QualityNet IT Services


CMS Center for Clinical Standards and Quality (CCSQ) System Management

HCQIS Access Roles and Profile (HARP) is a secure identity management portal provided by the Centers for Medicare and Medicaid Services (CMS). Creating an account via HARP provides users with a user ID and password that can be used to sign into many CMS applications. It also provides a single location for users to modify their user profile, change their password, update their challenge question, and add and remove two-factor authentication devices.


New and returning HARP users should follow the process outlined in the Getting Started tab on this page to ensure they are complying with CMS system access policies.


HARP Email Notifications

CCSQ system developers and oversight teams may want to stay up to date on the latest HARP news, outage, release and maintenance information.  Follow the steps below to sign up for HARP ListServ information.

To receive notifications with news, release and maintenance information, sign up for the HARP ListServ. Users can be request to be added to our subscriber list by clicking on the link and following the instructions below:

ListServ Sign-up


For information regarding HARP releases, upgrades, outages and general announcements

  1. On the page select the Public Lists tab
  2. Enter your name and email
  3. Select the checkbox next to HARP Notify: HCQIS Access Roles and Profile (HARP) Notifications
  4. Click Submit

For news and information for development teams integrating with HARP

  1. On the page select the Private Lists tab
  2. Enter your name and email
  3. Select the checkbox next to HARP IntDev: HCQIS Access Roles and Profile (HARP) Integrated Development Notifications
  4. Click Submit

Creating a HARP Account

All Harp Users

HARP is integrated with and provides access to multiple applications for users needing access to CMS CCSQ services.  The services and roles that are available to you as a HARP user depend on what type of user you are and what access your organization has been approved to use.  CCSQ support contractors, CMS employees and external user organizations all have different access requirements.  The following information aligns your user type with your access requirements and is intended to help you navigate the access requirements, policies and procedures.

CMS policy and NIST guidelines require that all users requesting a HARP ID must complete identity proofing (I am who I say I am.)  You can learn more about the identity proofing policy policy by clicking on the FAQ tab above.

CCSQ Support Contractor Users

Please note that, per Homeland Security Presidential Directive 12 (HSPD-12), CMS/CCSQ support contractors are required to initiate a background check to access HARP services.  To ensure compliance with CMS policy and HSPD-12, CCSQ support contractors must follow the procedures outlined below based on your user type and access requirements.

User Access Matrix

Users needing access to HARP services can use the matrix below to identify the scenario that best fits their situation and access requirements and follow the directions provided.  As always, CCSQ support contractors should coordinate with their organizational point of contact and CMS COR for the contract they are supporting for final guidance and direction.


I am ...I need ONLY a HARP IDI need BOTH HARP and EUA IDs
CMS employeeFollow Scenario #1Follow Scenario #1

Provider/external user, AND

  • I DO NOT have an active HARP ID.
Follow Scenario #2Provider/external users cannot obtain EUA IDs.

A New or Returning CMS/CCSQ Support Contractor, AND

  • I DO NOT have any active CMS (HARP or EUA) IDs.
Follow Scenario #3Follow Scenario #4

A CMS/CCSQ Support Contractor moving from one CMS contract to another, AND

  • My employer HAS NOT changed, and
  • I have an Active HARP account, and
  • I DO NOT have an active EUA account.
Follow Scenario #5Follow Scenario #6

A CMS/CCSQ Support Contractor moving from one CMS contract to another, AND

  • My employer HAS NOT changed, and
  • I have an Active HARP account, and
  • I have an Active EUA account.
Follow Scenario #5Follow Scenario #7

A CMS/CCSQ Support Contractor AND

  • My Employer has changed, and
  • I have an Active HARP account.
Follow Scenario #8Follow Scenario #9

Scenario #1: I am a CMS employee, and I already have an EIDM or EUA ID.

If you are a CMS employee, you will have been issued an EUA ID when onboarding. Use the following steps to activate your EUA ID in HARP.


Activate your EUA ID in HARP

  1. Log into HARP using your EIDM or EUA credentials to migrate your EIDM/EUA account to HARP via the steps below.
  2. Navigate to the HARP portal by clicking on the following link:  https://harp.cms.gov/
  3. Enter your EIDM or EUA User ID and Password to activate your EIDM/EUA ID in HARP and begin using it.
  4. Select Login and click on the Request Roles button to request access to approved CCSQ systems.
  5. If you have an EIDM or EUA account, but you experience issues following the above steps, please contact the QualityNet Help Desk at 1-866-288-8912.

Scenario #2: I am a provider/external user. I do not have a HARP account, and I need access to an approved HARP service.

All external users should follow this process to register for HARP access and request access to approved services.

