Two-Factor Authentication: Use With eRA Modules

Quick Links

Overview of Steps



To make eRA user accounts more secure with two-factor authentication (also known as multi-factor authentication), eRA is offering users of eRA Commons, ASSIST and IAR two ways to comply:

These two options should be used instead of using an eRA account username and password.

* The ability of an organization to use its own credentials provided it supports NIH’s two-factor authentication standards. 

Will this change how I log into eRA systems? Once you associate your eRA account with your account, the next time you go to the eRA Commons login screen you will simply use the link and you will be redirected to the site to complete the login process and access eRA Commons.

What do I need to do?  To start using to login to eRA modules, you will need to complete the one-time process to associate your eRA account with your account. Go to the eRA Commons home screen, click on LOGIN.GOV, and follow the on-screen prompts (Our 2FA Flyer provides detailed steps and screenshots).


Overview of steps

  1. Select the LOGIN.GOV login option on the eRA Commons home screen (shown in screenshot above) to begin the process. Do not go straight to to create your account or initiate the login process.

  2. You will be redirected to the page for NIH.  Sign in with your username and password (if you have one already) and complete the two-factor authentication method you have set up for your account (text message, authentication application, etc.).
    • Or if you do not have a account, click on ‘create an account’ and follow the prompts.

  3. You will be redirected back to eRA Commons and presented with the Associate Your eRA Account screen. Here you will associate your account with your eRA Commons account (a one-time process):
    • You will enter your eRA Commons username and passphrase

  4. Once your eRA credentials are accepted, your account has been successfully associated with your eRA Commons account. You will then directly access eRA Commons.

  5. Going forward, click on the LOGIN.GOV in the login section of the eRA Commons home page. Sign in with your account and complete the two-factor authentication method you have set up for your account. You will automatically be logged into eRA Commons and taken to the eRA Commons landing screen.


  • Have your eRA Commons username and passphrase handy – you will be required to enter it to associate your account with your eRA Commons account.
  • If your eRA Commons passphrase has expired, click the Forgot Password/Unlock Account link on the eRA Commons home screen to reset your passphrase.


  • If you run into issues with or associating your account with your eRA account, please contact the eRA Service Desk.
  • You can also contact for additional help.

Timeline For Users To Associate With Their eRA Commons Account

  • All principal investigators (PIs) and key personnel associated with an application or Research Performance Progress Report (RPPR) are required to transition to the use of two-factor authentication 45 days after the submission of their competing grant application (Type 1 or 2) or their RPPR.
    • After 45 days of this triggering event, these users will not be able to access eRA modules until they set up and use a two-factor authentication service provider - and/or an InCommon Federated account (that supports NIH’s two-factor authentication standards).

    Note: PIs and key personnel do not have to wait for the 45-day trigger after submitting an application or RPPR to start using two-factor authentication.
  • The transition for reviewers to use two-factor authentication when using the Internet Assisted Review (IAR) module is ongoing and unchanged. Reviewers will continue to be required to use two-factor authentication as soon as they are enabled for a review meeting. Most reviewers have transitioned already.
  • Users with multiple eRA Commons accounts should hold off on moving to two-factor authentication until early 2023. eRA will then have a solution for users to consolidate their multiple accounts into a single eRA account that contains all their organization affiliations and roles.  More importantly, once users complete the consolidation process, they will be able to associate their or InCommon Federated account with one eRA account to support all their authentication needs. 
  • Examples of users with multiple accounts are:
    • a person with two separate administrative accounts,
    • a person with a signing official and principal investigator accounts (typically small business applicants) or
    • a person with principal investigator and assistant accounts.

  • As a reminder, those with one administrative account in eRA Commons need not wait and can go ahead now and set up and start using two-factor authentication.
  • If you have two administrative accounts, hold off on moving to two-factor authentication for those accounts. However, if your multiple accounts fall within the other examples, you could move your principal investigator account to two-factor authentication now and hold off on using two-factor authentication for your other account. 

  • Keep in mind, your principal investigator account may automatically be transitioned to require two-factor authentication as part of the transition timeline described above.
  • eRA partner agency applicants/recipients are encouraged to move to two-factor authentication, but not required to at this time (except for reviewers whose transition is ongoing; or applicants/recipients who apply to NIH or have an NIH grant). The updated plan applies only to NIH applicants/recipients.