IDM is CMS’ Enterprise Identity Management solution, and as such, continues to provide our business partners with a means to create a single User ID that can be leveraged to access multiple CMS applications. IDM leverages Commercial Off-The-Shelf (COTS) software, which improves overall system maintainability and scalability, while also improving the efficiency at which new applications can be integrated.
On this website, you will find information about the IDM system. You can also access the IDM User Guide (PDF), which documents how to register an IDM User ID, login to IDM, and request an application role. Additionally, information regarding the Tier 1 Help Desk that supports your application can also be found here in the event that you require assistance.
What End Users Can Expect on When They Login to IDM
All users are required to complete Multi-Factor Authentication at login. Users are provided an opportunity to setup their MFA device(s) at the time of account creation. Once successfully logged in, the user can always add or update the MFA devices associated with their profile.
Users that have login issues that cannot be alleviated through the self-service functionalities should contact their Application's Tier 1 Help Desk for assistance.
Application Access & The IDM User Interface (UI)
Users conduct role and profile management activities within the new IDM UI. Please bookmark the IDM UI URL so that you can update your IDM account (add new MFA devices, change password, etc.) and request additional application roles.
CMS IDM User Interface: https://home.idm.cms.gov/
Annual Role Certification (ARC)
ARC is the annual recurrence of the role approval process. We all know role approval as the process that is invoked Approvers (i.e. Application Business Owners, their Representatives, Authorizers, Help Desks, etc.) to grant an application role to a user who is requesting the role within their application through IDM.
The ARC process is the sole responsibility of the application and their Approvers. IDM’s role in ARC is to provide applications with a space to capture their decision to recertify, or revoke a user’s role.
All applications that are integrated with IDM are responsible for providing their user base with a T1 Help Desk. T1 Help Desks can assist users through the Help Desk interface with in the IDM UI. Further information pertaining to the abilities of Help Desk users can be found in the IDM User Guide.
Multi-Factor Authentication (MFA)
All users are required to complete MFA at login. Users are strongly encouraged users to add supplementary devices to their account after their first login. The available factors in IDM are:
- Email – Address associated with the User’s profile in IDM
- Short Message Service (SMS) – Text Message
- Interactive Voice Response (IVR)
- Okta Verify – Smart Phone Application
- Google Authenticator – Smart Phone Application
Within IDM, T1 Help Desk users have the ability to view and remove the MFA devices associated with a user’s account, but cannot add devices on behalf of a user. If necessary, Help Desk users can edit the email address of an end user, which will allow the user to use the email address associated with their account as an MFA device.