May 25, 2021
This is the first in a series of posts regarding new login requirements from the National Institutes of Health (NIH). Effective September 15 eRA will require you:
- To provide a small set of identifying information (Research and Scholarship attributes), which are detailed below.
- To perform multi-factor authentication (MFA) for those using eRA
- To communicate the use of MFA using the REFEDS MFA profile
This email focuses on the need to provide NIH with necessary basic user information by using the Research & Scholarship Category. In future weeks, we will discuss the multifactor authentication requirements, and coming identity assurance needs.
What is NIH Doing?
NIH is introducing a new login service gateway to streamline external access to NIH resources. Your researchers, faculty, and staff who interact with NIH will see this change when accessing the electronic Research Administration (eRA), NIH’s research administration portal for Principal Investigators and grant administrators. NIH has signaled that other applications and services will likely make similar changes in the future.
What is the Research & Scholarship Category?
The Research and Scholarship Category provides a simple and scalable way for identity providers to release minimal required basic and non-sensitive information to services that support research, scholarship, and collaboration. Services join the category after vetting by InCommon or another national identity federation. When a new service joins the category, it automatically receives the required attributes, which include:
- A persistent, non-reassigned user identifier
- Email address
- Affiliation (this is optional)
If you are unable to take this categorical approach, you can configure your identity provider system to release these user attributes specifically to the NIH Login Service.
What are the Other NIH Requirements?
The three NIH requirements are:
- As noted above, adopt the REFEDS Research and Scholarship Entity Category (R&S)
- Adopt the REFEDS MFA profile – Signal your assurance of strong authentication (MFA)
- Adopt the REFEDS Assurance Framework v1, which signals your assurance of the person’s identity (at minimum, signal “Local Enterprise”)
Future emails will provide the details for the MFA and assurance requirements.
What are the benefits of doing this?
- This is what federation was made for. Your faculty, researchers, and scientists will enjoy the benefits of single sign-on with any NIH service in the Federation, as well as those from other federal agencies, non-profits, and many other collaboration services.
- You will provide a superior user experience for your faculty and staff.
- Doing the work now positions your institution for the future, when NIH adds these requirements to other services and other research organizations follow suit.
- Providing federated login means you are in a better position to troubleshoot any problems your users have, again making for a better experience.
A number of resources provide additional information:
- REFEDS Research & Scholarship Category page
- April 2021 IAM Online – “National Institutes of Health and Identity Management Requirements”
- May 2021 IAM Online – “Increasing Identity Assurance and Improving NIH Readiness”
- A detailed roadmap to “get NIH-ready” on the InCommon wiki
- NIH Office Hour recording (March 10, 2021)
Please contact email@example.com with any questions about R&S or the NIH requirements in general.