Create your HARP account & request user roles

  1. Navigate to the HARP portal by clicking on the following link:  https://harp.cms.gov/register
  2. All HARP users must successfully verify their identity through identity proofing (I am who I say I am.)  Enter your profile information and click Next to start the remote identity proofing process. 
  3. If your profile information fails to verify your identity, you have three options:
    1. If you know that you entered incorrect information, you can retry remote proofing by returning to the Profile Information screen and selecting Retry Remote Proofing. Enter the last four digits of your SSN and date of birth or your request Reference Number, which will repopulate the profile information for you to correct.
    2. Call Experian to verify your identity over the phone and then enter your reference number on the Profile Information screen by selecting Enter Reference Number
    3. If remote identity proofing failed or you do not wish to provide your SSN, a manual proofing option is available. Please note that manual proofing may delay the registration process.  For any questions related to manual proofing, contact the Identity Access Management (IAM) team, Monday-Friday 7am-7pm CST by phone 1-888-599-0426 or email identityproofing@cms.hhs.gov for manual proofing questions or watch the Manual Proofing Tutorial video below.
  4. Choose your user ID, password, and challenge question and click Next. Note:  You will not be able to change your user ID after registration.
  5. Your account has been created, and you will receive a confirmation email.
  6. For security reasons, all HARP accounts are required to have multi-factor authentication (MFA). To set up your authentication factors, select Login to Complete Setup to log into HARP and set up two-factor authentication. 
  7. Once you have set up your multi-factor authentication, feel free to log into your HARP account and request roles as appropriate for your responsibilities.
  8. For information on how to request roles in HARP, go to the HARP Role Request tab.

Note:  The profile information will be used to verify your identity.  Users will not be granted access to HARP without first going through identity proofing.  


CONGRATULATIONS! You’re done! You are now registered with HARP

Scenario #3: I am a new or returning CCSQ support contractor. I do not have any active CMS IDs, and I ONLY need a HARP ID.

All CCSQ support contractors requiring access to HARP-provisioned services who DO NOT require an EUA ID should follow this process. As a CCSQ support contractor, you are required to go through the background check process prior to requesting any roles within HARP.

Create your HARP account - do not request roles

  1. Navigate to the HARP portal by clicking on the following link:  https://harp.cms.gov/register
  2. All HARP users must successfully verify their identity through identity proofing (I am who I say I am.)  Enter your profile information and click Next to start the remote identity proofing process.  
  3. If your profile information fails to verify your identity, you have two options:
    1. If you know that you entered incorrect information, you can retry remote proofing by returning to the Profile Information screen and selecting Retry Remote Proofing. Enter the last four digits of your SSN and date of birth or your request Reference Number, which will repopulate the profile information for you to correct.
    2. Call Experian to verify your identity over the phone and then enter your reference number on the Profile Information screen by selecting Enter Reference Number
    3. If remote identity proofing failed or you do not wish to provide your SSN, a manual proofing option is available. Please note that manual proofing may delay the registration process.  For any questions related to manual proofing, contact the Identity Access Management (IAM) team, Monday-Friday 7am-7pm CST by phone 1-888-599-0426 or email identityproofing@cms.hhs.gov for manual proofing questions or watch the Manual Proofing Tutorial video below.
  4. Choose your user ID, password, and challenge question and click Next.  You will not be able to change your user ID after registration.
  5. Your account has been created, and you will receive a confirmation email.
  6. LOG OUT of HARP.  Do NOT request any roles in HARP until you have completed the background check request process below.

Start your background check process

  1. DIGITAL DOCUMENTS: Gather digital copies of the following information; 
    1. Completed Form OF-306 pdf,
    2. A copy of your current resume, and
    3. Proof you have completed the required PIV training 
  2. Once you have created your HARP account, navigate to ICT https://eua.cms.gov/efi/signin
  3. Enter your HARP credentials in the CMS Credentials section of the log-in screen. This will create your ICT user account and open the User Profile information.
  4. USER DETAILS: In the User Details section of the ICT registration screen, enter the following information:
    1. Category = Contractor
    2. Type = Background Check Only
    3. Identity Management Systems = HARP
    4. Request Justification = Fulfill contractual duties (or consult with your COR to identify a response that is more relevant to your contractual requirements)
  5. The Contractor Point of Contact (CTR POC), who is a representative from your company, will approve your application within ICT, which will:
    1. Initiate the background investigation, and
    2. Update your HARP account to reflect that you have initiated your background investigation.
  6. You can now log into your HARP account, set up your MFA, and request roles as appropriate for your responsibilities.

 Complete your HARP account setup and request roles

  1. Navigate to the HARP login page:  https://harp.cms.gov/login/login
  2. Enter your HARP credentials to log in and, if you have not already set up your MFA, select Manage Two-Factor Devices to set up additional MFA factors.
    1. For security reasons, all HARP accounts are required to have multi-factor authentication (MFA). T
  3. Once you have set up your multi-factor authentication, you can request roles as appropriate for your responsibilities.
  4. For information on how to request roles in HARP, go to the HARP Role Request tab.


