skip to content
Thank you for visiting First Coast Service Options' Medicare provider website. This website is intended exclusively for Medicare providers and health care industry professionals to find the latest Medicare news and information affecting the provider community.
To enable us to present you with customized content that focuses on your area of interest, please select your preferences below:
Select which best describes you:
Join eNews       En Español
Text Size:
YouTube LinkedIn Email Print
Send a link to this page
[Multiple email addresses must be separated by a semicolon.]
Last Modified: 4/26/2024 Location: FL, PR, USVI Business: Part A, Part B

Multifactor authentication and SPOT registration

Helpful tips

1. Register more than one MFA device to ensure your access to SPOT goes uninterrupted.
2. If you already use an MFA passcode to access other IDM applications, you do not need to register another for SPOT.
3. Don’t share accounts. MFA devices and the access codes produced by them may not be shared.
4. Work with your information technology providers to find the best solution for you.
MFA (multifactor authentication) is required to log in to SPOT. CMS uses MFA to verify account holder identity for many of the other applications hosted on its IDM system. If you use other applications that are hosted on the Identity Management system (IDM) such as Physician Quality Reporting System (PQRS) or Provider Statistical and Reimbursement (PS&R), then you have already completed registration of a MFA device with your IDM account. You are ready to use MFA to access SPOT.
First Coast strongly recommends that you register multiple devices to ensure your access to SPOT. You are encouraged to register more than one MFA device. When logging into SPOT, you will select only one of these devices to receive your MFA passcode. Registration of additional devices ensures your access to SPOT should any of the devices not function properly. Passcodes change each time you log in to SPOT.
IDM will only send one passcode to one device at a time. While you may register more than one device, you can only request a passcode be sent to one device at a time. Secondary devices should be registered to serve as a fail-safe in the event the first MFA device does not generate in passcode to you.
Reminder: IDM accounts may not be shared. Each MFA device must be used for the SPOT account for which it’s registered.
Follow these steps to register an MFA device.

Instructions
Related screenshots

1. Navigate to CMS’ IDM system: https://home.idm.cms.gov external link

If you are not able to recall your SPOT user ID or password, click on the “Forgot your Password, User ID, or unlock your account” link below the red “New User Registration” button.
M sign in screen

2. Click on the My Profile button

me screen showing tiles

3. Select ‘Manage MFA and Recovery Devices’

 profile options

4. Choose the MFA device

To add another MFA device, click the drop-down menu, “add another device.” Choose from text message (SMS); Google Authenticator; Interactive Voice Response (IVR); and OKTA Verify.
Provide the required information to complete the set-up process.
You should then see a confirmation page and receive a confirmation email confirming your new MFA device.
Repeat this same process to add multiple MFA devices. Remember, it is important to have at least 2 device options set up to ensure uninterrupted access.
To edit an MFA device, click the green icon (or remove and then re-add if the green icon is not available). To remove an MFA device, click the red icon.
Manage MFA
First Coast Service Options (First Coast) strives to ensure that the information available on our provider website is accurate, detailed, and current. Therefore, this is a dynamic site and its content changes daily. It is best to access the site to ensure you have the most current information rather than printing articles or forms that may become obsolete without notice.