Skip to Content
Cancer Therapy Evaluation Program (CTEP)
Contact NExT
Show menu
Search this site
Last Updated: 04/10/23

NCI CTEP IAM User Access Update

To ensure the security and safety of National Cancer Institute (NCI) systems, subjects, research staff, and all associated sensitive information, NCI has now incorporated Identity Verification/ Proofing (IP) and Multi-Factor Authentication (MFA) into systems access. Identity verification and MFA is required for all U.S. federal systems to meet NIST SP 800-63-3 Digital Identity Guidelines. This next generation of technology and techniques is required to protect user credentials accessing systems with confidential information in accordance with the Federal Information Security Management Act (FISMA). NCI must restrict NCI applications to users that have completed the identity verification and MFA process by January 1, 2024.

To comply with Federal regulations, NCI has partnered with ID.me, a next-generation identity platform which meets the highest federal standards for online identity proofing and authentication. ID.me provides the strongest identity verification system available to prevent system breaches and user identity theft. ID.me’s primary goal is to ensure sufficient evidence of a user’s identity in order to meet NIST SP 800-63-3 Digital Identity Guidelines. Users will be required to enroll in ID.me with a one-time submission of unique identifiers and photo/ video proof for identity verification and authentication. This digital security process ensures your data is safe, encrypted, & protected and has been leveraged by federal government services, state agencies, and private companies nationwide. Please visit ID.me Government for more information on Federal and State partnerships.

Background

Identity Proofing (IP) is the process of verifying a user’s digital identity using official, secure documentation, such as a driver’s license or passport. The goal of identity proofing is to ensure that a user's claimed identity matches their actual identity. Digital Authentication is the process of verifying a user or device’s identity to enable access to a secure digital service (website, application, etc.). There are multiple ways to verify a user’s electronic digital identity. Single-Factor Authentication is the use of a single authenticator, traditionally a password, to verify user identity. Multi-Factor Authentication (MFA) is a digital authentication method that requires a user to provide two or more authentication factors to gain access to a protected system. Also known as Two Factor Authentication (2FA), this method ensures that user accounts and system data remain secure even when a user’s password becomes compromised.

Affected Systems

Updated authentication requirements apply to all systems utilizing CTEP-IAM, including:

  • NCI systems such as, CTEP ESYS, CTSU ESYS, THERADEX, CIRB and NCORP SYS applications
  • Any other systems, including LPO websites, that use CTEP-IAM for federated authentication purposes

Affected Users

The new authentication requirements apply to all new and currently registered system users (all those with a CTEP-IAM account), including NCI, LPO, contractors, site staff, and international users.

International Users

International users or CTEP users living outside of the U.S. are expected to complete their identity verification and MFA setup with ID.me. While this is a requirement to access U.S. government IT applications according to NIST SP 800-63-3 Digital Identity Guidelines, these guidelines are in place to protect user information and proprietary system data, irrespective of country residence. Many international governments have collaborated with NIST and even fully incorporated the NIST framework to safeguard user access and digital data. Public Safety Canada endorses the NIST Framework, developed by the United States’ Department of Homeland Security with the National Institute for Standards and Technology (NIST), and acknowledges the relevance and applicability of the NIST Framework in the Canadian context and cyber security. Users under GDPR compliance or those without possession of one of the unique identifiers accepted by ID.me (U.S. SSN / ITIN, or international passport), will be allowed to utilize CTEP-IAM accounts and temporarily bypass the ID.me requirement. This provision will be in place until January 1, 2024, after which, users will need to register with ID.me for continued access to NCI systems. For detailed steps on creating an ID.me account as an international user, click here.

NIH Account Holders

NIH accounts already meet the IP/MFA requirement to access federal systems. Users with NIH accounts are not required to complete the ID.me account process and can continue using their CTEP-IAM or NIH credentials/ PIV cards (where available) to log in to NCI systems.

