ACCESS MANAGEMENT SYSTEM
U.S. Department of Health & Human Services

How to Log into AMS with Your Credential Service Provider (CSP) Account Using Multi-Factor Authentication (MFA)

AMS Supports external (non-HHS) user access to Level of Assurance (LOA) 1 applications using credentials from a third-party Credential Service Provider (CSP) such as Yahoo, Gmail, PayPal, or LinkedIn. Applications that are accessed using a third-party credential typically set up application privileges and authorization rights based on the third-party account that is used to access the application.

LOA 1 applications that require users to authenticate using a second factor leverage AMS feature of Multifactor Authentication (MFA) to grant users access to an application. AMS will challenge users for a second factor by sending a One-Time Password (OTP) to the user's registered mobile device.

Note: Each time a user accesses an application with a different CSP credential, the user will be treated as a different user as the user is uniquely identified by the CSP account.

  1. If the Application Login page includes multiple authentication login options, select the option to login using AMS from the Application login page. Once selected, you will be redirected to the AMS Partner Login page available to external (non-HHS) users.

    Note: If you attempt to log in from the Application login page with an active AMS session that is greater than LOA 1, then you will automatically be redirected to the application homepage.

    AMS login page for external users

  2. From the AMS Partner Login page for external users, select a CSP.

    Note: Ensure you have an active account with the selected CSP prior to accessing the application via AMS.

  3. Log into your CSP account with the correct username and password.

  4. Once logged in, you will be presented with a consent page. Accept the terms and conditions to continue with application authentication.

    Note: The consent page is unique to each CSP and you will be required to accept the terms to continue.

    Terms and Conditions of Use and Privacy Notice

    Note: This image is an example of a terms and conditions message that may be displayed.

  5. If you accept the terms and conditions, you will be directed to the application homepage once you have been authorized by the application.

  6. Select your mobile device's service provider, and enter your mobile device number, and click the "Register" button.

    Mobile registration page

  7. Once the information is submitted, a One-Time Password (OTP) will be sent via SMS to the mobile number entered during Mobile Registration.

  8. Enter the same OTP received on your mobile device on the AMS One-Time Password page and click the "Submit" button to complete registration of your mobile device. You will then be directed to the application homepage.

    Note: For users who have already registered a mobile device, an OTP will be sent automatically via SMS to the registered mobile device. Enter the OTP on the AMS One-Time Password page and click "Submit."

    AMS One-Time Password page

  9. In order to unregister a registered mobile device, there is an option on the AMS One-Time Password Page. Select the "here" link, and a pop-up message will be displayed asking you to confirm the unregistration of the mobile number.

  10. Click the Unregister button to unregister the mobile number. Clicking the Cancel button will close the pop-up message.

    Note: You will need to register a new mobile number in order to access a LOA 1 application that requires a second factor.

    Unregister Mobile Device. Your mobile number has been unregistered. Please log back in to register a new mobile number.