CONGRATULATIONS! You’re done! You are now registered with HARP and have initiated your background check.

Scenario #4: I am a new or returning CCSQ support contractor. I do not have any active CMS IDs, and I need BOTH HARP and EUA IDs.

All CCSQ support contractors requiring access to HARP-provisioned services who require BOTH HARP and EUA IDs should follow this process. As a CCSQ support contractor, you are required to go through the background check process prior to requesting any roles within HARP.

Create your EUA ID and initiate your background check through ICT

  1. DIGITAL DOCUMENTS: Gather digital copies of the following information;
    1. Completed Form OF-306 pdf,
    2. A copy of your current resume, and
    3. Proof you have completed the required PIV training 
  2. Navigate to ICT https://eua.cms.gov/efi/signin
  3. Select Register and follow the prompts. This will create your ICT user account and open the User Profile information.
  4. USER DETAILS: In the User Details section of the ICT registration screen, enter the following information:
    1. Category = Contractor
    2. Type = IT Dev & Support Contractors (or consult with your COR to identify a selection that is more relevant to your contractual requirements)
    3. Request Justification = Fulfill contractual duties (or consult with your COR to identify a response that is more relevant to your contractual requirements)
  5. The Contractor Point of Contact (CTR POC), who is a representative from your company, will approve your application within ICT, which will:
    1. Initiate the background investigation, and
    2. Update your HARP account to reflect that you have initiated your background investigation.
    3. Send an automated email to you directing you to change your EUA password and take Security Awareness Training; both tasks MUST be completed within 3 days to ensure EUA user account status remains active.

 Complete your HARP account setup and request roles

  1. You can now log into your HARP account at https://harp.cms.gov/ using your EUA credentials. This will activate your EUA credential in HARP and allow you to use your EUA ID in HARP and EUA.
  2. For information on how to select roles in HARP, go to the HARP Role Request tab on this page.


Please Note:  CMS requires EUA credential holders to actively use their EUA credentials in EUA-provisioned services (e.g. CMS Outlook or EUA site.)  If you have an EUA ID and are ONLY using it to access HARP-provisioned services, you MUST log into EUA at least 1x a month to keep your account active.  If your EUA credential is deactivated because of inactivity, you will need to create a new EUA ID and re-request roles under the new credentials.  Losing your ID may also impact the progression of your background check as well.


CONGRATULATIONS! You’re done! 

Scenario #5: I am a CCSQ support contractor. My contract has changed but my employer has not. I have an active HARP ID. I do not need an EUA ID.

All active CCSQ support contractors who have moved from one CCSQ contract to another and who have an active HARP ID and do not require an EUA ID should follow this process. All CCSQ support contractors are required to go through the background check process.

Confirm your HARP credentials are active

  1. Using your existing HARP credentials, log into your HARP account: https://harp.cms.gov/
  2. Click User Profile in the upper right-hand corner.
  3. Review your profile information to ensure it is still accurate.
  4. If any of your profile information is inaccurate, click Edit to make updates and click Save when you are done.
  5. Review your user roles by clicking User Roles in the upper right-hand corner. When you left your prior contract, all roles should have been removed, so you should NOT see any active roles.
  6. LOG OUT of HARP.  Do NOT request any roles in HARP until you have completed the background check request process below.

Confirm your background check is active or initiate background check process

  1. Determine the status of your Background Check.
    1. Inactive or No Background Check:  If you have not requested a background check in the past OR your background check has lapsed (consult with your COR to determine the status of your background check) you will need to request a background check, GO TO Step 2 below.
    2. Active Background Check:  If you have an active background check (consult with your COR to determine the status of your background check), GO to Complete your HARP account setup and request roles below.
  2. Gather digital copies of the following information;
    1. Completed Form OF-306 pdf,
    2. A copy of your current resume, and
    3. Proof you have completed the required PIV training 
  3. Once you have created your HARP account, navigate to ICT https://eua.cms.gov/efi/signin
  4. Enter your HARP credentials in the CMS Credentials section of the log-in screen.  This will create your ICT user account and open the User Profile information.
  5. In the User Details section of the ICT registration screen, enter the following information:
    1. Category = Contractor
    2. Type = Background Check Only
    3. Identity Management Systems = HARP
    4. Request Justification = Fulfill contractual duties (or consult with your COR to identify a response that is more relevant to your contractual requirements)
  6. The Contractor Point of Contact (CTR POC), who is a representative from your company, will approve your application within ICT, which will:
    1. Initiate the background investigation, and
    2. Update your HARP account to reflect that you have initiated your background investigation.

Complete your HARP account setup and request roles

  1. Navigate to the HARP login page:  https://harp.cms.gov/
  2. Enter your HARP credentials to log in and, if you have not already set up your MFA, select Manage Two-Factor Devices to set up additional MFA factors.
    1. For security reasons, all HARP accounts are required to have multi-factor authentication (MFA). T
  3. Once you have set up your multi-factor authentication, you can request roles as appropriate for your responsibilities.
  4. For information on how to request roles in HARP, go to the HARP Role Request tab.


