QualityNet Jira and QualityNet Confluence will be briefly unavailable on Monday, December 23, 2024, between 8:00 PM ET and 10:00 PM ET while the team performs an AMI update.  If you have questions or concerns, please reach out to us in Slack at #help-atlassian.

QualityNet IT Services

Page tree


CMS Center for Clinical Standards and Quality (CCSQ) System Management

HCQIS Access Roles and Profile (HARP) is a secure identity management portal provided by the Centers for Medicare and Medicaid Services (CMS). Creating an account via HARP provides users with a user ID and password that can be used to sign into many CMS applications. It also provides a single location for users to modify their user profile, change their password, update their challenge question, and add and remove two-factor authentication devices.


New and returning HARP users should follow the process outlined in the Getting Started tab on this page to ensure they are complying with CMS system access policies.


HARP Email Notifications

CCSQ system developers and oversight teams may want to stay up to date on the latest HARP news, outage, release and maintenance information.  Follow the steps below to sign up for HARP ListServ information.

To receive notifications with news, release and maintenance information, sign up for the HARP ListServ. Users can be request to be added to our subscriber list by clicking on the link and following the instructions below:

ListServ Sign-up


For information regarding HARP releases, upgrades, outages and general announcements

  1. On the page select the Public Lists tab
  2. Enter your name and email
  3. Select the checkbox next to HARP Notify: HCQIS Access Roles and Profile (HARP) Notifications
  4. Click Submit

For news and information for development teams integrating with HARP

  1. On the page select the Private Lists tab
  2. Enter your name and email
  3. Select the checkbox next to HARP IntDev: HCQIS Access Roles and Profile (HARP) Integrated Development Notifications
  4. Click Submit

Creating a HARP Account

All HARP Users

HARP provides access to multiple applications for users needing QualityNet IT services. The services and roles available depend on your user type and your organization’s approved systems. CCSQ support contractors, CMS employees, and external user organizations each have different access requirements. As a result, each user group follows a unique process to gain access and may need to complete security or system-use training before being authorized.

This page outlines your user type and access requirements, guiding you through the relevant processes and policies.

If you're a new user needing access to HARP services, follow the instructions under the "New User Access to HARP" tab above.
If you're an existing CMS system user (e.g., CMS staff or contractors) and are making changes to your HARP access, follow the relevant guidance under the FAQ section.

CCSQ Support Contractor Users

Please note that, in accordance with Homeland Security Presidential Directive 12 (HSPD-12), CMS/CCSQ support contractors must complete a background check to access HARP services. To comply with CMS policy and HSPD-12, CCSQ support contractors should follow the procedures outlined under the "New User Access to HARP" tab, based on their user type and access requirements.

System Use Terms and Conditions

Access to HARP and integrated systems is governed by the HHS System Use Terms and Conditions. You can review these terms on the HARP Terms of Use page.

HARP System Users

HARP supports three user groups. Your access to HARP and its supported systems depends on your user group and the systems you're pre-authorized to access. For instructions on requesting system access and setting up your HARP account, click the tab below that corresponds to your user group. If you're unsure which group you belong to, refer to the User Group Detail tab for more information.


Use the instructions on the Partners HARP ID tab if you need to access CCSQ systems for reporting purposes and you are not employed by CMS or a vendor supporting a CCSQ contract.  Partners include medical professionals, clinicians, other federal agency staff, and hospital representatives responsible for accessing CCSQ systems for reporting and data management purposes. 

Use the instructions on the CMS Staff HARP ID tab if you need to access CCSQ systems as part of your official duties as a CMS employee. 

Use the instructions on the Contractor HARP ID tab if you need to access CCSQ systems in support of your responsibilities under a CMS/CCSQ contract.

As an external partner needing access to CCSQ systems, you should follow the steps below to create your HARP ID and request access to CCSQ services.  When requesting access to HARP, you are required to complete Identity Proofing (I am who I say I am) to ensure the security and accuracy of CMS systems and data, and your access request must be approved by your organization's security officer before your access will be approved.

