Skip to Content
Cancer Therapy Evaluation Program (CTEP)
Contact NExT
Show menu
Search this site
Last Updated: 11/17/23

NCI CTEP IAM User Access Update

The U.S. federal government has implemented new IT security requirements to improve data security. These requirements include Identity Proofing/Verification (IP) and Multi-factor Authentication (MFA). To ensure the security and safety of National Cancer Institute (NCI) systems, subjects, research staff, and all associated sensitive information, NCI has now incorporated IP and MFA into systems access. This next generation of technology and techniques is required to protect user credentials when accessing systems with confidential information in accordance with the Federal Information Security Management Act (FISMA). NCI has partnered with, a nationally recognized identity platform that meets the highest federal standards for online identity proofing and authentication, in order to meet the enhanced Federal IT security requirements in accordance with NIST SP 800-63-3 Digital Identity Guidelines.

The NCI database includes patient and proprietary information, and therefore requires level 2 IP. Level 2 IP requires the collection of a unique identifier such as a social security number, U.S. tax ID, or passport number; and an additional primary document (ex. Driver’s license). However, since partnering with, NCI has gained insightful data on the reluctance within our research communities to share the type of information necessary for level 2 identity proofing that would potentially jeopardize participation on NCI research trials.

With this new understanding, the NCI has secured a ‘waiver’ to the NIST level 2 IP requirements. NCI will still be implementing cybersecurity enhancements but without the stringent NIST requirements. The NCI will be implementing an alternative approach to identity verification called Knowledge Based Authentication- Replacement (KBA-R). This method of identity verification will vary based on a user’s resident country. All CTEP-IAM users, regardless of location, will still be prompted to set up standard multi-factor authentication.

By implementing MFA, with the alternative IP requirements, NCI aims to significantly enhance IT security without causing unnecessary disruption to your continued support of the NCI clinical research program. Please see below for more details on these changes.

  U.S.-Based CTEP USERS Canadian-Based CTEP USERS Other International-Based
Identity verification
Must verify identity with email address, a personal phone number, OR a government-issued photo ID (Driver’s License, Passport, Passport Card, or State ID). Alternative IP procedures are being considered. May continue to use IAM until a more suitable identity proofing solution is identified. Alternative IP procedures are being considered. May continue to use IAM until a more suitable identity proofing solution is identified.
Multi-factor authentication requirement Must set up MFA Able to set up MFA Able to set up MFA
Expected target date January 1, 2024 No set target date No set target date


Identity Proofing (IP) is the process of verifying a user’s digital identity using official, secure documentation such as a driver’s license or passport. The goal of identity proofing is to ensure that a user's claimed identity matches their actual identity. Digital Authentication is the process of verifying a user or device’s identity to enable access to a secure digital service (website, application, etc.). There are multiple ways to verify a user’s electronic digital identity. Single-Factor Authentication is the use of a single authenticator, traditionally a password, to verify user identity. MFA is a digital authentication method that requires a user to provide two or more authentication factors to gain access to a protected system. Also known as Two Factor Authentication (2FA), this method ensures that user accounts and system data remain secure even when a user’s password becomes compromised.

Affected Systems

Updated authentication requirements apply to all systems utilizing CTEP-IAM, including:

  • NCI systems such as CTEP ESYS, CTSU ESYS, THERADEX, CIRB, and NCORP SYS applications
  • Any other systems, including LPO websites, that use CTEP-IAM for federated authentication purposes

Affected Users

The new authentication requirements apply to all new and currently registered system users (all those with a CTEP-IAM account), including NCI, LPO, contractors, site staff, and international users.

International Users

NCI is evaluating the requirement of identity proofing and MFA set-up for international users. All research staff will be expected to onboard with for MFA, however, more details on this process will be provided at a later date. Users living outside of the U.S. will also be expected to complete identity verification once a new method and timeline have been determined. While this is a requirement to access U.S. government IT applications according to NIST SP 800-63-3 Digital Identity Guidelines, these guidelines are in place to protect user information and proprietary system data, irrespective of country residence.

NIH Account Holders

Users with NIH accounts are not required to onboard with NIH accounts already meet the IP/MFA requirement to access federal systems. For continued access to CTEP applications, users should instead link their NIH credentials/PIV cards to their existing or newly created CTEP-IAM accounts using the below instructions.

Where you can find detailed instructions: Existing CTEP-IAM users linking their CTEP-IAM account and NIH PIV/credentials SOP New users requesting a CTEP-IAM account and linking their new CTEP-IAM account and NIH PIV/ credentials SOP

Timeline for Users

July 8, 2022: The IP/MFA process has now been introduced for all system users. Existing CTEP-IAM account credentials will allow access until users have authenticated using and linked their credentials.

August 10, 2023: Alternative identity verification methods will be introduced for CTEP-IAM users.

January 1, 2024: Migration to IP/MFA is expected to be completed for U.S.-based users. Target date will be determined for Canadian and other international investigators.

Flowchart illustrating the IP/MFA workflow

All NCI application users onboarding with must complete IP/MFA set-up and link their credentials to their CTEP-IAM accounts. This process must be completed directly through the CTEP-IAM application site. Once an IP/MFA account has been linked, only credentials (username and password plus the selected MFA option) will allow a user to access NCI systems. CTEP-IAM credentials will no longer allow access. Users will only need to verify their identity with once.


Live webinars on the CTEP-IAM & implementation will be hosted to provide users with helpful and hands-on information. Please see the scheduled sessions and registration link below.

Webinar Schedule (All users) – Webex Registration Link
October 18th - 1pm EST
November 15th - 11 am EST
December 13th - 1pm EST
January 17th - 11 am EST
February 7th - 1pm EST
March 13th - 11 am EST
Where you can find detailed instructions: Existing CTEP-IAM user SOP New CTEP-IAM user SOP
Where you can find a training video: Existing CTEP-IAM user creating a new account- training video and transcript

Existing CTEP-IAM user linking existing account- training video and transcript
New CTEP-IAM user creating a new account- training video and transcript

Help/Additional Resources

Additional communication will be provided through various methods to include email broadcasts, newsletters, and training videos. Be sure to return to this page for updates on the NCI and integration and help resources.

For frequently asked questions, click here

For more information on the NCI and integration, please visit NCI &

For more information on’s privacy policies please visit Privacy Policy

For questions about the NCI and authentication process, please contact the CTEP Help Desk at

For questions about your account or the verification process, go to Help Center.