Estimated reading time: 3 minutes
By Tom Barton, InCommon Research Consultant, Internet2
In Fall 2020, National Institutes of Health (NIH) leadership first addressed the InCommon community about how allowing researchers to use InCommon-enabled home credentials made it easier and faster for them to collaborate on the development of the COVID-19 vaccine.
At Internet2’s TechEX 2020, NIH highlighted three aspects of federated logins that help the agency manage risk:
- User Attributes from the Research & Scholarship Entity Category, which enable automatic enrollment of Identity Providers that support the R&S Entity Category into NIH’s federated login service and smooths the user experience.
- Multi-Factor Authentication (MFA), signaled by use of the REFEDS MFA Profile, a security measure now required to access most NIH services.
- Identity Assurance Information, conveyed using the REFEDS Assurance Framework (RAF), another security measure becoming required by NIH services that provide access to sensitive data as those services adapt to meet recent federal security requirements.
Get and Stay NIH Ready
Be sure to check our Get NIH Ready wiki for updates and other information.
You Supported the NIH Requirements, But Nobody Noticed
In a previous update, data were presented showing how InCommon Participants were very responsive in enabling their Identity Providers to support user attribute release and MFA for NIH’s Electronic Research Administration (eRA) system.
However, after reviewing the NIH logs, we’re finding that the majority of researchers still use Login.gov credentials. Why is that? Do they know that they can use their campus account?
In addition to doing the integration, campus IT must also communicate to researchers. Tell them even if they’ve already linked a Login.gov account with their eRA Commons account, they can also link their InCommon-federated campus account and use either one to access eRA. The linking process is exactly the same for both types of accounts.
Telling Users How to Link a Campus Account with an eRA Commons Account
Below is a set of steps you can send to your researchers, so they can link their NIH Commons accounts to your InCommon-federated campus account. (If you have users who have multiple roles within the eRA system, they must continue to use their eRA Commons accounts to access eRA for the time being.)
- On the eRA Commons Login page, choose Login with Federated Account on the left hand side, just below the Login with eRA Credentials area.
- Start typing your organization’s name into the box until you see it pop up in the list immediately below.
- Select your organization from the list, press the Login button, and do your normal campus login.
- If your campus account has not already been linked to your eRA Commons account, you will be taken to a page with “Associate your eRA Account” at the top left. It shows some information identifying the Authentication Source, which will be “Federated Credentials,” Institution/Organization name, which will show your organization’s name, and the username, which will generally be your first and last name.
- Just below that is a form on which you give your eRA username and password. Upon clicking Continue, your campus account is associated or linked with your eRA Commons account, and you can proceed to access eRA with that account.
Next Steps: Get Your Campus NIH Ready
Stay tuned for next month’s blog, Making Sure Your Identity Proofing Processes Are Ready.
Key Resources from MFA and Identity Requirements Webinar
On April 20, InCommon hosted a briefing on the InCommon community’s readiness to support NIH, featuring Jeff Erikson, chief of identity and access management at NIH, with Ann West, associate vice president, Trust & Identity at Internet2, moderating and taking questions. We created an updated FAQ based on the questions we received from community members and their corresponding answers.
ICYMI
An Update on the InCommon Community’s Readiness to Support NIH