Overview and frequently asked questions

Evernorth offers two-step authentication as a security feature for the Evernorth provider website (Provider.Evernorth.com). You can also reset your user name or password using a one-time authentication code. This enhancement offers an extra layer of security to help prevent use of the website by unauthorized users, and further protects the privacy of your patients.

How two-step authentication works. When a user logs in to Provider.Evernorth.com with his or her username and password, a security code will be sent to the email address listed for the user in Settings & Preferences. Once the user enters the security code on the login screen, he or she will gain access to the website.

How password reset and username reset works with the one time code. When a user clicks on the “Forgot Password” link, they will have the option to receive a one-time passcode to their verified email address or mobile phone number to reset it. Alternatively, they can still use the security questions they set up upon registration.

Email address verification. To help ensure we send security codes to the correct email address or mobile phone (optional), it’s important that registered users of Provider.Evernorth.com verify that:

• Their email address is correct. (Log in to Provider.Evernorth.com; click the drop-down menu under the user’s name > Settings & Preferences.)
• Their mobile phone number is correct. (Log in to Provider.Evernorth.com; click the drop-down menu under the user’s name > Settings & Preferences.)
• They have access to the emails within the email box listed
• They have access to the mobile phone listed. Mobile phone is optional.

Frequently asked questions

1. Will two-step authentication be necessary each time a user logs in to Provider.Evernorth.com?
   It depends. If a user selects the option “Remember this device” when logging in, two-step authentication will not be required for subsequent logins.

2. How does a user’s device know when two-step authentication is not needed?
   When users select “Remember this device,” they install a cookie that identifies the device as an authorized device when the user logs in again.

3. Why would a user be asked for a security code if “Remember this device” was previously selected?
   This may occur if the user:

   • Deletes cookies or the browsing history (the device will no longer be identified as an authorized device).
   • Logs in using a different device.
   • Logs in using a different browser.
   • Logs in after 90 days of inactivity.

4. Will providers that use a federated login or a single sign on for Provider.Evernorth.com need to use two-step authentication?
   No, these users will not use two-step authentication. Likewise, websites that allow single sign on from Provider.Evernorth.com will not be affected (e.g., NaviNet^®).

5. What should users do if they don’t receive a security code in their email box?
   They should check:

   • Their email address in Settings & Preferences to be sure the correct email address is on file.
   • Check your verified email address or verified mobile phone in Settings & Preferences to be sure the correct email address is on file.
   • Check the junk folder of your email box.
   • Verify with your administrator to be sure your email is working correctly or if it may be blocking emails. The email should come from DoNotReply@Providernotification.cigna.com.
   • Check to see if you replied stop to a text short code of 32882.
   • Try restarting your mobile phone to get a fresh connection to your network.
   • Check with your cell phone provider to be sure text (SMS) is working correctly.

6. Who should providers contact if they have additional questions?
   They should call 888.736.7499.