CignaforHCP.com new security feature: Two-step authentication

Overview and frequently asked questions

Cigna is introducing two-step authentication as a security feature for the Cigna for Health Care Professionals website (CignaforHCP.com). This enhancement offers an extra layer of security to help prevent use of the website by unauthorized users, and further protects the privacy of your patients with Cigna-administered coverage.


How two-step authentication works. When a user logs in to CignaforHCP.com with his or her username and password, a security code will be sent to the email address listed for the user in Settings & Preferences. Once the user enters the security code on the login screen, he or she will gain access to the website.


Email address verification. To help ensure we send security codes to the correct email address, it’s important that registered users of CignaforHCP.com verify that:

  • Their email address is correct. (Log in to CignaforHCP.com; click the drop-down menu under the user’s name > Settings & Preferences.)
  • They have access to the email that is sent to this address.

Frequently asked questions

  1. Is the two-step authentication security feature mandatory?
  2. It depends. A practice’s website access manager will determine if two-step authentication is mandatory or optional for users by Taxpayer Identification Number (TIN) and/or job role. If a user is set as optional, the user can still choose to enable two-step authentication if they want.

  3. Will two-step authentication be necessary each time a user logs in to CignaforHCP.com?
  4. It depends. If a user selects the option “Remember this device” when logging in, two-step authentication will not be required for subsequent logins.

  5. How does a user’s device know when two-step authentication is not needed?
  6. When users select “Remember this device,” they install a cookie that identifies the device as an authorized device when the user logs in again.

  7. Why would a user be asked for a security code if “Remember this device” was previously selected?
  8. This may occur if the user:
    • Deletes cookies or the browsing history (the device will no longer be identified as an authorized device).
    • Logs in using a different browser.

  9. Will providers that use a federated login or a single sign on for CignaforHCP.com need to use two-step authentication?
  10. No, these users will not use two-step authentication. Likewise, websites that allow single sign on from CignaforHCP.com will not be affected (e.g., OneHealthPort, NaviNet®).

  11. Can a user remove two-step authentication?
  12. It depends. If the website access manager has two-step authentication set as:
    • Optional, and a user has chosen to enable two-step authentication, the user can remove it by logging in to CignaforHCP.com > Settings & Preferences.
    • Mandatory, a user will not be able to change this setting.

  13. What should users do if they don’t receive a security code in their email box?
  14. They should check:
    • Their email address in Settings & Preferences to be sure the correct email address is on file.
    • The junk folder of their email box.
    • With their administrator to be sure their email is working correctly.

  15. Who should providers contact if they have additional questions?
  16. They should call 800.981.9114.