Step 1: Create your HARP user account

  1. To create your HARP account, navigate to the HARP portal by clicking on the following link:  https://harp.cms.gov/register
  2. Click on the "Sign Up" link at the bottom of the login page.
  3. Follow the prompts to enter your profile information and click Next to start the Remote Identity Proofing (RIDP) process.  
  4. Once you have passed RIDP, you will be prompted to choose a user ID, set up a password, set up your challenge question and response, and click Next. 
  5. Your HARP user account has been set up.


Note:  If the user fails remote identity proofing, they can take the following steps:

If remote identity proofing fails for you, please follow the guidance below:

  1. You can retry remote proofing (up to three times) by returning to the Profile Information screen and selecting Retry Remote Proofing.
    1. Enter the last four digits of your SSN and date of birth or the Request Reference Number (provided when RIDP fails), which will repopulate the profile information for you. 
    2. Correct any information that is wrong and resubmit your profile for proofing.
  2. You can call Experian to verify your identity over the phone. 
    1. If Experian passes you over the phone, Experian will provide a reference number which you can enter into the HARP account creation screen by selecting Enter Reference Number
  3. If, after these attempts, remote identity proofing still fails, or you do not wish to provide your SSN, you can select the Initiate Manual Proofing link at the bottom of the Profile Information page during registration. 
    1. Please note that manual proofing may delay the registration process. 
    2. For any questions related to manual proofing, contact the Identity Access Management (IAM) team, Monday-Friday 7am-7pm CST by phone 1-888-599-0426 or email identityproofing@cms.hhs.gov for manual proofing questions or watch the Manual Proofing Tutorial video on the HARP Role Request tab on this Confluence Page for more guidance.
Step 2: Request your HARP Roles (access)
  1. To request access to approved applications within HARP, navigate to the HARP login page:  https://harp.cms.gov/login/login 
  2. Enter your user ID and password into the log in screen and click Next.  
    1. If you have not already set up your multi-factor authentication (MFA), select Manage Two-Factor Devices to set up your MFA factors.
    2. For security reasons, all HARP accounts are required to have at least one additional multi-factor authentication (MFA) type such as email or text authentication. 
  3. Click Request a Role in the User Roles section of the HARP home screen.
    1. Select the Program you are requesting access to (this is the application or portal you need access to), click Next.
    2. Select the Organization you are affiliated with (this is the organization you are working for or for which you are reporting data), click Next.
    3. Select the Role you need (this is the level of access you are requesting), click Next
  4. Role requests (access to systems) are authorized by the Provider Organization point of contact for your company. 
    1. Once you have requested a role, that request will be sent to your company's designated security official for approval or denial.  
    2. If approved, you will receive an email confirming your access, and you can now access the requested application.

Note:  For information on how to select roles in HARP, you can navigate to the HARP Role Request tab on this Confluence Page for additional guidance.

As CMS staff needing access to CCSQ systems, you should follow the steps below to activate your EUA ID in HARP and request access to CCSQ services.  Your access request must be approved by the CMS security officer in HARP before your access will be approved.

Step 1: Activate your EUA ID in HARP

  1. Navigate to HARP using this link:  https://harp.cms.gov/register
  2. Enter your EUA user ID in the User ID field
  3. Enter your EUA password in the Password field
  4. Click the Login button.
  5. This will activate your EUA ID in HARP, and you can now request roles.

Note: You cannot use your PIV card to activate your account in HARP.  Once you have completed your account activation, you can use your PIV to log into HARP moving forward.

Step 2: Request your HARP Roles (access)
  1. To request access to approved applications within HARP, navigate to the HARP login page:  https://harp.cms.gov/login/login 
  2. Enter your user ID and password into the log in screen and click Next.  
    1. If you have not already set up your multi-factor authentication (MFA), select Manage Two-Factor Devices to set up your MFA factors.
    2. For security reasons, all HARP accounts are required to have at least one additional multi-factor authentication (MFA) type such as email or text authentication. 
  3. Click Request a Role in the User Roles section of the HARP home screen.
    1. Select the Program you are requesting access to (this is the application or portal you need access to), click Next.
    2. Select the Organization you are affiliated with (in most cases, the organization for CMS staff will be CMS Federal), click Next.
    3. Select the Role you need (this is the level of access you are requesting), click Next
  4. Role requests (access to systems) are authorized by the  designated CMS security official in HARP. 
    1. Once you have requested a role, that request will be sent to your designated security official for approval or denial.  
    2. If approved, you will receive an email confirming your access, and you can now access the requested application.

Note:  For information on how to select roles in HARP, you can navigate to the HARP Role Request tab on this Confluence Page for additional guidance.

THIS PAGE UNDER DEVELOPMENT 

As a contractor needing to access CCSQ systems, you will need EITHER an EUA ID OR a HARP ID.  Either ID can be used in HARP, so which ID is right for you depends on the nature of your contract and your responsibilities under that contract. You should NEVER request both types of IDs unless specifically instructed to do so.  

To determine which ID you need, please coordinate with your contract point of contact (CTR POC) or with your CMS-appointed COR. 

When requesting access to HARP, you are required to initiate a background check (I am a trusted system user) and complete Identity Proofing (I am who I say I am) to ensure the security and accuracy of CMS systems and data. Additionally, all access requests must be approved by your organization's security officer before you will be authorized to use any CMS service.

  • CMS contractors who DO NOT require an EUA ID should use the HARP ID instructions below. 
  • CMS contractors who DO require an EUA ID should use the EUA ID instructions below. 


CCSQ Contractors - HARP ID

Step 1: Complete your Security Awareness Training
  1. CCSQ Contract users must complete required training during onboarding and before accessing CMS systems.  
  2. Click on Training and Awareness tab on the Security Confluence Page for links to required training. 
  3. Complete the Security Awareness Training
    1. You are required to retain a digital copy of the training certificate as proof of completion.
    2. You are required to complete Security Awareness Training every year in order to maintain your access to CMS systems.
Step 2: Create your HARP user account
  1. To create your HARP account, navigate to the HARP portal by clicking on the following link:  https://harp.cms.gov/register
  2. Click on the "Sign Up" link at the bottom of the login page.
  3. Follow the prompts to enter your profile information and click Next to start the Remote Identity Proofing (RIDP) process.  
  4. Once you have passed RIDP, you will be prompted to choose a user ID, set up a password, set up your challenge question and response, and click Next. 
  5. Your HARP user account has been set up.
  6. DO NOT request any roles in HARP until you have initiated your background investigation (step 3 below)!


Note:  If the user fails remote identity proofing, they can take the following steps:

If remote identity proofing fails for you, please follow the guidance below:

  1. You can retry remote proofing (up to three times) by returning to the Profile Information screen and selecting Retry Remote Proofing.
    1. Enter the last four digits of your SSN and date of birth or the Request Reference Number (provided when RIDP fails), which will repopulate the profile information for you. 
    2. Correct any information that is wrong and resubmit your profile for proofing.
  2. You can call Experian to verify your identity over the phone. 
    1. If Experian passes you over the phone, Experian will provide a reference number which you can enter into the HARP account creation screen by selecting Enter Reference Number
  3. If, after these attempts, remote identity proofing still fails, or you do not wish to provide your SSN, you can select the Initiate Manual Proofing link at the bottom of the Profile Information page during registration. 
    1. Please note that manual proofing may delay the registration process. 
    2. For any questions related to manual proofing, contact the Identity Access Management (IAM) team, Monday-Friday 7am-7pm CST by phone 1-888-599-0426 or email identityproofing@cms.hhs.gov for manual proofing questions or watch the Manual Proofing Tutorial video on the HARP Role Request tab on this Confluence Page for more guidance.
Step 3: Initiate your background investigation
  1. Gather digital copies of the following information;
    1. Completed Form OF-306 pdf, and
    2. A copy of your current resume, and
    3. Proof you have completed the required PIV training.
  2. Once you have gathered the required documents (above), navigate to the CMS Identity and Credentialing Tool (ICT) https://eua.cms.gov/efi/signin.
  3. Enter your HARP Credentials in the CMS Credentials section of the log-in screen.
    1. Read and click Agree to the system use warning dialog box that pops up.
    2. This will create your ICT user account and link your HARP and ICT accounts together
  4.  Click the Access dropdown in the banner in the header of the screen and select New User Request to open the access request form.
    1. USER DETAILS: In the User Details section of the ICT registration screen, enter the following information:
      1. Category = Contractor (this will open the User Type field)
      2. Type = Background Check Only (this will open the Identity Management Systems field)
      3. Identity Management Systems = HARP
      4. PIV = select the option according to guidance from your CMS COR/CTR POC
      5. Request Justification = type Fulfill contractual duties (OR follow the guidance provided by the CMS COR responsible for your contract)
    2. Complete the remaining sections of the access request screen, uploading your saved documents where prompted., click Submit Request.
  5. Once the request is submitted, it will be reviewed by your company's Contract Point of Contact (CTR POC) for approval and the Badging Office will start your background investigation.
    1. Per HSPD-12, all CMS contractors must successfully pass a background investigation to obtain and maintain access to CMS systems and facilities,
  6. You can now log into your HARP account, set up your multi-factor authorization factors (MFA) if you have not already done so, and request roles as appropriate for your contractual responsibilities.
Step 4: Request your HARP Roles (access)
  1. To request access to approved applications within HARP, navigate to the HARP login page:  https://harp.cms.gov/login/login 
  2. Enter your user ID and password into the log in screen and click Next.  
    1. If you have not already set up your multi-factor authentication (MFA), select Manage Two-Factor Devices to set up your MFA factors.
    2. For security reasons, all HARP accounts are required to have at least one additional multi-factor authentication (MFA) type such as email or text authentication. 
  3. Click Request a Role in the User Roles section of the HARP home screen.
    1. Select the Program you are requesting access to (this is the application or portal you need access to), click Next.
    2. Select the Organization you are affiliated with (this is the organization you are working for OR, if you are part of a sub contract, the organization that holds the CCSQ contract), click Next.
    3. Select the Role you need (this is the level of access you are requesting), click Next
  4. Role requests (access to systems) are authorized by the designated security official for your contract. 
    1. Once you have requested a role, that request will be sent to your designated security official for approval or denial.  
    2. If approved, you will receive an email confirming your access, and you can now access the requested application.

Note:  For information on how to select roles in HARP, you can navigate to the HARP Role Request tab on this Confluence Page for additional guidance.

CCSQ Contractors - EUA ID

Step 1: Request your EUA ID & initiate your background investigation
  1. Gather digital copies of the following information;
    1. Completed Form OF-306 pdf, and
    2. A copy of your current resume, and
    3. Proof you have completed the required PIV training.
  2. Once you have gathered the required documents (above), navigate to the CMS Identity and Credentialing Tool (ICT) https://eua.cms.gov/efi/signin.
  3. Select Register under the ICT Credentials section of the login screen.
  4. Follow the prompts to create your ICT user account and open the Access Request screen for editing.
    1. USER DETAILS: In the User Details section of the ICT registration screen, enter the following information:
      1. Category = Contractor
      2. Type = IT Dev & Support Contractors (OR follow the guidance provided by the CMS COR responsible for your contract)
      3. Identity Management Systems = HARP
      4. Request Justification = Fulfill contractual duties (OR follow the guidance provided by the CMS COR responsible for your contract)
    2. Complete the remaining sections of the access request screen, uploading your saved documents where prompted., click Submit Request.
  5. Once the request is submitted, it will be reviewed by your company's Contract Point of Contact (CTR POC) for approval.
Step 2: Complete your Security Awareness Training & update your EUA ID password
  1. CMS will issue you an EUA ID and a temporary password.
    1. You will receive an email instructing you to log into EUA and change your password.
    2. You must log in and change your password within three days or your EUA ID will be disabled.
  2. You will be advised to complete Security Awareness Training
    1. You will receive an email with instructions how to access the Security Awareness Training.
    2. You must log in and complete your training within three days or your EUA ID will be disabled.
    3. You are required to retain a digital copy of the training as proof of completion.
  3. The Badging Office will start your background investigation.
    1. Per HSPD-12, all CMS contractors must successfully pass a background investigation to obtain and maintain access to CMS systems and facilities,
Step 3: Activate your EUA ID in HARP
  1. Navigate to HARP using this link:  https://harp.cms.gov/register
  2. Enter your EUA user ID in the User ID field
  3. Enter your EUA password in the Password field
  4. Click the Login button.
  5. This will activate your EUA ID in HARP, and you can now request roles.

Note: You cannot use your PIV card to activate your account in HARP.  Once you have completed your account activation, you can use your PIV to log into HARP moving forward.

Important Note:  CMS requires EUA credential holders to actively use their EUA credentials in EUA-provisioned services (e.g. CMS Outlook or EUA site.)  If the user has obtained an EUA ID and are ONLY using it to access HARP-provisioned services, they MUST log into EUA at least 1x a month to keep their account active.  If an EUA credential is deactivated because of inactivity, the user will need to create a new user ID and re-request roles under the new credentials.  Losing their ID due to inactivity may also impact the progression of their background check as well, so it is vitally important that the user be advised to maintain their EUA ID properly.  If a user who initiated their background check by getting an EUA ID, then loses that ID, you will need to confirm what status that user was in with regards to their background check AND whether the user should re-obtain an EUA ID OR if the user doesn't need an EUA ID.  At that point, the user can follow either the HARP Only ID process OR the EUA ID process to obtain their new ID and initiate their background check - if needed.

Step 4: Request your HARP Roles (access)
  1. To request access to approved applications within HARP, navigate to the HARP login page:  https://harp.cms.gov/login/login 
  2. Enter your user ID and password into the log in screen and click Next.  
    1. If you have not already set up your multi-factor authentication (MFA), select Manage Two-Factor Devices to set up your MFA factors.
    2. For security reasons, all HARP accounts are required to have at least one additional multi-factor authentication (MFA) type such as email or text authentication. 
  3. Click Request a Role in the User Roles section of the HARP home screen.
    1. Select the Program you are requesting access to (this is the application or portal you need access to), click Next.
    2. Select the Organization you are affiliated with (this is the organization you are working for OR, if you are part of a sub contract, the organization that holds the CCSQ contract), click Next.
    3. Select the Role you need (this is the level of access you are requesting), click Next
  4. Role requests (access to systems) are authorized by the designated security official for your contract. 
    1. Once you have requested a role, that request will be sent to your designated security official for approval or denial.  
    2. If approved, you will receive an email confirming your access, and you can now access the requested application.

Note:  For information on how to select roles in HARP, you can navigate to the HARP Role Request tab on this Confluence Page for additional guidance.

CMS requires EUA credential holders to actively use their credentials. Inactive EUA credentials will be disabled after 30 days. Using your EUA ID in HARP services alone WILL NOT not keep it active. To maintain your EUA ID, log into EUA or another EUA-provisioned service (e.g., CMS Outlook) at least once a month. EUA services typically require job codes, which are managed in EUA.

If your EUA ID is deactivated due to inactivity:

  • Your background check may be affected.
  • You’ll need to create a new user ID and re-request roles under the new credentials.

If deactivated, notify your Contract Point of Contact (CTR POC) and CMS COR immediately. They will assess the impact on your background check and advise whether to request a new EUA or HARP ID. In either case, you’ll need to set up new credentials and CMS access.




HARP Role Request


With some exceptions, as a HARP user, you can request access to HARP services using the Role Request feature from the home screen of your user dashboard.  The services and roles that are available to you as a HARP user depend on what type of user you are (CCSQ support contractor/ CMS employee/external user) and what services have been authorized for your organization.  

To request a role in HARP, follow the steps outlined below: 

If your application uses HARP for role requests, do the following:

Step 1: Log into HARP – you will land on your user dashboard. From there, select User Roles.

Step 2: Select Request a Role.