CONGRATULATIONS! You’re done! 

Scenario #6: I am a CCSQ support contractor. My contract has changed but my employer has not. I have an active HARP ID. I do not have but am required to obtain an active EUA ID.

All active CCSQ support contractors who have moved from one CCSQ contract to another and who have an active HARP ID and need to obtain an EUA ID should follow this process. All CCSQ support contractors are required to go through the background check process.

Confirm your HARP credentials are active

  1. Using your existing HARP credentials, log into your HARP account: https://harp.cms.gov/
  2. Click User Profile in the upper right-hand corner.
  3. Review your profile information to ensure it is still accurate.
  4. If any of your profile information is inaccurate, click Edit to make updates and click Save when you are done.
  5. Review your user roles by clicking User Roles in the upper right-hand corner. When you left your prior contract, all roles should have been removed, so you should NOT see any active roles.
  6. LOG OUT of HARP.  Do NOT request any roles in HARP until you have completed the background check request process below.

Create your EUA ID and initiate your background check

  1.  Gather digital copies of the following information;
    1. Completed Form OF-306 pdf,
    2. A copy of your current resume, and
    3. Proof you have completed the required PIV training 
  2. Once you have created your HARP account, navigate to ICT https://eua.cms.gov/efi/signin
  3. Enter your HARP credentials in the CMS Credentials section of the log-in screen. This will create your ICT user account and open the User Profile information.
  4. In the User Details section of the ICT registration screen, enter the following information:
    1. Category = Contractor
    2. Type = IT Dev & Support Contractors (or consult with your COR to identify a selection that is more relevant to your contractual requirements)
    3. Identity Management Systems = HARP
    4. Request Justification = Fulfill contractual duties (or consult with your COR to identify a response that is more relevant to your contractual requirements)
  5. The Contractor Point of Contact (CTR POC), who is a representative from your company, will approve your application within ICT, which will:
    1. Initiate the background investigation, and
    2. Update your HARP account to reflect that you have initiated your background investigation.

Complete your HARP account setup and request roles

  1. Navigate to the HARP login page:  https://harp.cms.gov/
  2. Enter your HARP credentials to log in and, if you have not already set up your MFA, select Manage Two-Factor Devices to set up additional MFA factors.
    1. For security reasons, all HARP accounts are required to have multi-factor authentication (MFA). T
  3. Once you have set up your multi-factor authentication, you can request roles as appropriate for your responsibilities.
  4. For information on how to request roles in HARP, go to the HARP Role Request tab.

Please Note:  CMS requires EUA credential holders to actively use their EUA credentials in EUA-provisioned services (e.g. CMS Outlook or EUA site.)  If you have an EUA ID and are ONLY using it to access HARP-provisioned services, you MUST log into EUA at least 1x a month to keep your account active.  If your EUA credential is deactivated because of inactivity, you will need to create a new EUA ID and re-request roles under the new credentials.  Losing your ID may also impact the progression of your background check as well.


CONGRATULATIONS! You’re done! 

Scenario #7: I am a CCSQ support contractor. My contract has changed but my employer has not. I have and need active IDs in BOTH HARP and EUA.

All active CCSQ support contractors who have moved from one CCSQ contract to another and who have active HARP AND EUA IDs should follow this process. All CCSQ support contractors are required to go through the background check process.

Confirm your HARP credentials are active

  1. Using your existing HARP credentials, log into your HARP account:  https://harp.cms.gov/
  2. Click User Profile in the upper right-hand corner.
  3. Review your profile information to ensure it is still accurate.
  4. If any of your profile information is inaccurate, click Edit to make updates and click Save when you are done.
  5. Review your user roles by clicking User Roles in the upper right-hand corner. When you left your prior contract, all roles should have been removed, so you should NOT see any active roles.
    1. If you do have active roles from your prior contract, coordinate with your COR, your contract SPOC and/or your contract SO to determine if you should remove and re-request needed access under your new contract.
  6. LOG OUT of HARP.  Do NOT request any roles in HARP until you have completed the background check request process below.

 Coordinate with your CMS COR to

  1. Determine which of the following scenarios best reflects your status:
    1. COR Directs you to Obtain a NEW EUA ID:  If your COR directs you to request a new EUA ID, GO TO Create your EUA ID and initiate your background check below
    2. COR Approves Using Existing EUA ID:  If your COR advises you that you can use your existing EUA ID, GO TO Complete your HARP account setup and request roles below

Create your EUA ID and initiate your background check

  1.  Gather digital copies of the following information;
    1. Completed Form OF-306 pdf,
    2. A copy of your current resume, and
    3. Proof you have completed the required PIV training 
  2. Once you have created your HARP account, navigate to ICT https://eua.cms.gov/efi/signin
  3. Enter your HARP credentials in the CMS Credentials section of the log-in screen. This will create your ICT user account and open the User Profile information.
  4. In the User Details section of the ICT registration screen, enter the following information:
    1. Category = Contractor
    2. Type = IT Dev & Support Contractors (or consult with your COR to identify a selection that is more relevant to your contractual requirements)
    3. Identity Management Systems = HARP
    4. Request Justification = Fulfill contractual duties (or consult with your COR to identify a response that is more relevant to your contractual requirements)
  5. The Contractor Point of Contact (CTR POC), who is a representative from your company, will approve your application within ICT, which will:
    1. Initiate the background investigation, and
    2. Update your HARP account to reflect that you have initiated your background investigation.

