Support Request, such as User ID, Password, MBI, SSN, DOB, etc. As a reminder, the CMS’ RDS Center discontinued its Call Center in 2015.

Page last updated: