The CMS requires that your approved accesses to each of the systems in the CMS Identity Management System (IDM) be certified annually. All registered SPOT customers will need to be reviewed as part of the annual certification process. 

First Coast staff are responsible for reviewing the office approver (OA) and office backup approver (OBA) role accesses. If the user with the OA or OBA role for your organization is not the person we have on file in our records, the user’s access will be revoked. Customers who need to update the OA or OBA on our records should use the update request form for SPOT organizations immediately when a change has occurred to ensure accurate information is on file.

OAs and/or OBAs are responsible for reviewing the SPOT end user role accesses for their organization(s).

The initial CMS IDM annual certification requirements were implemented in July 2021. Roles are due for the annual certification one year after the previous certification, or one year after the role was established. Due to the initial requirements start date, many recertifications are due in the month of July. OAs and/or OBAs must routinely certify all end users before the annual certification due dates. Failure to certify end users timely will result in their role being removed. 

If users lose their role, they will need to follow these steps to regain access.

Office approver / office backup approver steps to certify SPOT end user access

SPOT office approver and office backup approvers will receive emails from the CMS IDM system when action is needed on the SPOT end users’ certification. Approvers must complete the certification for each of their end users before the due date or the user’s access will be revoked.

Annual certification steps are listed below.

1. Access the Identity Management (IDM) website and login.
2. Click the “My Annual Role Certifications” tile.
3. Click the user name to open the user details and carefully review each user within your organization who are due for certification. Only users who should continue to have access to your organization in SPOT should be certified.
   1. If no users are listed, no action is needed at this time.
   2. To certify a user, check the “I acknowledge” box and click the Certify button.

   3. To revoke, check the “I acknowledge” box and click the Revoke button.

      Note: quick click options are also available on the certification list screen to certify or revoke each user or the full list of users at once. 

4. You will be returned to the certification list to review additional users as needed.

For screenshots of this process, refer to either resource below:

• CMS IDM User Guide - Annual role certification section
• IDM Quick Reference Guide - How to complete annual role certification