DFS ID provides secure single-sign-on access to DFS applications, including DFS Connect, NY LINX, and most DFS Portal applications.

Some applications will continue to use the legacy DFS Portal Login process and the Trusted Source approval process. These "Legacy" applications include:

• Annual SIU Reports
• ATM Certification Filings
• First time users of the Company Complaint Response System (CCRS)
• Consumer Credit Reporting Agency Registration
• External Appeal Application
• FCMS: Reporting Suspect Fraud Claims & Transactions
• Healthcare Provider Complaints
• Independent Dispute Resolution
• Paid Family Leave Carrier Reporting
• Purchasing Group Registration
• Terrorism Risk Insurance Act System

These users should use the DFS Portal (Legacy) Login option when signing into DFS Portal (the center option) and do not need to use DFS ID at this time. if you need help, learn how to get help with a DFS Portal application.

DFS ID is an invitation-only system for those responsible for conducting DFS business on behalf of a regulated entity. Invitations to access DFS ID are sent by DFS or by an Entity Administrator.

• Entities can have multiple Entity Administrators in DFS ID. 
• Entities can have as many Users as they need.  

Once invited, you will receive an email that includes instructions on how to set up your DFS ID account.

Before setting up a DFS ID account, you will need to download an authenticator app like Microsoft Authenticator, or Google Authenticator to your mobile device.

To log in to DFS ID, you will need to use the MFA code generated by your authenticator.

Setting Up an MFA Authenticator for the First Time

+

Setting Up MFA For the First Time

When you log in to DFS ID, you will need to use multi-factor authentication (MFA). You will need to have an authenticator app on a mobile device. Before you log in, you should download and set up an MFA authenticator on your phone. There is no cost to download or use an authenticator application. Here is how you do so:

1. Download an Authenticator app to your mobile device, such as Google Authenticator or Microsoft Authenticator.

2. On the DFS ID Login Page, enter your DFS ID credentials and select Sign In.

You will see this:

3. Open the Authenticator on your mobile device, and select Scan QR Code:

4. Hold up your mobile device and scan the QR Code:

You will see a passcode displayed in the Authenticator:

5. Enter the passcode that is displayed on your phone, create a distinct nickname for this device that you can easily reference every time you sign in. Select Continue:

You have successfully set up MFA. Select Go to Homepage to reach the DFS ID homepage.

 

Logging In After MFA Is Set Up

+

Logging In After MFA Is Set Up

Once you have DFS ID MFA set-up on your mobile device, you will re-use the Authenticator on that mobile device to sign in every time. The following steps will instruct you how to do so:

1. On the DFS ID Login Page, enter your DFS ID credentials and select Sign In.

2. Open your Authenticator and view the displayed passcode:

3. Enter the passcode and select Continue.

You have successfully signed into DFS ID.

 

All entities must have at least one Entity Administrator in DFS ID, but can add multiple Entity Administrators.

Entity Administrators are company representatives responsible for conducting business on behalf of their entity, but also responsible for identifying, inviting, and approving DFS ID User accounts for their entity.

• Entity Administrators can log into DFS ID directly to manage User roles and access.

To assist Entity Administrators using DFS ID, the Department provides the DFS ID Entity Administrator User Guide (PDF).

Minimum Roles

Every user in DFS ID has a role that defines their responsibilities. Each role grants a different level of access and dictates what applications a user can see. Roles are assigned by Entity Administrators during the invitation process, and managed or changed within DFS ID.

• Application Owner has the highest level of DFS ID access. This role grants access to all company applications and data, including privileged applications.
• Reviewer is the second level of access, allowing the user to review others’ submissions and complete their own submissions within DFS applications.
• Submitter, the third type of role, allows this user to submit a form or data in a DFS application.
• None – the lowest level of access –  is for users who just manage user access for their entity, but do not have access to any applications. This role may be assigned to IT or support staff who are Entity Administrators but are not responsible for reviewing or submitting filings on behalf of their entity.

Every individual user added to DFS ID must be assigned a role. This may be anywhere on the hierarchy of roles from Application Owner – if an individual needs access to all data and filings – or None - the lowest level of access if responsible for inviting others to DFS ID but not reviewing or submitting filings.

Listed below are the roles that must be assigned to Users in DFS ID for the User to have access to each DFS application or platform.

* Must use Request Apps: Denoted applications are not automatically granted based on DFS ID roles. To gain access to these applications, users will login with DFS ID and then request specific application access using the "Request Apps" tab from the landing page.

How do Users get access to DFS ID?

DFS ID is an invitation-only authenticator for DFS regulated entities. User invites are managed by DFS ID Entity Administrators and occasionally by DFS staff.

What is changing with DFS ID?

DFS ID is changing the way entities access DFS systems. It is not changing any policies or procedures for entities.

How were Entity Administrators identified?

The Department identified Entity Administrators using existing contacts and trusted sources in our applications. These Administrators were notified by email of their role, and sent instructions on how to set up their DFS ID accounts in February of 2026.

What is the difference between an “Entity Administrator” and a “User”?

Entity Administrators are a company’s primary representative(s) responsible for conducting business on behalf of their entity through DFS online applications. Individual licensees, including producers, are automatically deemed Entity Administrators on their own behalf.