Step 3: Select the desired Program (HARP Service) and select Next.

Step 4: Select your Organization (your contract name, CMS federal employee, etc.) and select Next.

Step 5: Select the desired User Role and select Submit.

Step 6: Enter your request reason, including relevant information like your job title, company name, etc. and select Submit.  Your role request will be sent to the Security Officer that is responsible for approving access for your organization.

Step 7: The Security Official responsible for approving access for your organization will receive a notification of your request.  You will be notified via email when your role request has been approved or rejected.

HARP User Account Management

HARP has built-in self-service functionality enabling users to reset passwords, retrieve forgotten passwords, manage their HARP user profile, and set or add multifactor authentication (MFA) factors for user authentication.

Harp-Issued user IDs:

These self-service features are available to all users leveraging a HARP-issued user ID and are outlined in detail below.  If the self-service functionality does not resolve the user issue, users can contact the CCSQ Service Center for assistance. 

EUA-Issued user IDs:

Users leveraging their EUA-issued ID in HARP cannot reset their password or update their profile information in HARP.  EUA ID users who need assistance with lost passwords, locked accounts, etc. should contact the CMS IT Service Desk or utilize the update profile/MFA feature in the EUA system.  

HARP Inactivity

HARP accounts are deactivated after two years of account inactivity.  If an account is deactivated due to inactivity, it cannot be recovered.  However, you may use our registration portal to create a new account.  Although you can re-register in HARP using the same email address, you will have to select a new user ID.  Your previous roles will not be available and will need to be requested again.  Please ensure you log into your account periodically to avoid account deactivation.

Instructions for creating a new HARP user account can be found on the Getting Started tab above.

Account Suspension

HARP accounts are suspended if a user fails multi-factor authentication three times or more.  If an account is suspended, contact the CCSQ Service Center for assistance.


Account Management User Guides

Use the following guides to troubleshoot user account issues.

Forgot your User ID

Step 1: Go to HARP and select Having trouble logging in?

Step 2: Select Forgot User ID or Password.

Step 3: Enter your email address and select Send Email.

Step 4: You will receive an email containing your user ID. You can ignore the Reset Password button if you don’t need to reset your password.

Forgot your Password

Step 1: Go to HARP and select Having trouble logging in?

Step 2: Select Forgot User ID or Password.

Step 3: Enter your email address and select Send Email.

Step 4: You will receive an email containing your user ID and a button to reset your password.

Step 5: Select Reset Password (you will be prompted to answer your challenge question).

Step 6: Enter your challenge question answer and select Next.

If you forgot your challenge question answer, follow the instructions for Forgot your Password and Challenge Question (Full Account Recovery).

Step 7: Enter your new password and confirm your new password, then select Reset Password.

Step 8: You should now be able to log in with your user ID and new password.

Forgot your Password and Challenge Question (Full Account Recovery)

Step 1: Go to HARP and select Having trouble logging in?

Step 2: Select Full Account Recovery.

Step 3: Enter your Email Address, First Name, Last Name, and Date of Birth, and select Send Email.

Step 4: You will receive an email that contains your user ID and a button to recover your account.

Step 5: Select Recover Account.

Step 6: You will be prompted to establish a challenge question and answer.

Step 7: Once you have chosen your challenge question and provided an answer, select Reset Challenge Question.

Step 8: Enter and confirm your new password and select Reset Password.

Step 9: You should now be able to log in with your user ID and new password.

Following Account Deactivation

Step 1: Reregister by going to https://harp.cms.gov/register.

Step 2: Enter your profile information (you may use the same personal and corporate email addresses as your deactivated account) and select Next.

Step 3: Choose a different user ID from your deactivated account, enter your password and challenge question, and select Next.

Step 3a: If your profile information fails to verify your identity, you have two options:

  • If you think you know what you entered incorrectly, you can retry remote proofing by returning to the Profile Information screen and selecting Retry Remote Proofing. Entering the last four digits of your SSN and date of birth or your Reference Number will pre-populate the Profile Information fields.
  • Call Experian to verify your identity over the phone and then enter your reference number on the Profile Information screen by selecting Enter Reference Number. This will pre-populate the Profile Information fields.

