Launchpad FAQ

The NASA Access Launchpad, also called "Launchpad," is an online service that you can use to log into many applications, such as IdMAX and SATERN, with a single account.
For help, contact the Enterprise Service Desk (ESD) at 1-877-677-2123 (1-877-NSSC123), Option 2 or online at https://esd.nasa.gov/esdportal.

Your NASA user profile consists of an Agency User ID (AUID), a specific password, and your completed set of answers to security questions. Having a user profile allows you to access many NASA applications.

You will be able to create your profile after your identity has been created and activated. When that process is completed you will have received an email with instructions for setting up your profile and other necessary actions such as SATERN training.

If you are not currently logged in, to create your profile click the "First Time User" option at the top of this page and follow the instructions; alternatively you can go directly to https://id.nasa.gov/ProfileCreate.

When creating the profile, you will receive an email with a one-time use temporary passphrase for verification (This is not your password to access NASA applications). You will then set a Launchpad password that can be used while your initial 14 day exemption is provisioned, answer security questions, acknowledge rules of behavior, and enter a preferred cell phone number.

After the 14 day exemption expires, you will be required to log into Launchpad with your highest level credential (Smartcard/RSA/Password).

An Agency User ID (AUID) is your user ID for many NASA applications. It is unique across the entire Agency (no one else has the same ID).

If you do not remember your Agency User ID, just go to https://id.nasa.gov. On the Launchpad log in page, select "Retrieve Agency ID" in the header and enter the requested information to have it emailed to you. You can also go directly to https://id.nasa.gov/AUIDRetrieval.

Warning: This option will only be available for End Users that are Non-Smartcard/RSA holders, or that have a Smartcard/RSA Exemption for application log in.

Your Launchpad password is setup after your profile creation. This is not the same password as your desktop log in. Ensure it is a unique one that you will remember.

If you are a password user and have forgotten your password, you can click on the Forgot Password link on the Agency User ID log in form or go directly to https://id.nasa.gov/PasswordReset to answer your security questions and reset it.

If you have a Temporary Password, you can go to https://id.nasa.gov and click the Temporary Password link under Popular Actions to generate a new password. You must log in using your smartcard to generate a Temporary Password.

To update your profile, such as editing security answers and questions, go to https://id.nasa.gov. Once you are logged in, click the "My Login" button and select an option from the drop-down menu.

No, you cannot use Launchpad for updating personal information. Instead, go to the NASA Identity User Self Service at https://id.nasa.gov. There you can edit your information such as email address, phone number, display name, common name and more.

You, or your sponsor, need to submit a NAMS request for application "Agency RSA SecurID Token".

The RSA Token Code, sometimes referred to as the passcode, is slightly different depending on whether a hard token or soft token is used. For hard tokens, it’s a combination of your personal PIN + the code displayed on your token. For soft tokens, its simply the code displayed on your smart phone.

If you have forgotten your PIN, please call the Enterprise Service Desk (ESD) at 1-877-677-2123.

Ensure you are entering your PIN correctly. And do not reuse the same token code twice; the codes are one time use.

If you have entered your RSA token code incorrectly too many times your account may be locked. An email is sent to the primary registered email address on file when this occurs. Should you receive the locked notice, please call the Enterprise Service Desk (ESD) at 1-877-677-2123.

You will not be able to log in using your Agency User ID/Password if:

1. You have a smartcard and do not have a Smartcard Exemption for IT Access

2. You have an RSA SecurID token and do not have an RSA Exemption for IT Access

Passwords are case sensitive and must match exactly what is set on your account. Ensure you do not have caps lock on and the password being entered is the one you setup for the account.

If you continue to receive the error, it is possible your account has been locked due to too many failed attempts. When this occurs, you can log in with an RSA SecurID token or smartcard, wait some time and try again, or reset your password by selecting the Forgot Password link on the Agency User ID log in form or go directly to https://id.nasa.gov/PasswordReset to answer your security questions and reset it.

Remove and reinsert your smartcard into the card reader, restart the web browser, and try the log in again.

If you have forgotten your PIN, the smartcard is damaged, or you need further assistance, please call the Enterprise Service Desk (ESD) at 1-877-677-2123 (1-877-NSSC123), Option 2.

If you are using Firefox, a manual configuration is required. The configuration details can be found below under “Which internet browsers are supported?”

Using one of the available two-factor methods of smartcard (preferred) or RSA SecurID token requires not only a PIN (something you know) but a physical device (something you have). This provides added security for the account and allows certain additional functions within some applications.

The computer you are using to log in must be equipped with a card reader and configured with the required software, such as ActivClient.

Insert your smartcard firmly into the card reader and select the smartcard log in option from the log in page. If you are already authenticated with another method such as RSA or Agency User ID and Password, go to https://id.nasa.gov/Launchpad and select the link to increase your access level.

Non-NASA federal smartcards can be used for log in. In order to use the card you will need to go through the credential registration process. To initiate this please contact the security office.

