We are implementing a different authentication method that will affect how you access ECOS in the future.  

What is changing?  

We have partnered with DOI and login.gov to fulfill user authentication needs for ECOS. This service that allows you to securely login and authenticate with ECOS applications.  This authentication service, provided by GSA, offers a single sign-on capability across several government websites and applications such as USAjobs(.)gov. 

Why is this changing?  

Login.gov supports authentication with a PIV card if you are a Federal user, as well as other two-factor authentication methods for non-Federal users. This increases security by preventing hackers from compromising your account if they only have your password. In addition, login.gov improves single-sign-on behavior so you don’t have to sign in multiple times when visiting different applications in ECOS. This integration will satisfy enhanced federal security requirements for multifactor authentication. 

When is this changing? 

The current schedule for deployment in our production environment is Monday, October 5th, 2020.  

How will the login process be different? 

The only thing that changes, for you as a user, is the place where you login. Otherwise, the general workflow will be the same. When navigating to a secured ECOS application or clicking on the “Secure Login” link, you will see a screen requiring you to login with your account credentials – just like you do today. The difference is that the login screen will be coming from login.gov. If you have an account set up to authenticate with a PIV card (as all FWS users must), login.gov will prompt you for your PIN. After successfully authenticating, you will return to ECOS and use your applications as usual. Your ECOS account, roles, reports, and data will remain the same.  

What do you need to do? 

You will need to set up an account at login.gov. They have some excellent instructions to follow here. You must use the same email address that you use   for ECOS today to link your account information in ECOS applications. All USFWS users must associate their PIV cards with their login.gov account, as described in the login.gov instructions. Other users may choose a two-factor authentication method optionally. You can create a login.gov account at any time. You do not need to wait until the deployment. If you do not create an account before the deployment date, you will need to do so before logging in after the change takes effect.  

Helpful tips

• If you already have a login.gov account using the same email address you currently use for ECOS, you do not need to set up a new account. If you are an FWS user, you will need to associate your PIV card, however.
• If you have trouble setting up your account, you can contact the login.gov help desk https://login.gov/contact/

What if I have more than one certificate to choose from when registering my PIV card?

Most of us have a few certificates on our computer, sometimes they are IRTM support staff and sometimes there is more than one for us. Usually, the certificate for us is at the top, but if you try this one and it does not work, look at the certificate information, and you will see a date; if the date is today, this is the correct one to choose. If you select the incorrect certificate more than once, you will need to wait for 10 minutes for your account to reset in login.gov.

Known issues

• PIV authentication does not work natively with the Firefox browser. Please use Chrome or Edge when logging in with your PIV.
• If multiple certificates you may get a time-out error. Select another cert in list, once you select the correct cert you will be re-directed to ECOS.

What can I do if I have questions?

Please contact the ECOS Help Desk with questions.