Complete your HARP account setup and request roles

  1. Navigate to the HARP login page:  https://harp.cms.gov/
  2. Enter your HARP credentials to log in and, if you have not already set up your MFA, select Manage Two-Factor Devices to set up additional MFA factors.
    1. For security reasons, all HARP accounts are required to have multi-factor authentication (MFA). T
  3. Once you have set up your multi-factor authentication, you can request roles as appropriate for your responsibilities.
  4. For information on how to request roles in HARP, go to the HARP Role Request tab.


Please Note:  CMS requires EUA credential holders to actively use their EUA credentials in EUA-provisioned services (e.g. CMS Outlook or EUA site.)  If you have an EUA ID and are ONLY using it to access HARP-provisioned services, you MUST log into EUA at least 1x a month to keep your account active.  If your EUA credential is deactivated because of inactivity, you will need to create a new EUA ID and re-request roles under the new credentials.  Losing your ID may also impact the progression of your background check as well.


CONGRATULATIONS! You’re done! 

Scenario #8: I am a CCSQ support contractor. My employer has changed. I have an active HARP ID. I do not have or need an active EUA ID.

All active CCSQ support contractors who have moved from one employer to another, regardless of whether their contract has changed, and who have an active HARP account should follow this process. All CCSQ support contractors are required to go through the background check process.

Confirm your HARP credentials are active 

  1. Using your existing HARP credentials, log into your HARP account:  https://harp.cms.gov/
    1. If you find that your HARP credential is no longer active - STOP.  Go back to the User Matrix above and follow the New/Returning CCSQ support contractor selection.
  2. Click User Profile in the upper right-hand corner.
  3. Review your profile information to ensure it is still accurate.
  4. If any of your profile information is inaccurate, click Edit to make updates and click Save when you are done.
  5. Review your user roles by clicking User Roles in the upper right-hand corner. When you left your prior contract, all roles should have been removed, so you should NOT see any active roles.
  6. LOG OUT of HARP.  Do NOT request any roles in HARP until you have completed the background check request process below.

Initiate your background check

  1.  Gather digital copies of the following information;
    1. Completed Form OF-306 pdf,
    2. A copy of your current resume, and
    3. Proof you have completed the required PIV training 
  2. Once you have created your HARP account, navigate to ICT https://eua.cms.gov/efi/signin
  3. Enter your HARP credentials in the CMS Credentials section of the log-in screen. This will create your ICT user account and open the User Profile information.
  4. In the User Details section of the ICT registration screen, enter the following information:
    1. Category = Contractor
    2. Type = Background Check Only
    3. Identity Management Systems = HARP
    4. Request Justification = Fulfill contractual duties (or consult with your COR to identify a response that is more relevant to your contractual requirements)
  5. The Contractor Point of Contact (CTR POC), who is a representative from your company, will approve your application within ICT, which will:
    1. Initiate the background investigation, and
    2. Update your HARP account to reflect that you have initiated your background investigation.

Complete your HARP account setup and request roles

  1. Navigate to the HARP login page:  https://harp.cms.gov/login/login
  2. Enter your HARP credentials to log in and, if you have not already set up your MFA, select Manage Two-Factor Devices to set up additional MFA factors.
    1. For security reasons, all HARP accounts are required to have multi-factor authentication (MFA). T
  3. Once you have set up your multi-factor authentication, you can request roles as appropriate for your responsibilities.
  4. For information on how to request roles in HARP, go to the HARP Role Request tab.


CONGRATULATIONS! You’re done! 

 

Scenario #9: I am a CCSQ support contractor. My employer has changed. I have an active HARP ID. EUA IDs are ALWAYS deactivated when a contractor changes employer. If you have changed employers and are required to have an EUA ID, you will have to request a new EUA ID.

All active CCSQ support contractors who have moved from one employer to another, regardless of whether their contract has changed, and who have an active HARP account and need to acquire an EUA account should follow this process. All CCSQ support contractors are required to go through the background check process.

