US flag signifying that this is a United States Federal Government website An official website of the United States government

Get access to

Get access to

Get access to

  • If you’re in EPA, GSA, or NSF: You automatically have access and can log in using your agency credentials.
  • If you’re in FDIC: Some FDIC staff automatically have access and can log in using agency credentials. If you try to log in and receive a “status message is null” error, contact the FDIC identity team to be added to the access group.
  • If you’re in another agency: If you have a U.S. federal government email address, you can sign up for access.
  • Otherwise: If your team uses and you don’t have a federal government email address (such as if you’re a contractor), ask a teammate to invite you.

Log into

Agency single sign-on accounts

If you have an EPA, FDIC, GSA, or NSF email address, sign in using your agency credentials. Follow these instructions to log in. accounts

If you were invited with an email address that isn’t part of an agency with single sign-on authentication to, you have a account. Follow these instructions to log in. When you log in via a web browser, select the option.

Your account requires setting up both a password and an authentication application that generates token codes, such as Google Authenticator or Authy. (You can use any authentication application that supports the standard Time-based One-Time Password algorithm.) When you log into for the first time, follow the instructions to set this up.

To change your password

If you can’t access your token codes

If you need to set up a new authentication application, such as if you lose your phone, email support so that we can allow you to set up a new one. We’ll follow this process to mitigate the risk of requests from compromised email addresses:

  1. Delete the contents of your sandbox space (if you have one).
  2. Remove your permissions to any other spaces and orgs.
  3. For those spaces and orgs, notify the Space Managers and Org Managers that we’ve removed your access because of your request to reset your account’s authentication application.
  4. Reset your account’s authentication application.
  5. Let you know this is complete, so that you can set up a new authentication application and request access from your Space Managers and Org Managers again. It is their responsibility to verify that this is a legitimate request from you.

You can copy this into your email (or write something similar), so that we know to go ahead with that process right away:

I need to set up a new authentication application. I understand this means the contents of my sandbox space will be deleted if I have one, and that you will remove my permissions to other spaces and orgs.

Use your account responsibly

Acceptable uses of include:

  • Building and managing government digital services.
  • Making and trying test systems to learn about how works.
  • Activities contributing to the development of itself.

In order to help us keep secure, we require that you use your account appropriately. When you use, you agree that you’ll respect these rules of behavior:

  • Conduct only authorized business on the system.
  • Maintain the confidentiality of your authentication credentials; a operator should never ask you to reveal them. We recommend using a password manager and strong credentials.
  • Log out when you no longer need session access. Never leave your computer unattended while logged into
  • Report all security incidents or suspected incidents (such as improper or suspicious acts) related to systems and networks to support.
  • Safeguard system resources against waste, loss, abuse, unauthorized use or disclosure, and misappropriation.
  • Don’t process U.S. classified national security information on the system.
  • Don’t browse, search or reveal information hosted by except as required to perform your legitimate tasks or assigned duties.
  • Don’t retrieve information, or in any other way disclose information, for someone who does not have authority to access that information.
  • Don’t intentionally use a client that makes use of obsolete or insecure encryption algorithms.
  • Don’t configure your browser to ignore security warnings which may involve your connection with; report warnings that you can’t explain to support.
  • If you believe you’ve been granted more access than necessary to perform your legitimate tasks or assigned duties, immediately notify support.

If you use a account (instead of using an agency single sign-on account), you have an additional rule of behavior:

  • Don’t share your account with another person or create anonymous or group accounts. Your account is just for you.

Access to systems and networks owned by is governed by, and subject to, all federal laws, including, but not limited to, the Privacy Act, 5 U.S.C. 552a, if the applicable system maintains individual Privacy Act information. Access to systems constitutes consent to the retrieval and disclosure of the information within the scope of your authorized access, subject to the Privacy Act, and applicable state and federal laws.

Please contact support if you have questions about these rules or don’t understand them.