Step 4: Your new account has been created and you will receive a confirmation email.

Step 5: Select Login to Complete Setup to log into HARP and set up two-factor authentication. Once you have set up two-factor authentication, feel free to log into your respective CMS application. Follow your application’s instructions for how to request a role as all roles associated with your deactivated account will have been removed.

Edit Profile Information

Step 1: Log into HARP – you will land on your user dashboard.

Step 2: To edit your Profile Information, select View/Edit Profile Information.

Step 3: Select the Edit button and modify your information, such as Email Address, Home Address, etc.

Note: You cannot update your First Name, Last Name, or Date of Birth in your User Profile. Call your application’s help desk if you need to update these fields.

Step 4: To allow the HARP team to reach out to you for user feedback, select the checkbox to opt into user feedback sessions.

Step 5: Select Save to save your changes.

Change Password

Step 1: Log into HARP – you will land on your user dashboard.

Step 2: To change your password, select Change Password.

Step 3: Enter your Old Password, New Password, and Confirm New Password.

Step 4: Select Save to change your password.

Update Challenge Question

Step 1: Log into HARP – you will land on your user dashboard.

Step 2: To update your challenge question, select Update Challenge Question.

Step 3: Enter your Password, select a new Challenge Question, and enter your Challenge Question Answer.

Step 4: Select Save to update your challenge question.

Manage Two-Factor Authentication

Step 1: Log into HARP – you will land on your user dashboard.

Step 2: To update your challenge question, select Manage Two-Factor Devices – you will see a list of your existing two-factor authentication devices.

Step 3: To add a new two-factor authentication device, select the Device Type, follow the instructions, and select Send Code.

Step 4: Enter the security code to verify the device and select Submit.

Step 5: To remove a device, select the associated Remove link for the device you would like to remove.

Step 6: Verify you want to remove the device and select Remove – the device will be removed from your list of two-factor authentication devices. 



Security Officials in HARP

Each organization needs to designate at least two Security Officials (SO) who will be responsible for approving access to HARP services for individuals within their organization.  These individuals will typically be designated at the time your organization is onboarded to CCSQ Services.  Thereafter, these individuals can be changed and more Security Officials can be added to help manage your organization's user population in HARP. 

Security Officials serve a critical role in helping to secure HARP services.  They are responsible for approving access for their organization's users and removing access from individuals within their organization who have left or who no longer need access to an assigned service.  Use the guides below to request assignment as your organization's Security Official and for information on navigating your SO role.  

For more information about the onboarding process and how organizations are granted access to CCSQ Services, use this Access to Services link.

Security Official User Guides

Use the following guides to learn more about becoming and serving as a Security Official for your organization

Requesting the Security Official (SO) Role in HARP

Step 1: Log into HARP – you will land on your user dashboard. From there, select User Roles.

Step 2: Select Request a Role.

Step 3: Select the desired Program and select Next.

Step 4: Select your Organization and select Next.

Step 5: Select the Security Official role and select Submit.

Step 6: You will be notified via email when your role has been approved or rejected by an existing SO.

 Approving User Roles in HARP

Step 1: Log into HARP – you will land on your user dashboard. From there, select Security Official.

Step 2: You will land on the Role Requests screen and see a list of pending role requests.

Step 3: Select the checkbox for one or many requests.

Step 4: Select Approve or Reject.

Step 5: An email will be sent to the requester notifying them of approval or rejection.

Removing User Roles in HARP

Step 1: Log into HARP – you will land on your user dashboard. From there, select Security Official.

Step 2: Select User Lookup in the left navigation.

Step 3: Choose your Program and Organization.

Step 4: Use the search bar to search for users by first name, last name, email, or user ID.

Step 5: Select a user's name to see their User Roles and Profile Information.

Step 6: Select the Remove link for the User Role you would like to remove.

Step 7: Confirm the removal.

Step 8: The user's role will be removed from the list of User Roles.

