Last Modified: 11/12/2017 Location: FL, PR, USVI Business: Part A, Part B
Multifactor authentication (MFA) frequently-asked questions
Q. When do I need to have a registered MFA device in place?
A. The MFA passcode is required to log in to SPOT. SPOT account holders are encouraged to register multiple devices. If you experience any difficulties registering your device or accessing SPOT, contact the SPOT Help Desk by calling 855-416-4199 or emailing FCSOSPOTHelp@fcso.com. Other resources:
• Step-by-step guide - How to register your MFA device
• First Coast's recorded webcast on MFA
• CMS MFA registration 'How To' video
Q. Can I register more than one MFA device?
A. Yes. First Coast recommends that you register more than one multifactor authentication (MFA) device. To register a second or third device, follow the steps you took in registering your initial MFA device. When logging into SPOT, you will select only one of these devices to receive your MFA passcode. Registration of additional devices ensures your access to SPOT should other devices not function properly. Passcodes change each time you log in to SPOT.
Q. If I am already getting a request to enter a MFA passcode, do I need to register another device to access SPOT?
A. If you use other applications such as Physician Quality Reporting System (PQRS) or Provider Statistical and Reimbursement (PS&R) that are hosted on the Enterprise Identity Management System (EIDM), then you have already completed registration of a MFA device with your EIDM account. You are ready to use MFA to access SPOT. The Centers for Medicare & Medicaid Services uses MFA to verify account holder identity for many of the other applications hosted on its EIDM system.
However, if this is the first time you are seeing the field to enter the MFA passcode and you wish to register your first MFA device, enter only the password you use to access SPOT at this time. First Coast offers this step-by-step guide to help you register your first MFA device.
Q. Can I register a single device for multiple users?
A. No. Each MFA device must be used for the SPOT account for which it’s registered. Passcodes generated from unlinked MFA devices will not work. Also, please note that SPOT and EIDM accounts may not be shared. First Coast strongly recommends that you register multiple devices to ensure your access to SPOT.
Q. What do I need to tell my IT people about downloading this software to my computer? I access all of my programs through a thin client?
A. Most SPOT account holders will be able to download and use the Symantec VIP software on their desktop or laptop, depending on the setup for your organization's information system. First Coast encourages you to work with your information technology providers to find the best solution for you. If your “thin client” system does not allow for the software to be downloaded to your desktop, please use one of the other MFA devices to receive your passcode.
Q. Do we need to enter the authentication passcode each time we log in to SPOT?
A. Yes. Each time you log in to SPOT you will be asked to enter the passcode from your MFA device. If you are in and out of your SPOT account multiple times throughout the day, you will enter the unique passcode for each instance that you reenter the system. If you choose to use the Symantec VIP software, note that the six-digit security passcode changes every 30 seconds. Enter the passcode as it appears on the VIP window.
Q. Does the same code get sent to all of the devices you registered?
A. The EIDM authentication system will only send one passcode to one device at a time. While you may register more than one device, you can only request a passcode be sent to one device at a time. Secondary devices should be registered to serve as a fail-safe in the event the first MFA device does not generate in passcode to you. If you elect to receive your passcode via email, note that this may take several minutes before you receive the passcode to log in to SPOT.
Q. What is the best way for me to get a MFA passcode if I work from multiple work stations?
A. If you work from multiple locations or several different workstations, registering a mobile phone to receive the MFA passcode or downloading the Symantec VIP application to your smartphone may represent the better MFA solution for you. You may also choose to receive the passcode from the automated Interactive Voice Response (IVR) system. You may register your mobile phone number as an IVR option.
First Coast Service Options (First Coast) strives to ensure that the information available on our provider website is accurate, detailed, and current. Therefore, this is a dynamic site and its content changes daily. It is best to access the site to ensure you have the most current information rather than printing articles or forms that may become obsolete without notice.