Skip to main content

Military Health System

Utility Navigation Links

TRICARE Systems Manual 7950.4-M, April 2021
General Automated Data Processing (ADP) Requirements
Chapter 1
Section 1.2
Beneficiary Authentication Requirements
Revision:  
1.0  The contractor shall use the DMDC Authentication service to perform authentication for beneficiary web access to contractor portals or web sites that access beneficiary-specific TRICARE data. The DMDC Authentication service supports the DoD approved enterprise self-service credential called the DoD Self-Service Logon (DS Logon) account.
1.1  Available credentialing options may be modified due to security enhancements, and will be made known when available.
1.2  The contractor may use authentication methods that meet National Institute of Standards and Technology (NIST) Level 2 requirements (NIST Special Publication (SP) 800-63) for beneficiaries that are not eligible to receive DS Logon accounts.
2.0  Access to beneficiary specific TRICARE data requires authentication with the approved DoD credential, or their equivalent. DMDC issues the DS Logon credential; DMDC retains responsibility for maintaining this credential.
•  An authentication service will be provided by DMDC for the DS Logon credential.
•  The contractor shall use the DMDC Authentication service at the registration point for beneficiary access to the contractor portal or web site for all beneficiaries eligible to obtain a DS Logon.
•  The contractor shall use the authentication service to validate authentication of a beneficiary every time a contractor portal or web site is accessed.
3.0  Upon presentation of the DS Logon credential, the DMDC Authentication service will provide the following data to the contractor upon successful authentication:
•  Method of Authentication (e.g., DS Logon).
•  Status of the account.
•  Identity information of the authenticated beneficiary (e.g., DoD Electronic Data Information Patient (EDI) PIN).
•  Affiliation information of the authenticated beneficiary to the DoD.
•  Family member association including DoD EDI PIN of the sponsor.
4.0  The contractor may use the information returned with a successful authentication to enforce any application specific business rules. For example, the contractor may exclude access by a parent to a family member’s Explanation Of Benefits (EOB) information if the family member is over the age of 18.
5.0  The contractor shall rely on their own authentication methodology to authenticate users accessing beneficiary-specific TRICARE data via a contractor portal or website for those beneficiaries ineligible for a DS Logon.
- END -
Follow us on Instagram Follow us on LinkedIn Follow us on Facebook Follow us on Twitter Follow us on YouTube Sign up on GovDelivery