Confirm your HARP credentials are active

  1. Using your existing HARP credentials, log into your HARP account:  https://harp.cms.gov/
    1. If you find that your HARP credential is no longer active - STOP.  Go back to the User Matrix above and follow the New/Returning CCSQ support contractor selection.
  2. Click User Profile in the upper right-hand corner.
  3. Review your profile information to ensure it is still accurate.
  4. If any of your profile information is inaccurate, click Edit to make updates and click Save when you are done.
  5. Review your user roles by clicking User Roles in the upper right-hand corner. When you left your prior contract, all roles should have been removed, so you should NOT see any active roles.
  6. LOG OUT of HARP.  Do NOT request any roles in HARP until you have completed the background check request process below.

Create your EUA ID and initiate your background check 

  1. Gather digital copies of the following information;
    1. Completed Form OF-306 pdf,
    2. A copy of your current resume, and
    3. Proof you have completed the required PIV training 
  2. Once you have created your HARP account, navigate to ICT https://eua.cms.gov/efi/signin
  3. Enter your HARP credentials in the CMS Credentials section of the log-in screen.  This will create your ICT user account and open the User Profile information.
  4. In the User Details section of the ICT registration screen, enter the following information:
    1. Category = Contractor
    2. Type = IT Dev & Support Contractors (or consult with your COR to identify a selection that is more relevant to your contractual requirements)
    3. Identity Management Systems = HARP
    4. Request Justification = Fulfill contractual duties (or consult with your COR to identify a response that is more relevant to your contractual requirements)
  5. The Contractor Point of Contact (CTR POC), who is a representative from your company, will approve your application within ICT, which will:
    1. Initiate the background investigation, and
    2. Update your HARP account to reflect that you have initiated your background investigation.

Complete your HARP account setup and request roles

  1. Navigate to the HARP login page:  https://harp.cms.gov/login/login
  2. Enter your HARP credentials to log in and, if you have not already set up your MFA, select Manage Two-Factor Devices to set up additional MFA factors.
    1. For security reasons, all HARP accounts are required to have multi-factor authentication (MFA). T
  3. Once you have set up your multi-factor authentication, you can request roles as appropriate for your responsibilities.
  4. For information on how to request roles in HARP, go to the HARP Role Request tab.


Please Note:  CMS requires EUA credential holders to actively use their EUA credentials in EUA-provisioned services (e.g. CMS Outlook or EUA site.)  If you have an EUA ID and are ONLY using it to access HARP-provisioned services, you MUST log into EUA at least 1x a month to keep your account active.  If your EUA credential is deactivated because of inactivity, you will need to create a new EUA ID and re-request roles under the new credentials.  Losing your ID may also impact the progression of your background check as well.


CONGRATULATIONS! You’re done! 



For a visual walkthrough of the registration process, please watch this short video.



For a visual walkthrough of the manual identity proofing process, please watch this short video.





HARP Role Request


With some exceptions, as a HARP user, you can request access to HARP services using the Role Request feature from the home screen of your user dashboard.  The services and roles that are available to you as a HARP user depend on what type of user you are (CCSQ support contractor/ CMS employee/external user) and what services have been authorized for your organization.  

To request a role in HARP, follow the steps outlined below: 

If your application uses HARP for role requests, do the following:

Step 1: Log into HARP – you will land on your user dashboard. From there, select User Roles.

Step 2: Select Request a Role.

Step 3: Select the desired Program (HARP Service) and select Next.

Step 4: Select your Organization (your contract name, CMS federal employee, etc.) and select Next.

Step 5: Select the desired User Role and select Submit.

Step 6: Enter your request reason, including relevant information like your job title, company name, etc. and select Submit.  Your role request will be sent to the Security Officer that is responsible for approving access for your organization.

Step 7: The Security Official responsible for approving access for your organization will receive a notification of your request.  You will be notified via email when your role request has been approved or rejected.

HARP User Account Management

HARP has built-in self-service functionality enabling users to reset passwords, retrieve forgotten passwords, manage their HARP user profile, and set or add multifactor authentication (MFA) factors for user authentication.

Harp-Issued user IDs:

These self-service features are available to all users leveraging a HARP-issued user ID and are outlined in detail below.  If the self-service functionality does not resolve the user issue, users can contact the CCSQ Service Center for assistance. 

EUA-Issued user IDs:

Users leveraging their EUA-issued ID in HARP cannot reset their password or update their profile information in HARP.  EUA ID users who need assistance with lost passwords, locked accounts, etc. should contact the CMS IT Service Desk or utilize the update profile/MFA feature in the EUA system.  

HARP Inactivity

HARP accounts are deactivated after two years of account inactivity.  If an account is deactivated due to inactivity, it cannot be recovered.  However, you may use our registration portal to create a new account.  Although you can re-register in HARP using the same email address, you will have to select a new user ID.  Your previous roles will not be available and will need to be requested again.  Please ensure you log into your account periodically to avoid account deactivation.

Instructions for creating a new HARP user account can be found on the Getting Started tab above.

Account Suspension

HARP accounts are suspended if a user fails multi-factor authentication three times or more.  If an account is suspended, contact the CCSQ Service Center for assistance.