Can entities have more than one Entity Administrator?

Yes, entities can have multiple Entity Administrators in DFS ID. One Entity Admin can add another.

Is there a limit to the number of users an entity can have in DFS ID?

No, there is no limit. Entities can have as many DFS ID users as they need.

Can users have access to more than one entity?

Yes, individual users can have access to multiple entities in DFS ID. This access is granted by the Entity Administrators for that entity.

If someone has an individual license and an entity license, or multiple entity associations, will they have separate DFS ID log ins? 

No, the user will have one DFS ID login.

For larger DFS-regulated entities, Entity Administrators identify and grant DFS ID permissions, and assign roles to other users in their organization.

Entity Administrators can add additional Entity Administrators to represent their organization in specific roles with access to specific applications. Each role grants a different level of access and dictates what a user can do for a given application. Please see the User Guide for Entity Administrators for more information and reference the Minimum Roles table in the previous section.

How do I use an MFA Authenticator?

Please see the MFA User guide in the next section.

What should a user who does not have access to TOTP or MFA do?

Mobile device-based TOTP (Time-based One-Time Password) authenticator apps are the best option for generating passcodes for DFS ID. An online search for TOTP and your computer type (Mac, Windows or Linux) may generate some other options like desktop authenticators. A desktop authenticator may work to authenticate you in DFS ID, but the Department can’t help or troubleshoot issues with desktop-based TOTP authenticators.

What should an Entity Administrator do if a user is unable to access their account because MFA is not working?

Entity Administrators should select the ‘Prompt for TOTP MFA Registration at Next Login’ box. This will allow the User to log in and reset their MFA.

Note: The TOTP reset option will only be displayed for Entity Administrators. Regular users will not see that.

What should an Entity Administrator do if they are unable to access their account because MFA is not working?

If you are an Entity Admin, you can have another Entity Admin within your Entity reset it for you. If you are the only Entity Admin, contact DFS via the DFS ID Help Form and select 'locked out of account.'

What should an Entity User do if they are unable to access their account because MFA is not working?

A user should contact their Entity Admin to have their MFA reset. DFS is NOT able to do this via DFS ID Help Form.

What should a User do if they accidentally hit the “Leave Entity” or “Remove Entity Relationship “ button in DFS ID?

Users who accidently select ‘Leave Entity’ or “Remove Entity Relationship “ will no longer see that Entity in “My Entities”. They will have to be re-invited by their Entity Administrator.

I received an invite or I should have received an invite, but I can’t find or I deleted the email. What should I do?

Users who can no longer find their invite can still activate their accounts by going to DFS ID and selecting ‘Forgot Password’. This will trigger an email verification and allow you to finish your account setup.

What are the different “roles” in DFS ID and what do they mean?

Before adding new users, it is important to understand that every user has a role that defines their responsibilities within an Entity. Each role grants a different level of access and dictates what applications a user can see. Roles are assigned by Entity Administrators during the invitation process and managed or changed within DFS ID.

• Application owner has the highest level of DFS ID access. That role grants access to all company applications and data, including privileged applications.
• Reviewer is the second level of access, granting privileges to review others’ submissions and complete their own submissions within DFS applications.
• Submitter, the third type of role, allows a user to submit a form or data into a DFS application.
• None – the lowest level of access –  is for users who manage DFS ID access for their entity, but do not have access to any applications. This type of role may be assigned to IT or support staff who are Entity Administrators but are not responsible for reviewing or submitting filings on behalf of their entity.

Do Entity Administrators also need to be assigned roles?

Yes, every individual added to DFS ID must be assigned a role. This may be anywhere on the hierarchy of roles from application owner – if that individual should have access to all data and filings – or the lowest level of access if the Entity Administrator is responsible for inviting others to DFS ID but does not review or submit filings.

What role should someone be if they are involved with multiple applications?

If a user needs to use multiple applications but does not need to have the same access across applications, the Entity Administrator should assign that user with the highest access needed to perform their job duties. For example, if a user needs to be a submitter for one application, but a reviewer for another, the Entity Administrator should make that individual a reviewer within DFS ID.

It is the responsibility of the entity to both identify which individual(s) should be added to access each of the entity’s relevant applications, and to designate the appropriate role for each individual. These roles can be modified at any time as necessary to provide or limit access. Directions for modifying user roles can be found in the DFS ID Entity Administrator User Guide (PDF).

How does an Entity Administrator change a DFS ID user role?

Entity Administrators manage user roles, including changing roles or deleting users. To do so, when logged into the system, enter the user’s email address in the search bar and select the email address in the dropdown.

Under “Action,” select the new role you want to assign. You can also add or change Entity Administrator access from this page. Then click ‘Save’ for the new role to be reflected in DFS ID. Detailed instructions are available in the DFS ID Entity Administrator User Guide (PDF).

Your DFS ID Entity Administrator should be your first point of contact for questions or issues regarding access to DFS ID. The name of your DFS ID entity administrator can be found in DFS ID by clicking the name of the Entity on the My Entities page.

If you cannot access DFS ID or need help with any other issue, please use the DFS ID Help Form to request assistance.