INQUIRY 19-09, Implementation of Two-Factor Authentication for the Employee Personal Page

Published: December 4, 2019
Effective: Pay Period 24, 2019

Summary

This bulletin supersedes INQUIRY Bulletin 19-07, Implementation of Two-Factor Authentication for the Employee Personal Page, dated November 19, 2019, to announce the December 4, 2019, implementation date for this change.

As an added security enhancement, the National Finance Center (NFC) has added two-factor authentication to the Employee Personal Page (EPP). This enhancement was added for all EPP users whether they utilize a user ID and password or eAuthentication to access EPP.

NFC strongly encourages all users to log in and verify access before the end of the calendar year.

Affected Systems

System

System Impact

Employee Personal Page (EPP)

Two-factor authentication was added.

Implementation

As of December 4, 2019, EPP users are required to perform two-factor authentication when logging in to EPP.

As part of the rollout of two-factor authentication, NFC will validate users' email addresses. Users are required to enter an email address in the Work E-mail and Personal E-mail fields the first time that they log in to EPP after the two-factor authentication implementation. This is a one-time-only validation for both eAuthentication and user ID and password logons.

After validating email addresses, the user will be prompted to establish two-factor authentication.

To Validate Your Email Address and Establish Two-Factor Authentication:

  1. Connect to EPP.
  2. Log in to EPP. The Enter Your Work Email address page is displayed.
  3. Enter your work email address in the Work E-mail field. The work email must end in either .gov, .edu, or .mil.

    Note: Agencies should ensure that new employee information is correctly recorded on Document Type 444, EHRI RSM Elemn, as that information will display on Information/Research Inquiry System (IRIS) Program IR119, Employee Personnel Data. A work email address entered on Document Type 444 will be displayed in the Work E-mail field. The user may edit this field if desired. If the user does not have a work email address (e.g., contractors), they should select the I do not have a work email address button and follow the instructions that are displayed on the screen.

  4. Select the Submit button. An email containing a verification code is sent to the email address entered, and the Verify Your Work E-mail Address page is displayed.
  5. Verify your work email address by entering the code provided in the email.
  6. Select the Submit button. The Enter Your Personal E-mail Address page is displayed.
  7. Enter your personal email address in the Personal E-mail field. An email containing a verification code is sent to the email address entered, and the Verify Your Personal E-mail Address page is displayed.

    Note: If the user does not have a personal email address, they may reenter their work email address in this field.

  8. Verify the personal email address by entering the code provided in the email. The Two-Step Authentication page is displayed.
  9. To authenticate using a phone number, select the Text Message (SMS) radio button and select the Continue button. The Two-Step Authentication page (including the Phone Number field) is displayed. Enter your phone number in the Phone Number field. Select the Submit button. A text message containing a verification code is sent to your phone, and the Two-Step Authentication page (including the Verification Code field) is displayed. Verify your phone number by entering the code provided in the text. Select the Submit button. The user is now logged in to EPP.

    OR

    To authenticate using an authentication application, select the Authentication Application radio button and select the Continue button. The Two-Step Authentication page (including the authentication key and the QR (scan) code to be scanned) is displayed. Either enter the key provided on an authentication application or scan the QR (scan) code. A security code will be provided by the authentication application. Enter the code provided in the Enter the code from the app field. Select the Submit button. The user is now logged in to EPP.

    Note: Both user ID and eAuthentication users must follow this process the first time they log in to EPP after implementation of two-factor uthentication. EPP users that utilize the User ID and password will be prompted to enter a verification code each time they log in to EPP.

    If users are attempting to access EPP from a smart device, they will be required to log in via their EPP user ID and password. eAuthentication will no longer be available when accessing EPP on smart devices.

    Employees who are located outside of the United States will not be able to use the text message option for two-factor authentication. They must utilize the Authentication App.

Resources

The procedure manual for this application has been updated, and a Quick Reference Card (QRC) with the information in this bulletin is available online at the NFC Web site.

Inquiries

For questions about NFC processing, authorized Servicing Personnel Office representatives should contact the NFC Contact Center at 1-855-NFC-4GOV (1-855-632-4468) or via the customer service portal.