INQUIRY 19-06, Two-Factor Authentication for the Employee Personal Page

Published: October 25, 2019

Summary

As an added security enhancement, the National Finance Center (NFC) is adding two-factor authentication to the Employee Personal Page (EPP). This enhancement is being added for all EPP users whether they utilize a user ID and password or eAuthentication to access EPP.

This bulletin is being issued to assist Agencies to develop a communication plan for employees. An additional bulletin with additional information will be issued which will also include the implementation date once it is announced.

Affected Systems

System

System Impact

Employee Personal Page (EPP)

Two-factor authentication is being added.

Implementation

As part of the rollout of two-factor authentication, NFC will be validating users' email addresses. Users will be required to enter both a work email address and a personal email address the first time that they log in to EPP once two-factor authentication is implemented. This will be a one-time only validation for both eAuthentication and user ID and password log ons.

After validating email addresses, the user will be prompted to establish two-factor authentication.

To Validate Your Email Address and Establish Two-Factor Authentication:

  1. Connect to EPP.
  2. Log in to EPP. The Enter Your Work Email address page is displayed.
  3. Enter your work email address in the Work E-mail field. The work email must end in either .gov, .edu, or .mil.

    Note: If the employee has a work email address on IRIS Program IR119, Employee Personnel Data, it will be displayed in this field. The user may edit this field if desired. If the user does not have a work email address (e.g., contractors), they should select the I do not have a work email address button and follow the instructions that are displayed.

  4. Select the Submit button. An email containing a verification code is sent to the email address entered, and the Verify Your Work E-mail Address page is displayed.
  5. Verify your work email address by entering the code provided in the email.
  6. Select the Submit button. The Enter Your Personal E-mail Address page is displayed.
  7. Enter your personal email address in the Personal E-mail field. An email containing a verification code is sent to the email address entered, and the Verify Your Personal E-mail Address page is displayed.

    Note: If the user does not have a personal email address, they may reenter their work email address in this field.

  8. Verify the personal email address by entering the code provided in the email. The Two-Step Authentication page is displayed.
  9. To authenticate using a phone number, select the Text Message (SMS) radio button and select the Continue button. The Two-Step Authentication page (including the Phone Number field) is displayed. Enter your phone number in the Phone Number field. Select the Submit button. A text message containing a verification code is sent to your phone, and the Two-Step Authentication page (including the Verification Code field) is displayed. Verify your phone number by entering the code provided in the text. Select the Submit button. The user is now logged in to EPP.

    OR

    To authenticate using an authentication application, select the Authentication Application radio button and select the Continue button. The Two-Step Authentication page (including the authentication key and the QR code to be scanned) is displayed. Either enter the key provided on an authentication application or scan the QR code. A security code will be provided by the authentication application. Enter the code provided in the Enter the code from the app field. Select the Submit button. The user is now logged in to EPP.

    Note: Both user ID and eAuthentication users must follow this process the first time they log in to EPP after implementation of two-factor authentication. EPP users that utilize the User ID and password will be prompted to enter a verification code each time they log in to EPP.

    If users are attempting to access EPP from a smart device, they will be required to log in via their EPP user ID and password. eAuthentication will no longer be available when accessing EPP on smart devices.

Resources

An additional bulletin will be issued when this process is implemented.

The procedure manual for this application, which is available online at the NFC Web site, is being updated to include the information in this bulletin.

Inquiries

For questions about NFC processing, authorized Servicing Personnel Office representatives should contact the NFC Contact Center at 1-855-NFC-4GOV (1-855-632-4468) or via the customer service portal.