Viewing Request History in HARP

Step 1: Log into HARP – you will land on your user dashboard. From there, select Security Official.

Step 2: Select Request History in the left navigation.

Step 3: Optionally, use the search bar to search for a previous request by name or request ID.

Step 4: Select View per request to see the request details, including completion date, organization, role, and whether the request was approved or rejected.


Frequently Asked Questions (FAQ)

User IDs must be between 6-100 characters and unique (cannot already be taken by another user).

Passwords must be a minimum of 12 characters and include a lowercase letter, uppercase letter, number (0-9), and symbol (!@#$%^*). They cannot contain first name, last name, or part of user ID.

HARP is a secure identity management portal and asks for personal information to verify the user's identity. HARP uses Experian to remotely proof users by taking user-entered data, such as date of birth and social security number (SSN), to generate a list of personal questions for the user to answer to verify his/her identity.

  • RIDP is the process of validating sufficient information that uniquely identifies you (e.g., credit history, personal demographic information, and other indicators). This method is used for verifying the identity of a user as opposed to manual proofing or in-person proofing. If you are requesting electronic access to protected CMS information or systems, you must be identity proofed to gain access.
  • CMS uses the Experian identity verification system to remotely perform identity proofing. Experian is used by CMS to confirm your identity when you need to access a protected CMS Application.
  • You may have already encountered RIDP through various interactions with banking systems, credit reporting agencies, and shipping companies.
  • When you log in to HARP, you will have the option to RIDP. You will be asked to provide a set of core credentials which include:
    • Full Legal Name, Social Security Number, Date of Birth, Current Residential Address
  • Experian will use your core credentials to locate your personal information in Experian and generate a set of questions. Experian will attempt to verify your identity to the appropriate level of assurance with the information you provided. Most users can complete the ID proofing process in less than five minutes. If you encounter problems with RIDP, you will be asked to contact Experian Support Services via telephone at (866) 578-5409 to resolve any issues.

If you cannot identity proof online, you will be asked to contact the Experian Verification Support Services Help Desk at (866) 578-5409. The system will provide you with a Reference Number to track your case. For security purposes, the Experian Help Desk cannot assist you if you do not have the reference number.

Account passwords are required to be reset after 60 days of inactivity. Please remember to log in within this period to avoid password expiration.

If your account has been deactivated, it cannot be recovered. However, you may use our registration portal to create a new account. Although you may re-register using the same email address, you will have to select a new user ID. Your previous roles will not be available and will need to be requested again.

Accounts are required to be deactivated after 2 years of inactivity. Once an account is deactivated due to inactivity, it cannot be recovered. If you encounter difficulty logging in and wish to access your account before deactivation, utilize the built-in self-service functions to recover your User ID or password. Note: these recovery methods are available only for active accounts.


If you are using an EUA-issued ID to access HARP-provisioned services, then you will need to coordinate with the COR managing your new contract.  If your employer is changing, you may be required to create a new EUA ID and request access under your new contract.  If your employer is staying the same, you may be able to work with the COR to reassign your EUA ID to your new contract.  Either way, you will need to ensure that your EUA ID profile reflects your current contact information, and you will need to request HARP roles under your new contract.

If you are using a HARP-issued ID to access HARP-provisioned services, then you will need to ensure that your HARP ID is still active, and you will need to request HARP roles under your new contract.

For more questions, visit the full FAQ on the HARP Help page

Need Help ?

If you have any issues with registering for HARP or other account-related issues, please contact your Help Desk

For additional information related to HARP, please see the following resources:


Important Note for EUA ID Holders

Users with EUA IDs MUST log into the EUA portal at idm.cms.gov OR log into an EUA-provisioned service (such as CMS Outlook) to ensure your EUA ID is not deactivated. 

Using your EUA ID in HARP will NOT maintain your EUA ID.  If your EUA ID is deactivated, your EUA ID cannot be recovered.  You will need to set up a new ID, re-request all required system access, and you MAY be required to submit another request for a background check (check with your COR whether you need to re-request your background check.) 





  • No labels