Multi-Factor Authentication Implemented for Access to TMSS effective November 18, 2018
From the U.S. General Services Administration:
Effective November 18, 2018, Multi-Factor Authentication (MFA) will be implemented for access to the General Services Administration’s (GSA’s) Transportation Management Services Solution (TMSS) system. MFA provides an increased layer of security by requiring an additional method of authentication when accessing a system.
Beginning November 18, 2018, all users (except those with a .gsa.gov email) accessing TMSS will be prompted to enter a 6 digit, one time passcode (OTP) each and every time they enter their TMSS User ID and Password. This OTP will be sent to the email they have registered in TMSS that is tied to the User ID and Password they signed on to TMSS with. In order to prepare for MFA and the requirement for an OTP, registered users of TMSS should ensure that the email associated with their TMSS User ID and Password is valid. To identify the email associated with a TMSS User ID and Password, the user will need to log on to TMSS and:
- Click on the link to “Account Info” which is located along the left-hand side of the main TMSS screen;
- Verify that the email displayed is correct; and
- If it is not, update it and the click on “Update Info.”
Once the OTP is sent to a user’s email, the user will have fifteen (15) minutes to enter the OTP on the popup screen displayed by TMSS. If the email containing the OTP is not received and the user has already verified that the email in TMSS is correct, the user should check the spam/junk folder. The user can also select the “Resend OTP Code” option. If within a sixty (60) minute time period a user either attempts to enter an invalid OTP five (5) consecutive times or submits five (5) requests for the system to resend an OTP, the user’s account will be locked for sixty (60) minutes and the user will not be allowed to request that a new OTP be resent until the expiration of the sixty (60) minute lockout period.
As an additional security measure, any TMSS account that has not been accessed within a ninety (90) day period will be disabled. An email will be sent to a user seven (7) days prior to an account being disabled due to inactivity. If the user fails to take the appropriate action and the TMSS account is disabled due to inactivity, the user will need to click on the “Forgot Password? Enter User ID and click here” option from the TMSS sign on page in order to reset the account.
Questions regarding MFA, OTPs and/or how to verify a user’s email stored in TMSS may be directed to either Robyn Bennett at email@example.com, 816-823-3644 or Kim Chancellor at firstname.lastname@example.org, 816-823-3650.