Registering and Enabling Multi-factor Authentication

Recipient organization users are required to register, enable multi-factor authentication (MFA), and validate their identity with ID.me as a part of the login process to support Presidential, OMB and Treasury requirements.

Recipient organization users will not be able to log into ASAP.gov until they add MFA to their login.

Here are step-by-step guides to help you get started:

• ID.me

Also, see our video on how to add multi-factor authentication to your ASAP login.

The ASAP team is continuing to host free webinars for recipient organization users to learn more. For a list of webinar dates and to register, visit https://fiscal.treasury.gov/asap/#webinars.

Frequently Asked Questions

• What is ID.me?
• ID.me is a trusted provider specializing in digital identity protection, giving users secure access to applications.

• Did this process replace Single Sign-On (SSO)?
• Yes.

• I do not yet have ASAP access. How do I obtain that?
• If your organization is not enrolled with ASAP.gov, you will need to contact your funding agency’s Enrollment Initiator (EI) directly. Any Active EI will be able to initiate your organization’s enrollment.
• If your Recipient Organization is already enrolled with ASAP.gov, you will need to contact any active Point of Contact (POC) so they can add you as a user.
• If you are a Federal Agency User, you will need to contact any active POC with your agency. Once your POC adds you as a user, any active Certifying Officer can approve new users.

• What if I have forgotten my ID.me password and/or am having trouble logging in to my ID.me account?
• If you have forgotten your ID.me password, your ID.me account is locked or suspended, or you receive an error message while attempting to sign in, there are various steps you can take to regain access to your account. Please visit: https://help.id.me/hc/en-us/articles/6482724739607-I-can-t-sign-in-to-my-account for a list of common sign-in issues and articles to assist you in resolving your issue.

• When creating/updating my ID.me account, will I need to verify my identity?
• Yes, as a part of creating your multi-factor access you will need to verify your identity.

• Why am I being asked to verify my identity again? I’ve already done this.
• Some of our users are encountering a new ID.me requirement. This is expected behavior and NOT a phishing attack. It is inconvenient, but it is also a feature designed to protect a user’s identity from fraudulent activity. Please contact ID.me directly if you have any questions.
• You may be prompted to reverify your identity if you modified your ID.me account (such as changing your name, address, email address, or phone number). Please see the following information on how to fix this issue: E4300 errors - ID.me Help Center

• Why do I need to supply my driver’s license and social security number?
• A driver’s license and social security number are mandatory for the public users. This is required as part of the integration with CAIA (Common Approach to Identity Assurance) as the government moves toward Zero Trust cybersecurity principles. While we understand the user concern regarding the change, it is required for continued use of federal applications like this one. Visit the following link to learn more about ID.me Security, Privacy and Compliance: https://www.id.me/security

• Who do I contact for the following ID.me questions: acceptable identity verification document types, document upload issues, multiple ID.me accounts, and ID.me login issues?
• Please visit https://help.id.me/hc/en-us and select one of their troubleshooting topics as shown in the example below:

• How do I keep my ID.me login secure?
• Having an account ID.me account with MFA creates an extra layer of security. Additional security steps that can be taken for your ID.me account are as follows:
• - Set up a backup MFA method.
• - Ensure your antivirus software on your PC is up to date.
• - Choose a secure/strong password.

For additional information on keeping your ID.me login secure, please see the following link: https://help.id.me/hc/en-us/articles/25753080598039-How-to-secure-your-account-after-a-data-breach

• How do I change my ID.me password?
• To change your ID.me password, navigate to “My Account > Sign In & Security > Password. You will then need to enter your current password. After entering your current password, you will be prompted to enter your new password. For additional information on changing your ID.me password, please see the following link: https://help.id.me/hc/en-us/articles/202087724-How-to-reset-your-ID-me-password

• If I need further help with my ID.me account, who do I contact?
• Please contact the ID.me Help Desk at: https://help.id.me/hc/en-us for help with your account.

• Is ID.me the only option available for providing identity verification?
• Currently, ID.me is the only option. Please see the following link for additional information: https://help.id.me/hc/en-us/articles/4416509221271-treasury-department-and-id-me

• If I already have an ID.me account, can I use it with ASAP? Or do I need to create a new one?
• You do not need to create a new account. Instead, you will need to add your ASAP.gov email address to your existing ID.me account, making it the primary email address. For assistance with adding a secondary email and changing your primary email, visit the following ID.me help page: https://help.id.me/hc/en-us/articles/360011500573-Changing-your-account-email-address

• My ID.me account is currently set up with my personal email address, how do I link it to my ASAP account?
• You will need to add your ASAP email address to your existing ID.me account. Your ASAP email address will need to be the primary email address on the account. For assistance with adding a secondary email and changing your primary email, visit the following ID.me help page: https://help.id.me/hc/en-us/articles/360011500573-Changing-your-account-email-address

• Are there MFA methods that are recommended over others?
• Though only one MFA method is required to obtain ASAP.gov access, we recommend setting up at least two MFA methods to further secure your account.
• MFA methods that require additional log-in requirements or physical hardware are considered the most secure and are recommended for use with your ID.me account. Those secure methods are listed here:
• - Passkey
• - Push Notification (via the ID.me Authenticator app)
• - Code Generator (via the ID.me Authenticator app)
• - Security Key
• - NFC-enabled security key (i.e.: Yubikey)

For additional information on MFA methods and recommendations, please visit: https://help.id.me/hc/en-us/articles/360018113053-How-to-choose-your-multi-factor-authentication-methods

• ID.me is giving me error messages stating that I have duplicate accounts, prohibiting me from adding my ASAP email address to my existing ID.me account. What do I do?
• You will most likely need to close the duplicate account. Once the second account is closed, it will take 7 days before you can go back and add your ASAP email and make it primary on your account. For additional instructions on this process, please visit: https://help.id.me/hc/en-us/articles/203532014-closing-your-id-me-account.

• What do I do if I’ve been a victim of fraud on either my ASAP.gov or ID.me account?
• Applications that store personal data such as identity documentation and personal contact information can be vulnerable to online scams and identity fraud.
• - If you believe someone has accessed your ID.me account, contact ID.me immediately at the following link: https://help.id.me/hc/en-us/p/contact_support
• - If you believe someone has accessed your ASAP.gov account, contact ASAP immediately at 855.868.0151 (option 2, option 3) or ASAPHELPDESK@fiscal.treasury.gov.

• Does this affect the Federal awarding agencies?
• Federal agency users log in with their PIV/CAC. Only Recipient Organization users are required to log into ASAP.gov via ID.me. For additional information, please see the following instructions for federal agency users to login via their PIV/CAC: https://fiscal.treasury.gov/files/asap/ASAP.gov-guide-for-federal-agency-user-to-test-and-link-piv.pdf.