GSA Switches to Multi-factor Authentication. What Should You Do?

GSA marketplace

In August 2020, GSA notified all the contractors about the Multi-Factor Authentication, which is now required for the Mass Modification System. What does the change bring in, and how should you act if you are a GSA contract holder? Read along for answers.

Check if you Qualify to be a GSA Contractor

What is the Mass Mod System?

Mass Modification is initiated by the government when it needs to make a number of Schedule-wide changes to GSA contracts, their terms or conditions. Typically a MassMod involves preliminary notification of contract-holders by e-mail, and then the change comes into effect. The Mass Mod System allows you to review such modifications and take actions on them.

What is the recent Mass Mod change?

Starting from August 2020, all GSA contract holders are required to register in the new Multi-Factor Authentication system. Previously, the authentication required a user to enter a unique PIN and a one-time code sent to the registered e-mail to confirm any MassMod action. Now, the PIN has gone, and the MFA is in place of it.

Importantly, the Multi-Factor Authorization does not cancel or replace a digital certificate that is required to authenticate at the eOffer/eMod system.

How it was:

  • The GSA issues a Mass Modification and announces vendors or their authorized negotiators by e-mail.
  • A vendor receives the e-mail with a unique PIN number that corresponds to a specific Mass Modification.
  • Then, the vendor signs in to the Mass Mod System using this PIN and login data, and receives a one-time confirmation code.
  • Using this one-time code, the vendor opens the MassMod and reviews terms and conditions.
  • If something goes wrong with either the PIN or the one-time code, the vendor can contact the administrative contracting officer and ask for assistance.

How it is now:

  • When the GSA issues a Mass Modification, vendors receive e-mail notifications, as well.
  • Now, to log in to the Mass Mod System they use the Multi-Factor Authentication. Similar to how they do it at the FAS reporting system.
  • Depending on how the vendor configured MFA she will confirm her MassMod actions either with one-time e-mail codes, or one-use codes sent to the Google Authenticator application on iOS or Android.
  • Contacting the administrative contracting officer is still an option if Multi-Factor Authentication somehow fails.

What do you need to do about the Mass Modification now?

Signing the MFA is absolutely necessary for a vendor. Otherwise, you will not be able to review other Mass Modifications including the Multiple Award Schedule consolidation updates, which are crucial for you to retain your contract.

In order to activate the MFA capabilities for your Mass Mod System account, you need to log in to the Mass Mod system, and set up how you choose to do Multi-Factor Authentication, from now on. Here is what you need to do exactly, in order to start using MFA with Mass Modifications.

Step 1: Register for Multi-Factor Authentication (one-time procedure)

You only need to do this once. Open your MassMod account at https://mcm.fas.gsa.gov/ and click the Register button below. A new page will open. Enter your name and the contact e-mail there. Make sure you have provided the correct contacts that you use to communicate with the GSA contracting officer.

A confirmation link is sent to the provided email. Click that link to verify your email address and confirm the registration.

If you already have an account, use the Login button instead. If something goes wrong, and you see an error message, please contact your procurement officer.

Step 2: Activate MFA

Shortly, you will receive another e-mail message with the steps you need to follow in order to complete your Multi-Factor Authentication activation.

In the e-mail message, click the “Activate Account” button. You will be redirected to a new page, where you should specify a new password for the MFA system, and confirm you are a human, by clicking on a security image.

A new page will open.

Step 3: Receive a one-time passcode

On the newly opened page, select the MassMods link. Then, click the “Send me the code” button.

You will receive another e-mail message with your single-use 6-digit passcode. Use it to verify your e-mail within the MFA.

Step 4: Configure MFA

In addition to e-mail authentication, you can configure an additional factor – Google Authenticator. Select your device type – iPhone or Android, then download the Google Authenticator app on your device. Once the app is installed, click the Next button and scan the QR code on the page using the Google Authenticator application.

You can also set up additional authentication factors, if you want to improve security further. However, that is optional, so your MFA set up is done now.

Step 5: Review Mass Modifications

Now, as your Multi-Factor Authentication registration is complete, you can review your pending MassMods and take corresponding actions.

Conclusion

The introduction of the Multi-Factor Authentication in the GSA Mass Modification System should leverage both the usage convenience and security of the system. Staying up to date with the GSA’s latest modifications is crucial, so make sure your contract remains compliant all the time. If you are not sure how to guarantee GSA compliance in a given situation, don’t hesitate to contact Price Reporter. We will gladly help you out.

Also on pricereporter.com