We encourage you to create an account directly on login.gov or an agency partner like USAJobs to see login.gov in action. Generally a site will place a login button on their site. When the user clicks this button they redirect to login.gov where they can sign in or create an account. The login.gov site will be branded with the agency logo and can include help text for migrating existing users. After authenticating with login.gov they are redirected back to the agency with a unique UUID or email address that identifies the user.
We offer email address and UUID. Since a user can change their email address we recommend tracking users by UUID.
Yes. This is why we recommend using UUID as the primary key.
Every user has a unique UUID per agency for privacy reasons. This means that the same user can return a different UUID depending on which agency they are signing in to. These UUIDs are also globally unique. We do offer sharing of UUIDs between agencies with user consent on a case by case basis.
Once a user is authenticated on login.gov and passed back to the agency it is up to the agency to manage the user’s session. We do not remotely invalidate or expire a user’s session.
Login.gov makes no guarantees on IP addresses or ranges. Please use the DNS when querying login.gov for the latest IPs.
Check the error that was returned. Generally we return the specific errors in the HTML, JSON, or in the redirect url.
Feel free to contact the engineers at login.gov. They can help diagnose your problem further.
No. Login.gov only works via redirects to and from an agency site.