Multifactor authentication and SPOT registration

MFA (multifactor authentication) is required to log in to SPOT. CMS uses MFA to verify account holder identity for many of the other applications hosted on its IDM system. If you use other applications that are hosted on the Identity Management system (IDM) such as Physician Quality Reporting System (PQRS) or Provider Statistical and Reimbursement (PS&R), then you have already completed registration of a MFA device with your IDM account. You are ready to use MFA to access SPOT. 

First Coast strongly recommends that you register multiple devices to ensure your access to SPOT. You are encouraged to register more than one MFA device. When logging into SPOT, you will select only one of these devices to receive your MFA passcode. Registration of additional devices ensures your access to SPOT should any of the devices not function properly. Passcodes change each time you log in to SPOT.

IDM will only send one passcode to one device at a time. While you may register more than one device, you can only request a passcode be sent to one device at a time. Secondary devices should be registered to serve as a fail-safe in the event the first MFA device does not generate in passcode to you.

Reminder: IDM accounts may not be shared. Each MFA device must be used for the SPOT account for which it’s registered.

Follow these steps to register an MFA device.

Instructions	Related screenshots
1. Navigate to CMS’ IDM system:  https://home.idm.cms.gov   Enter your SPOT account user ID. Click the check box to accept the Terms and Conditions and click the “Sign In” button.  If you are not able to recall your SPOT user ID or password, click on the “Forgot your Password, User ID, or unlock your account” link below the red “New User Registration” button.
2. Click on the My Profile button
3. Select ‘Manage MFA and Recovery Devices’
4. Choose the MFA device To add another MFA device, click the drop-down menu, “add another device.” Choose from text message (SMS); Google Authenticator; Interactive Voice Response (IVR); and OKTA Verify. Provide the required information to complete the set-up process. You should then see a confirmation page and receive a confirmation email confirming your new MFA device. Repeat this same process to add multiple MFA devices. Remember, it is important to have at least 2 device options set up to ensure uninterrupted access. To edit an MFA device, click the green icon (or remove and then re-add if the green icon is not available). To remove an MFA device, click the red icon.