Cloud.gov Account Management

Overview

Cloud.gov provides secure access through agency single sign-on (SSO) or Cloud.gov accounts with multi-factor authentication. Federal employees and contractors working on federal systems can obtain access through their agency's identity provider or by creating a Cloud.gov account. This guide covers account setup, authentication methods, and responsible use policies required for platform access.

Prerequisites

• Federal Government Email: .gov, .mil, or .fed.us address for automatic access
• Agency SSO (if available): Check the login page for integrated agencies
• For Contractors: Federal employee must invite you to their organization
• Authentication Tools:
  • PIV/CAC card reader (for agency SSO)
  • TOTP authenticator app (for Cloud.gov accounts)

Process / Steps

1. Determine Your Access Method

Option A: Agency Single Sign-On

If your agency is listed on the login page:

1. Select your agency's button
2. Authenticate with PIV/CAC or agency credentials
3. Automatic access granted

Option B: Cloud.gov Account

For agencies without SSO integration:

1. Visit https://account.fr.cloud.gov/signup
2. Enter your federal email address
3. Set up password and TOTP authentication

2. Configure Multi-Factor Authentication

For Cloud.gov accounts, configure TOTP using:

• Recommended (with backup/sync):
  • Microsoft Authenticator
  • 1Password
  • Authy
• Basic (device-only):
  • Google Authenticator
  • Any RFC 6238-compliant app

3. Request Organization Access

Follow these steps:

1. Go to log into your cloud.gov account at https://login.fr.cloud.gov
2. Click on Forgot your password? link to reset your password
3. Enter your email address into the Email address input and click SEND EMAIL to receive the reset password confirmation email
4. Go to your email and click on the verification link in the first step of that email
5. Enter your email address in the Email address input on the reset password verification page and click VERIFY EMAIL
6. Your email is verified and then copy/save the temporary password under the Your temporary password.
7. Login to your cloud.gov account at https://login.fr.cloud.gov/ with the new temporary password
8. After logging in, go to https://account.fr.cloud.gov/change-password to change the password
   1. Enter the temporary password into the Old Password input
   2. Then create and enter the new password into New Password input and confirm it in the Repeat New Password input
   3. Finally, click CHANGE

4. Maintain Account Security

Customer Responsibility:

• Protect authentication credentials
• Report suspicious activity to support@cloud.gov
• Log out when sessions complete
• Update passwords every 90 days (Cloud.gov accounts)

5. Follow Responsible Use Policy

If you need to set up a new authentication application, such as if you lose your phone, email support@cloud.gov so that we can allow you to set up a new one. We'll follow this process to mitigate the risk of requests from compromised email addresses:

Authorized uses include:

• Building and managing government digital services
• Testing and learning Cloud.gov capabilities
• Contributing to platform development

Prohibited activities:

• Processing classified information
• Sharing account credentials
• Unauthorized data access
• Circumventing security controls

Common Errors & Fixes

SSO Login Failures

• Issue: PIV/CAC not recognized
• Fix: Ensure card reader drivers updated and browser compatible

TOTP Token Invalid

• Issue: Authentication code rejected
• Fix: Verify device time synchronized; codes expire in 30 seconds

Password Reset Needed

• Issue: Forgotten password or expiration
• Fix: Follow these steps:

1. Go to log into your cloud.gov account at https://login.fr.cloud.gov
2. Click on Forgot your password? link to reset your password
3. Enter your email address into the Email address input and click SEND EMAIL to receive the reset password confirmation email
4. Go to your email and click on the verification link in the first step of that email
5. Enter your email address in the Email address input on the reset password verification page and click VERIFY EMAIL
6. Your email is verified and then copy/save the temporary password under the Your temporary password.
7. Login to your cloud.gov account at https://login.fr.cloud.gov/ with the new temporary password
8. After logging in, go to https://account.fr.cloud.gov/change-password to change the password
   1. Enter the temporary password into the Old Password input
   2. Then create and enter the new password into New Password input and confirm it in the Repeat New Password input
   3. Finally, click CHANGE

Lost TOTP Device

• Issue: Cannot generate authentication codes
• Fix: Email support@cloud.gov with:

  I need to set up a new authentication application. I understand this means the contents of my sandbox space will be deleted if I have one, and that you will remove my permissions to other spaces and orgs.

FAQs

Q: How quickly can I get access? A: Federal email addresses get immediate sandbox access. Production access requires IAA/MOU coordination.

Q: Can consultants get their own accounts? A: Yes, if working on federal systems. Federal employee must invite them to the organization.

Q: What happens to my account when I leave? A: Federal leads should remove departing users: cf unset-org-role USER-EMAIL ORG ROLE

Q: How do I report security concerns? A: Email support@cloud.gov immediately with details of suspicious activity.

Q: Can I use hardware tokens instead of TOTP? A: Not currently. Cloud.gov accounts require TOTP apps. Agency SSO may support PIV/CAC or FIDO tokens.