Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Frequently asked questions

We encourage you to create an account directly on login.gov or an agency partner like USAJobs to see login.gov in action. Generally a site will place a login button on their site. When the user clicks this button they redirect to login.gov where they can sign in or create an account. The login.gov site will be branded with the agency logo and can include help text for migrating existing users. After authenticating with login.gov they are redirected back to the agency with a unique UUID or email address that identifies the user.

  1. Choose a protocol: OpenID Connect or SAML. We recommend OpenID Connect since it is a more modern and flexible protocol and generally leads to a quicker integration.
  2. Download a sample application in your preferred language.
  3. Get added to the sandbox where you can begin testing your applications.
  4. Customize the sample code to your needs.
  5. Once the applications are working correctly you can request to be promoted to production. We will add your production configuration to the next production release which occurs on two week release cycles.

We offer email address and UUID. Since a user can change their email address we recommend tracking users by UUID.

Yes. This is why we recommend using UUID as the primary key.

Every user has a unique UUID per agency for privacy reasons. This means that the same user can return a different UUID depending on which agency they are signing in to. These UUIDs are also globally unique. We do offer sharing of UUIDs between agencies with user consent on a case by case basis.

Once a user is authenticated on login.gov and passed back to the agency it is up to the agency to manage the user’s session. We do not remotely invalidate or expire a user’s session.

Login.gov makes no guarantees on IP’s or IP ranges. Please use the DNS when querying login.gov for the latest IPs.

Check the error that was returned. Generally we return the specific errors in the HTML, JSON, or in the redirect url.

Feel free to contact the engineers at login.gov. They can help diagnose your problem further.

No.

No. Login.gov only works via redirects to and from an agency site.

No. login.gov only handles authentication. Granting users specific access and permissions is handled on the agency side. For example, some agencies use active directory to store what applications a user can access.