Account Management User Guides

Use the following guides to troubleshoot user account issues.

Forgot your User ID

Step 1: Go to HARP and select Having trouble logging in?

Step 2: Select Forgot User ID or Password.

Step 3: Enter your email address and select Send Email.

Step 4: You will receive an email containing your user ID. You can ignore the Reset Password button if you don’t need to reset your password.

Forgot your Password

Step 1: Go to HARP and select Having trouble logging in?

Step 2: Select Forgot User ID or Password.

Step 3: Enter your email address and select Send Email.

Step 4: You will receive an email containing your user ID and a button to reset your password.

Step 5: Select Reset Password (you will be prompted to answer your challenge question).

Step 6: Enter your challenge question answer and select Next.

If you forgot your challenge question answer, follow the instructions for Forgot your Password and Challenge Question (Full Account Recovery).

Step 7: Enter your new password and confirm your new password, then select Reset Password.

Step 8: You should now be able to log in with your user ID and new password.

Forgot your Password and Challenge Question (Full Account Recovery)

Step 1: Go to HARP and select Having trouble logging in?

Step 2: Select Full Account Recovery.

Step 3: Enter your Email Address, First Name, Last Name, and Date of Birth, and select Send Email.

Step 4: You will receive an email that contains your user ID and a button to recover your account.

Step 5: Select Recover Account.

Step 6: You will be prompted to establish a challenge question and answer.

Step 7: Once you have chosen your challenge question and provided an answer, select Reset Challenge Question.

Step 8: Enter and confirm your new password and select Reset Password.

Step 9: You should now be able to log in with your user ID and new password.

Following Account Deactivation

Step 1: Reregister by going to https://harp.cms.gov/register.

Step 2: Enter your profile information (you may use the same personal and corporate email addresses as your deactivated account) and select Next.

Step 3: Choose a different user ID from your deactivated account, enter your password and challenge question, and select Next.

Step 3a: If your profile information fails to verify your identity, you have two options:

  • If you think you know what you entered incorrectly, you can retry remote proofing by returning to the Profile Information screen and selecting Retry Remote Proofing. Entering the last four digits of your SSN and date of birth or your Reference Number will pre-populate the Profile Information fields.
  • Call Experian to verify your identity over the phone and then enter your reference number on the Profile Information screen by selecting Enter Reference Number. This will pre-populate the Profile Information fields.

Step 4: Your new account has been created and you will receive a confirmation email.

Step 5: Select Login to Complete Setup to log into HARP and set up two-factor authentication. Once you have set up two-factor authentication, feel free to log into your respective CMS application. Follow your application’s instructions for how to request a role as all roles associated with your deactivated account will have been removed.

Edit Profile Information

Step 1: Log into HARP – you will land on your user dashboard.

Step 2: To edit your Profile Information, select View/Edit Profile Information.

Step 3: Select the Edit button and modify your information, such as Email Address, Home Address, etc.

Note: You cannot update your First Name, Last Name, or Date of Birth in your User Profile. Call your application’s help desk if you need to update these fields.

Step 4: To allow the HARP team to reach out to you for user feedback, select the checkbox to opt into user feedback sessions.

Step 5: Select Save to save your changes.

Change Password

Step 1: Log into HARP – you will land on your user dashboard.

Step 2: To change your password, select Change Password.

Step 3: Enter your Old Password, New Password, and Confirm New Password.

Step 4: Select Save to change your password.

Update Challenge Question

Step 1: Log into HARP – you will land on your user dashboard.

Step 2: To update your challenge question, select Update Challenge Question.

Step 3: Enter your Password, select a new Challenge Question, and enter your Challenge Question Answer.

Step 4: Select Save to update your challenge question.

Manage Two-Factor Authentication

Step 1: Log into HARP – you will land on your user dashboard.

Step 2: To update your challenge question, select Manage Two-Factor Devices – you will see a list of your existing two-factor authentication devices.

Step 3: To add a new two-factor authentication device, select the Device Type, follow the instructions, and select Send Code.

Step 4: Enter the security code to verify the device and select Submit.

Step 5: To remove a device, select the associated Remove link for the device you would like to remove.

Step 6: Verify you want to remove the device and select Remove – the device will be removed from your list of two-factor authentication devices. 



Security Officials in HARP

Each organization needs to designate at least two Security Officials (SO) who will be responsible for approving access to HARP services for individuals within their organization.  These individuals will typically be designated at the time your organization is onboarded to CCSQ Services.  Thereafter, these individuals can be changed and more Security Officials can be added to help manage your organization's user population in HARP. 

Security Officials serve a critical role in helping to secure HARP services.  They are responsible for approving access for their organization's users and removing access from individuals within their organization who have left or who no longer need access to an assigned service.  Use the guides below to request assignment as your organization's Security Official and for information on navigating your SO role.  