Current vendor supported versions of the following browsers are supported:

Windows:
IE, Chrome, Firefox ESR

Mac:
Safari, Chrome, Firefox ESR

Linux:
Firefox ESR

PIV support requires that NASA specified smartcard middleware is installed on the system. For more information on smartcard middleware and browser dependencies, please refer to the End User standards information located on the NASA CSET site: https://cset.nasa.gov/browser-configurations/.


Manual Configuration for Smartcard Support within Firefox

To configure Firefox management of certificate trust:

For smartcard access to NASA resources download and import the NASA Operational Certificate Authority (NOCA) certificate. NOCA is publicly hosted by the Department of the Treasury. To import the desired certificates into Firefox:

  • Open Firefox
  • Paste about:preferences#privacy in the URL bar
  • Select the Privacy & Security tab on the left menu bar
  • Scroll to the bottom of the page and select View Certificates
  • Click Import and select the certificates downloaded earlier
  • Select the desired Trust Levels when asked


To configure Firefox to use smartcard:

Windows 10:

Option 1:
Current versions of Firefox for Windows provide native support for smartcard but must be enabled.

  • To enable support open Firefox
  • Paste about:config in the browser bar
  • Click Accept the Risk and Continue
  • Paste security.osclientcerts.autoload in the config search bar
  • Click the toggle button to enable it
  • Boolean value should now be true
  • Close browser and reopen

Option 2:
In this example HID ActivClient is the installed middleware. You will need to adjust based on your installed software.

  • Open Menu > Options > Privacy & Security (Or copy and paste about:preferences#privacy in the URL bar and hit enter)
  • Click on Security Devices (Scroll to the bottom of Privacy & Security)

    • If "ActivClient PKCS #11" is not under Security Modules and Devices
      • Click Load
      • Change 'Module Name' if you prefer (name has no impact on functionality)
      • For module filename paste the following and hit enter: C:/Program Files/HID Global/ActivClient/acpkcs211.dll

    • Once Complete or If "ActivClient PKCS #11" is already under Security Modules and Devices
      • Insert your smartcard
      • Left-click your smartcard reader (find the one that lists Status as Not Logged in)
      • Click Log In
      • Enter your PIN ("Password Required" prompt should display)
      • If status changes to "Logged In", then the smartcard was successfully unlocked
      • Select "Ok"
      • Close the Preference Pane


RHEL 7 & 8:

In this example OpenSC is the installed middleware on a 64-bit system. You will need to adjust based on your installed software

  • Open Menu > Options > Privacy & Security (Or copy and paste about:preferences#privacy in the URL bar and hit enter)
  • Click on Security Devices (Scroll to the bottom of Privacy & Security)

    • If "OpenSC" is not under Security Modules and Devices
      • Click Load
      • Change 'Module Name' if you prefer (name has no impact on functionality)
      • For module filename paste the following and hit enter: /usr/lib64/opensc-pkcs11.so

    • Once Complete or If "OpenSC” is already under Security Modules and Devices
      • Insert your smartcard
      • Left-click your smartcard reader (find the one that lists Status as Not Logged in)
      • Click Log In
      • Enter your PIN ("Password Required" prompt should display)
      • If status changes to "Logged In", then the smartcard was successfully unlocked
      • Select "Ok"
      • Close the Preference Pane


macOS 10.15 and newer:

Due to changes in the OS, middleware is no longer supported. Current versions of Firefox for macOS provide native support for smartcard but must be enabled.

  • To enable support open Firefox
  • Paste about:config in the browser bar
  • Click Accept the Risk and Continue
  • Paste security.osclientcerts.autoload in the config search bar
  • Click the toggle button to enable it
  • Boolean value should now be true
  • Close browser and reopen

If you would like to log into an application that uses the Launchpad log in, you should bookmark the application URL, e.g., https://inwiki.nasa.gov. That way, you can visit it directly.

Do not bookmark the Launchpad URL.

Single Sign On, SSO, is a mechanism that utilizes your smartcard log in to a NASA desktop to also access Launchpad-enabled applications. This allows you to bypass the Launchpad log in screen when going to applications (you will not be required to enter your credentials). SSO is only available when you are on a NASA computer while connected to the NASA internal network and the smartcard is used for system login.

Alternate User Log In allows you to log in with additional account types when required by an application. A smartcard or NASA Privileged Access Managment password is required.

For more details on this feature you must access this page from a NASA network.

If you are a Smartcard holder with no exemptions and have need of a password, you have the option to use Temporary Password tool as a short-term password alternative for applications via https://id.nasa.gov/TemporaryPassword

If you have a Smartcard and no Smartcard Exemptions, you no longer need to maintain your Launchpad Password. Since Launchpad requires you to present your Smartcard, there is no need to manage the password that you will not be able to use.

If you have a smartcard or RSA, you will no longer need to maintain your Launchpad password, however if there is a need for a password, you can get a temporary password by visiting https://id.nasa.gov/TemporaryPassword.