EXTERNAL USER MANAGEMENT SYSTEM
U.S. Department of Health & Human Services

How to Log into XMS with PIV-Derived Credentials

This job aid assists users on how to log into XMS on a mobile device using their PIV-derived credentials, including the first-time user account registration process.

XMS currently only supports PIV-derived credentials with an Authentication Assurance Level (AAL) of three (3). If you are not sure of your credential’s AAL, contact your issuing agency for additional help.

  1. From the XMS login page (https://xms.hhs.gov), click the "PIV Derived" button. For quick and easy access to your applications, add this page to your browser favorites or create a desktop shortcut.

    NOTE: A valid and active PIV-derived certificate must already be installed on the mobile device before you can login.

    XMS mobile login page with the 'PIV Derived' login button highlighted

  1. Select your certificate from the “Select a Certificate” pop-up window and click the “OK” button.

    NOTE 1: If you are having trouble identifying the correct certificate from the list presented to you in the pop-up window, please contact your local IT helpdesk.

    NOTE 2: If your PIV-derived credentials have already been registered in XMS you do not need to complete steps 3 - 4. Continue to step 5.

    Select a Certificate pop-up window

  1. If this is your first-time logging into XMS, you will need to register your account. After successfully selecting your certificate, you will be redirected to the Complete Account Registration page. Enter your email in the corresponding field and click the “Submit” button to continue.

    NOTE: All other fields will be pre-populated with the information pulled from your PIV-derived credential and will remain noneditable. If you notice an issue with any of the information displayed in these fields, please contact your issuing agency.

    Complete Account Registration page with the 'Email' entry field highlighted

  1. A one-time security code will be sent to your registered email. Enter the code into the "One-time passcode" textbox and click the "Submit" button. This will direct you to your XMS user dashboard. At this point, account registration is complete. You will only need to complete steps 1 – 2 the next time you log in.

    OTP entry page for Login.gov email verification

  2. If the email is already associated with an existing account in XMS, log into XMS with your Login.gov credentials on a desktop or log into XMS with your ID.me credentials on a desktop and link your PIV or CAC from the My Profile page.