FAQ on Authentication Changes and FedRAMP Migration

  • Updated on Jan 15, 2026
  • Published on Jan 7, 2026
  • 3 minute(s) read
Prev Next

GovDash FedRAMP Updates

GovDash is making security and compliance improvements to support our new Federal environment and align with FedRAMP Moderate Equivalency expectations. These updates help ensure customers can securely work with Controlled Unclassified Information (CUI) in GovDash.

The new GovDash Federal environment will go live on January 19, 2026.

As a reminder, please do not upload CUI to GovDash until we have fully transitioned to the new environment on January 19, 2026.

Learn more about our security posture here:
https://www.govdash.com/security

Changes to User Authentication

GovDash is updating authentication options to improve security and support stronger account protection. SSO remains the primary sign-in option for many organizations.

Single sign-on (SSO) via Microsoft Entra or Okta will remain available.

One-time password email sign-in will also remain available.

GovDash will also support authenticator app codes (TOTP) using apps such as Microsoft and Google Authenticator as an additional sign-in factor to strengthen security.

GovDash will continue to support:

  • SSO via Microsoft Entra or Okta

  • Passkeys

  • One-time password email sign-in

What Authentication Options Are Available?

GovDash supports the following authentication methods:

Customers with CMMC Requirements

If your organization has CMMC requirements and plans to upload or manage CUI in GovDash, you must set up SSO using one of the supported providers:

This is required to support CMMC-aligned access controls for CUI workflows.

Authenticator App Codes (TOTP)

GovDash is adding support for TOTP, which uses a rotating code generated by an authenticator app such as Microsoft or Google Authenticator. This is commonly used as a second factor to improve account security.

Customers will also be able to reset TOTP using one-time reset codes.

TOTP is not required for all customers, but we encourage customers to enable a second factor when possible.

Important Updates to SharePoint and SSO for Admins

As part of GovDash’s migration to our new Federal environment in support of our FedRAMP authorization, GovDash teams using Microsoft SharePoint and/or Microsoft Entra (Azure AD) SSO must complete required re-authorization steps by January 19, 2026 to avoid disruption.

  • SharePoint Integration: An admin who is also a Microsoft Entra Global Administrator must re-link your SharePoint tenant in GovDash. After this is completed, all users must re-add their Microsoft accounts to continue uploading SharePoint-connected content. Instructions for completing these steps are available here.

  • Entra SSO Integration: An admin who is also a Microsoft Entra Global Administrator must re-authorize GovDash in your Entra tenant to ensure uninterrupted SSO login access. Instructions for completing these steps are available here.

Transition Timeline

Important dates related to the Federal environment transition are below:

  • January 19, 2026: The GovDash Federal environment goes live. Customers can begin uploading CUI in the new Federal environment. This date is also the cutoff for required SSO updates.

What Are Passkeys?

Passkeys are a sign-in method that replaces passwords with device-based authentication, such as biometrics or a device PIN. Passkeys can provide strong protection against phishing and improve the sign-in experience.

Benefits of passkeys include:

  • Phishing resistance

  • Fast and user-friendly sign-in

  • Support across modern browsers and devices

If you have already registered a passkey, you can continue using it.

Need help setting up passkeys?
Please see our Setting Up Passkeys article for a walkthrough on registering passkeys.

Do I Need to Register a Passkey?

No. Passkeys are supported, but they are not required.

Customers who prefer passkeys can continue using them. Customers who have already registered a passkey can keep using it for login.

Will My Data Be Impacted?

No existing data will be lost during these changes or the migration to the new Federal environment. These updates affect how users sign in and where GovDash is hosted.

Where Can I Get Support?

For help during this transition, please contact your GovDash account manager or email support@govdash.com.

FAQ

What changes are being implemented with GovDash?

GovDash is transitioning to a new Federal environment and updating authentication options to improve security. One-time password email sign-in will remain available, and GovDash will also support SSO, passkeys, and authenticator app codes (TOTP).

When will these changes take effect?

The GovDash Federal environment will go live on January 19, 2026.

When can I upload CUI to GovDash?

You may begin uploading CUI no earlier than January 19, 2026, when the new Federal environment goes live.

What are passkeys and why are they beneficial?

Passkeys are a secure sign-in method that uses device-based authentication and provides strong phishing resistance.

Do I have to use passkeys?

No. Passkeys are optional and remain supported.

What should users do if they have CMMC requirements?

Organizations with CMMC requirements must configure SSO using Microsoft Entra or Okta to upload or manage CUI in GovDash.

What should users do if they encounter issues with SSO or login?

Please contact your GovDash account manager or email support@govdash.com for assistance.

Related articles