Timeline for Users

July 8, 2022: The ID.me IP/MFA process has now been introduced for all system users. Existing CTEP-IAM account credentials will allow access for one year, or until users have authenticated using ID.me. Users requesting new CTEP-IAM accounts will be required to complete the ID. me IP/ MFA process before having access to NCI systems. NIH account holders are not required to complete the ID me process

January 1, 2024: Migration to ID.me IP/MFA is expected to be completed. After this date, users who have not enrolled in ID.me and linked their account to CTEP-IAM will be unable to access NCI systems.

Flowchart illustrating the ID.me IP/MFA workflow

After July 8, 2022, all NCI application users must complete the ID.me authentication and link their ID.me credentials to their CTEP-IAM accounts. This process must be completed directly through the CTEP- IAM application site. Once an ID.me IP/MFA account has been linked, only ID.me credentials (username and password plus the selected MFA option) will allow a user to access NCI systems. CTEP-IAM credentials will no longer allow access.

To enroll in ID.me, users will need to provide a unique identifier (such as a social security number (SSN), individual tax identity number (ITIN), and/or passport number), photo identification, and picture verification (via a selfie submission or video call). Users will only need to verify their identity with ID.me once.

Webinars:

Live webinars on the CTEP-IAM & ID.me implementation will be hosted to provide users with helpful & hands-on information. Specialized CTEP-IAM Identity Proofing (IP) and MFA information sessions will be hosted for Canadian Users. Webinars are expected to resume June 2023. Please check back for scheduled dates and registration links for each session.

Completing the ID.me IP/MFA Process

  Existing Users (those with CTEP-IAM accounts): New Users (those applying for CTEP-IAM accounts for the first time):
What you will need to have:
  • CTEP-IAM login credentials
  • 1 unique identifier: U.S. Social Security Number (SSN), U.S. Individual Tax Identification Number (ITIN), or valid passport number (only option for users that live outside of the US)
  • 2-3 identification documents: Driver’s License, State I.D., Passport, see more for documents accepted in U.S. and other countries
  • Identity verification device: A smart phone or computer with front facing camera
  • Multi-factor authentication device: Text message service, phone (mobile or landline), or authenticator app
  • 1 unique identifier: U.S. Social Security Number (SSN), U.S. Individual Tax Identification Number (ITIN), or valid passport number (only option for users that live outside of the US)
  • 2-3 identification documents: Driver’s License, State I.D., Passport, see more for documents accepted in U.S. and other countries
  • Identity verification device: A smart phone or computer with front facing camera
  • Multi-factor authentication device: Text message service, phone (mobile or landline), or authenticator app
What you will need to do:
  1. Log into CTEP- IAM application
  2. Navigate to “ID.me Information” and create account using steps 3-6 or sign into ID.me
  3. Select MFA preference
  4. Identify who you are by providing unique identifier
  5. Verify identity with proof by submitting documents
  6. Validate identity with selfie or video chat (only option for int. users)
  7. Share ID.me information to link credentials to CTEP-IAM account
  1. Request a new account
  2. Confirm account request and create new ID.me account using steps 3-6 or sign into ID.me
  3. Select MFA preference
  4. Identify who you are by providing unique identifier
  5. Verify identity with proof by submitting documents
  6. Validate identity with selfie or video chat (only option for int. users)
  7. Share ID.me information to link credentials to CTEP-IAM account
Where you can find detailed instructions: Existing User SOP New User SOP
Where you can find a training video: ID.me Existing User Training Video
ID.me Existing User Training Video Transcript
ID.me New User Training Video
ID.me New User Training Video Transcript

Special Notices for International Research Staff

Memo to International Researchers
Memo to Canadian Researchers

Help/Additional Resources

Additional communication will be provided through various methods to include email broadcasts, newsletters, and training videos. Be sure to return to this page for updates on the NCI and ID.me integration and help resources.

Individuals registered as registration coordinators in RCR/ECM will now receive a monthly report indicating which investigators on their site list have or have not onboarded to ID.me.

For frequently asked questions, click here

For more information on the NCI and ID.me integration, please visit NCI & ID.me.
For more information on ID.me’s privacy policies please visit ID.me Privacy Policy
For questions about the NCI and ID.me authentication process, please contact the CTEP Help Desk at ctephelpdesk@nih.gov.
For questions about your ID.me account or the ID.me verification process, go to ID.me Help Center.