Alternate Logon Token

​Due to the implementation of the NIH Privileged Access Management (PAM) Service, a service to centrally secure, manage and monitor privileged accounts at NIH, Secondary (AA) Accounts will no longer be sponsored for a new Alternate Logon Token (ALT) Card. All Secondary (AA) Accounts must be set up for password auto-rotation unless there is a valid justification needed for exemption. If your account has been exempted from password auto-rotation, you must request an ALT card. The process to request an Alternate Logon Token (ALT) Card has changed. Go to ALT Card Frequently Asked Questions (FAQ) to receive the latest guidance on how to request an ALT card.


 

What is an ALT card

An Alternate Logon Token (ALT) Card is a smart card used by NIH system administrators (Secondary (AA) Account holders) for privileged access to NIH computers and information systems. ALT Cards are also used by individuals who have PIV cards from other Operating Divisions (OpDivs) but who need logical access to NIH IT resources; it does not open gates or doors. An ALT Card contains one digital certificate, the authentication certificate, which is linked to the card holder's Secondary (AA) Account. See the illustration below to compare features between the ALT Card and PIV card.

 

A side by side comparison of a PIV and ALT card showing that the PIV digital certificate asserts a user's regular AD account, while the ALT digital certificate asserts the user's secondary AA account. 

  PIV ALT
Name and photograph Yes No
Opens gates and doors Yes No
Certificates used for

Authentication
Encryption
Digital Signatures

Authentication

AD account authentication

Standard
User

Privileged
User


Note:
  Authentication certificates usually have an -A after your name. The authentication certificate on an ALT card has a number after the –A, e.g., -A2. The authentication certificate on a PIV Card ends in just –A with no number.

 

How to get an ALT card

Go to ALT Card Frequently Asked Questions (FAQ)​to receive the latest guidance on how to request an ALT card.

  1.  Visit your IC's ALT Distributor to obtain a blank ALT card.
  2. Download the authentication certificate for your Secondary account on to your ALT.

 

IC ALT Distributors

Each IC has one or more ALT Distributors; to find your IC’s ALT Distributor(s), please click on your IC in the table below:

CC CIT CSR FIC NCATS NCCIH NCI
NEI NHGRI NHLBI NIA NIAAA NIAID NIAMS
NIBIB NICHD NIDA NIDCD NIDCR NIDDK NIEHS
NIGMS NIMH NIMHD NINDS NINR NLM OD

 

ALT Guidance Documents

 

Information and Assistance

For additional information, search the NIH IT Knowledge Base for tutorials, instruction sheets and user guides or refer to the appropriate How-To Guide.

For questions or user support, please contact the NIH IT Service Desk.​​​​