1. Home
  2. MFA Support

Multi-factor Authentication (MFA)

MFA is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as NPMS. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack.

In order to access NPMS, users will need to have a login account with an approved MFA provider. NPMS currently supports the following MFA providers:

Login.gov

How to Register for a Login.gov Account

  1. Enter your email address at https://secure.login.gov/sign_up/enter_email to begin.
    NOTE: For NPMS authentication through LOGIN.GOV, please add an email that reflects your status as a direct official/employee of a government agency, tribal government, or a pipeline operator. For existing NPMS account holders, this should be the email you provided for your original NPMS account request. For new NPMS account requests, you will enter this official email on the NPMS account request form.
  2. Click the "Submit" button.
  3. Check your email for a message from LOGIN.GOV.
  4. Click the "Confirm your email address" button in the message. This will take you back to the LOGIN.GOV website.
  5. Create your LOGIN.GOV password (Passwords must be at least 12 characters).
  6. Setup the secondary layer of security. LOGIN.GOV requires you set up a secondary authentication method to keep your account secure. This is referred to as two-factor authentication (2FA). You can choose from several authentication options.

Trouble Signing In to Login.gov? Support can be found here.

MyAccess

How to Register for a MyAccess Account

NOTE: For US Department of Transportation PIV card holders ONLY.
Please consult MyAccess or DOT official communications about Okta enrollment as instructions may change. The below steps were accurate as of November 2023.

  1. Log into the DOT workstation
  2. Open the Okta Desktop application on your desktop.
  3. The first time you run Okta Verify on your desktop, you will be presented with a welcome screen. This welcome screen is shown when Okta hasn’t been set up on a new GFE device. Press “Get Started,” then “Next,”. If the Organizations Sign-In URL is blank, input the following link when prompted: https://workforce.faa.gov Press “Next”.
    • If you have been issued a Logical Access Card (LAC) for a privileged account, remove it (your PIV card needs to remain connected) from the smart card reader or you may be prompted to input a PIN more than once.
  4. Okta will open the default browser and verify your browser connection. The verification process continues in the browser.
  5. Once the browser page loads, select “Sign in with PIV/CAC card”. Then select your PIV authentication certificate and enter your PIN.
  6. The browser will then display “Your identity is verified.” You may close the browser and go back to the Okta Verify desktop window.
  7. The Okta Verify desktop application will present you with a panel that asks you to set up Windows Hello. Select “Not now” to skip setting up Windows Hello. (The Windows Hello feature is not available at this time.) The Okta Verify desktop application will display your enrolled account. This step may take up to two minutes.
  8. Close both the Okta Verify Desktop application and the browser.

Enrollment of your DOT desktop is now complete.

Trouble Signing In to MyAccess? Support can be found here.