For more information about the onboarding process and how organizations are granted access to CCSQ Services, use this Access to Services link.

Security Official User Guides

Use the following guides to learn more about becoming and serving as a Security Official for your organization

Requesting the Security Official (SO) Role in HARP

Step 1: Log into HARP – you will land on your user dashboard. From there, select User Roles.

Step 2: Select Request a Role.

Step 3: Select the desired Program and select Next.

Step 4: Select your Organization and select Next.

Step 5: Select the Security Official role and select Submit.

Step 6: You will be notified via email when your role has been approved or rejected by an existing SO.

 Approving User Roles in HARP

Step 1: Log into HARP – you will land on your user dashboard. From there, select Security Official.

Step 2: You will land on the Role Requests screen and see a list of pending role requests.

Step 3: Select the checkbox for one or many requests.

Step 4: Select Approve or Reject.

Step 5: An email will be sent to the requester notifying them of approval or rejection.

Removing User Roles in HARP

Step 1: Log into HARP – you will land on your user dashboard. From there, select Security Official.

Step 2: Select User Lookup in the left navigation.

Step 3: Choose your Program and Organization.

Step 4: Use the search bar to search for users by first name, last name, email, or user ID.

Step 5: Select a user's name to see their User Roles and Profile Information.

Step 6: Select the Remove link for the User Role you would like to remove.

Step 7: Confirm the removal.

Step 8: The user's role will be removed from the list of User Roles.

Viewing Request History in HARP

Step 1: Log into HARP – you will land on your user dashboard. From there, select Security Official.

Step 2: Select Request History in the left navigation.

Step 3: Optionally, use the search bar to search for a previous request by name or request ID.

Step 4: Select View per request to see the request details, including completion date, organization, role, and whether the request was approved or rejected.


Frequently Asked Questions (FAQ)

User IDs must be between 6-100 characters and unique (cannot already be taken by another user).

Passwords must be a minimum of 12 characters and include a lowercase letter, uppercase letter, number (0-9), and symbol (!@#$%^*). They cannot contain first name, last name, or part of user ID.

HARP is a secure identity management portal and asks for personal information to verify the user's identity. HARP uses Experian to remotely proof users by taking user-entered data, such as date of birth and social security number (SSN), to generate a list of personal questions for the user to answer to verify his/her identity.

  • RIDP is the process of validating sufficient information that uniquely identifies you (e.g., credit history, personal demographic information, and other indicators). This method is used for verifying the identity of a user as opposed to manual proofing or in-person proofing. If you are requesting electronic access to protected CMS information or systems, you must be identity proofed to gain access.
  • CMS uses the Experian identity verification system to remotely perform identity proofing. Experian is used by CMS to confirm your identity when you need to access a protected CMS Application.
  • You may have already encountered RIDP through various interactions with banking systems, credit reporting agencies, and shipping companies.
  • When you log in to HARP, you will have the option to RIDP. You will be asked to provide a set of core credentials which include:
    • Full Legal Name, Social Security Number, Date of Birth, Current Residential Address
  • Experian will use your core credentials to locate your personal information in Experian and generate a set of questions. Experian will attempt to verify your identity to the appropriate level of assurance with the information you provided. Most users can complete the ID proofing process in less than five minutes. If you encounter problems with RIDP, you will be asked to contact Experian Support Services via telephone at (866) 578-5409 to resolve any issues.

If you cannot identity proof online, you will be asked to contact the Experian Verification Support Services Help Desk at (866) 578-5409. The system will provide you with a Reference Number to track your case. For security purposes, the Experian Help Desk cannot assist you if you do not have the reference number.

Account passwords are required to be reset after 60 days of inactivity. Please remember to log in within this period to avoid password expiration.

If your account has been deactivated, it cannot be recovered. However, you may use our registration portal to create a new account. Although you may re-register using the same email address, you will have to select a new user ID. Your previous roles will not be available and will need to be requested again.

Accounts are required to be deactivated after 2 years of inactivity. Once an account is deactivated due to inactivity, it cannot be recovered. If you encounter difficulty logging in and wish to access your account before deactivation, utilize the built-in self-service functions to recover your User ID or password. Note: these recovery methods are available only for active accounts.

For more questions, visit the full FAQ on the HARP Help page

Need Help ?

If you have any issues with registering for HARP or other account-related issues, please contact your Help Desk

For additional information related to HARP, please see the following resources:


Important Note for EUA ID Holders

Users with EUA IDs MUST log into the EUA portal at idm.cms.gov OR log into an EUA-provisioned service (such as CMS Outlook) to ensure your EUA ID is not deactivated. 

Using your EUA ID in HARP will NOT maintain your EUA ID.  If your EUA ID is deactivated, your EUA ID cannot be recovered.  You will need to set up a new ID, re-request all required system access, and you MAY be required to submit another request for a background check (check with your COR whether you need to re-request your background check.) 





  • No labels