ACCESS MANAGEMENT SYSTEM
U.S. Department of Health & Human Services

Tier 2 Administrator - User Management Restricted by OpDivs and Affiliations Assignment

Note: The Tier-2 Administrator - User management functions allows to perform typical helpdesk task such as unlocking accounts, password resets, delinking OpDiv credentials, enabling disabled profiles and checking user status. If you do not yet have permission to perform these user management functions in AMS, you will need to complete the AMS Administrator Role Request Form for submission to IAMAMSPMO@hhs.gov for assignment. During an active AMS session (i.e., after logging into AMS), retrieve the form by clicking on the "Help" button on your homepage or directly copying this link into your navigation bar: https://ams.hhs.gov/amsApp/help/HelpIndex.html.

Performing Tier-2 user management functions requires authentication with your HSPD-12 access card; if you logged into AMS by other means, you will be required to complete a second step of authentication before you can proceed with related activities.

  1. Log into AMS, preferably using your HSPD-12 access card, at https://ams.hhs.gov. For quick and easy access to your applications, add this page to your browser favorites or create a desktop shortcut.

    AMS login page

  2. On your AMS homepage, select the "User Management" tab.

    AMS homepage - User Management

  3. On the "User Management" page, enter your search criteria and click "Submit".

    Note: You may enter any combination of valid search terms in the available fields, including partial expressions (e.g., first three letters of last name, first letter of first name, partial HHSID).

    • Entries are not case sensitive
    • Entering more information limits the number of matching records returned by your search (e.g., complete first and last name)
    • Entering less information returns broader results (e.g., last name only)
    • Entering a complete HHSID will return a single matching record
    • Entering a complete AMS username will return a single matching record

    User Management - Find User

  4. To proceed, click "Agree" on the "Data Protection Policy Statement" pop-up notice.

    Data Protection Policy Statement: This search is intended for authorized administrators who need to look up and review an AMS user's profile data, including the user's HHSID and application access. Note that the results will include information on HHS employees, contractors, and affiliates, as collected by their respective badging offices and on-boarding systems.  
          By clicking the Agree button, you are accepting the responsibility
to protect the privacy of the user data presented in the search results. If you agree and would like to process with the
search, click Agree button.

  5. Search results are presented in the same screen as shown in the screenshot below.

    User Management - Find User Search Results

  6. To view the user profile details, select the HHSID/XID for the desired user.

    Note: Administrators will be able to perform Role Assignment Services (RAS) on external (non-HHS) users. Helpdesk functions such as “Reset Password” and “Delink Credentials” do not apply to external (non-HHS) users.

    Note: A user’s profile details will vary depending on whether you search for an internal (HHS) user versus an external (non-HHS) user. The examples below show the user profile details for an internal user and an external user:

    User Management - Internal User Profile Example

    User Management - External User Profile Example

  7. Note: You, as a Tier-2 Administrator, are able to perform the following functions on users belonging to authorized OpDiv/ OpDiv and Affiliation combination that you have been assigned to as part of the Administrator Role Request process.

    • Reset AMS Password

      This function resets the user's AMS password and sends a system generated temporary password via email.

      Please note, the following four email account providers have been verified as not allowing delivery of the password reset emails sent from the AMSHelp@hhs.gov email address. Additionally, Yahoo is strongly suspected, but not yet verified.

      1. AOL
      2. Sbcglobal
      3. embarqmail.net
      4. Domains ending with .edu

      Also note that there are sometimes lag times in the email service over which AMS has no control, the user should not expect immediate email receipt after password reset by the Tier-2 Administrator, an email is typically auto-generated and delivered within one hour. Tier-2 Administrator to follow the established AMS helpdesk escalation procedures in case of password reset email issues.

    • Unlock AMS Credentials

      This function unlocks the locked AMS user profile (AMS user profile is locked after three (3) failed attempts to input the correct AMS password).

    • Delink Network Account

      This function delinks the linked network account (including NIH credentials) from their AMS profile.

    • Reactivate Profile

      This function reactivates AMS user's profile that is disabled due to 60 days of inactivity. Note, Tier-2 Administrators are allowed to reactivate only disabled AMS user profiles and not suspended AMS user profiles.

  8. Tier-2 Administrator clicks on the desired user profile in the search results to perform one of above listed actions. Note, the user profile should exist in relevant state for the action to be performed i.e. AMS user profile is Locked (LOCKED STATUS = "Y") in order to perform "Unlock AMS Credentials"; AMS user profile is linked (PROFILE LINK STATUS = "AD account linked") in order to perform "Delink Network Account"; AMS user profile is disabled (AMS STATUS = "DISABLED" in order to perform "Reactivate Profile".

    1. Reset AMS Password

      On successful password reset, the following confirmation message is displayed on the screen and an email is sent to the user:

      Reset AMS Password: By clicking submit, a new password will be generated and sent to the email address on record for Suzanne Burge.

      Once the user selects 'Submit' the following message is displayed on the screen:

      Reset AMS Password: A new password has been sent and emailed to Suzanne Burge.

    2. Unlock AMS Profile

      On successful unlock action, the following confirmation message is displayed on the screen:

      Unlock AMS Credentials: By clicking submit, AMS credentials will be unlocked for Suzanne Burge.

      Once the user selects 'Submit' the following message is displayed on the screen:

      Unlock AMS Credentials: Suzanne Burge has been unlocked.

    3. Delink Network Credentials

      On successful delink action, the following confirmation message is displayed on the screen:

      Delink Network Account: By clicking submit, network account will be delinked for Suzanne Burge.

      Once the user selects 'Submit' the following message is displayed on the screen:

      Delink Network Account: Suzanne Burge has been delinked.

    4. Reactivate Profile

      On successful reactivation, the following confirmation message is displayed on the screen:

      Reactivate Profile: By clicking submit, AMS profile will be reactivated for Suzanne Burge.

      Once the user selects 'Submit' the following message is displayed on the screen:

      Reactivate Profile: Suzanne Burge has been reactivated.

    5. Manual Password Reset

      (Note: The T2Pwd<OpDiv>:<Affiliate> role is an additional role that must be requested on the Role Request Form. Users with this role may only update for the requested OpDiv Affiliate combination only.)

      The following pop-up window is displayed on the screen when manually resetting a user’s password:

      Manual Password Reset: By clicking submit, a new password will be set for Suzanne Burge.

      Once the user enters the new password, and selects 'Submit' the following message is displayed on the screen:

      Manual Password Reset: A new password has been set for Suzanne Burge.

Note: