Q1. What is MFA?
MFA, or multi-factor authentication, is a secure authentication method that requires employees to verify their identity using two factors:
- Something you know – like your password.
- Something you have – like a verification code sent to your mobile device.
Q2. Why do we need MFA?
MFA is an important addition to the Commonwealth’s cybersecurity program. It helps prevent phishing attacks and unauthorized access by protecting employee login credentials.
Q3. Is there additional information on mass.gov about how to use MFA?
Yes, check out this helpful page: Learn more about Multi-factor authentication (MFA) | Mass.gov
Q4. Once I start using MFA to log into Employee Self-Service, will I need my old HR/CMS Employee Self-Service password?
No, once you’re set up with MFA, you’ll use your Office 365 username and password—no need for a separate HR/CMS password anymore.
Q5. Where do I find the MFA enabled login link?
Go to the MassHR homepage and Select Log in to HR/CMS Employee Self -Service with MFA from Quick Log In Links section on the page. (Screenshot below)
Q6. Can I still use the same link I have bookmarked to log into Employee Self-Service?
No, if you’ve previously bookmarked the HR/CMS Employee Self-Service site, and are now MFA enabled, you’ll need to update your bookmark. Depending on the browser you use, (Google, Safari, Chrome, Edge, etc.) these may be called Bookmarks or Favorites and you should use the instructions for that specific browser to update your link. You can also navigate to the MassHR homepage and select the HR/CMS Employee Self-Service with MFA link each time you log in.
Q7. What happens if I use the wrong log in link?
If you are MFA enabled and select the wrong link, you will receive a message directing you to the correct link. Choose Select here to log in with MFA.
Q8. How will I be notified when I need to start logging into HR/CMS Employee Self-Service with MFA?
When your agency launches MFA, you will be notified via emails from the Human Resources Division (HRD) and from your agency. These emails will provide instructions on how to log in using MFA.
Q9. Do I need to set anything up?
No setup is required if you're already using MFA for Office 365. You'll simply use your existing credentials and authentication method.
Q10. Should I clear my cache before using MFA?
It is highly recommended to clear your browser cache before logging in for the first time.
Q11. Do I use HR/CMS Employee Self-Service?
Yes, HR/CMS Employee Self-Service is where you enter your time, view your pay advice, change your direct deposit and more. This page may also be known to you as Employee Self-Service, Time and Attendance, or SSTA.
Q12. What should I do if I encounter an error message while logging in with MFA?
If you receive an error message while trying to log in with MFA, please note the exact message and any error codes. You can then contact the EOTSS help desk for assistance at 844-435-7629.
Q13. Where can I find more information about multi-factor authentication (MFA)?
The following resources are available on mass.gov:
- Multi-factor authentication service page
- Learn how to use MFA
- Change your MFA method
- Multi-factor authentication FAQs
Q14. How can I reset my MFA settings?
If you need to reset your MFA settings, please contact the EOTSS help desk for assistance at 844-435-7629.
Q15. If I use my personal cell phone to authenticate for MFA, will my phone be subject to public records requests or legal discovery requests?
No, the use of a personal cell phone for the purpose of multi-factor authentication -- using an authenticator app, receiving a text or a phone call -- does not alone make a personal device subject to search or disclosure.
Q16: Which agencies are currently using MFA to login to HR/CMS Employee Self-Service?
| Go-Live Date | Agency |
|---|---|
| June 18 |
|
| July 16 |
|
| October 8 |
|
| October 22 |
|
| Last updated: | September 29, 2025 |
|---|