FIRST Portal and Identity Solution

FIRST services and membership resources are all available via FIRST Portal (portal.first.org). Access to these services is controlled via an identity and access management system where members and contributors authenticate using single sign-on (SSO) with Multi-Factor Authentication (MFA).

This is a guide and troubleshooting page for onboarding into the FIRST Portal and configuring MFA credentials (if you are an eligible member).

Roles at FIRST Portal

These are the basic roles within FIRST Portal:

1. Team Representatives and Liaisons have the ability to manage their team and member information, support onboarding their members, and view and pay team dues invoices. Representatives are required to set up at least one MFA option to access FIRST Services.
2. Team Members and Contributors with access to FIRST Services are required to have at least one MFA option to access FIRST Portal.
3. Guests are not affiliated with a FIRST team but can access FIRST Portal to apply for membership, register for an event, or access resources specific to volunteering with FIRST.

Sign Up

Proceed to the FIRST Portal sign-up page and click the Sign Up button.

E-mail Validation

In order to verify if you have an existing account, or should sign up for a new one, we must first verify ownership of your e-mail address.

Step 1

Fill out the E-mail Address field with the primary e-mail that you would like to use with your FIRST Portal account and click Request confirmation code.

A 9-digit confirmation code will be sent to this e-mail address. If you do not receive it, please check your junk/spam folder.

Step 2

You may click the confirmation link found in the message, or use the confirmation code on the next screen.

Profile Creation

If you do not have an existing profile, you may complete the creation of a new profile by providing your name and a password.

After a successful submission of the profile creation form, you should be redirected back to the Sign In page.

Sign In

You can sign-in to FIRST Portal using either your primary e-mail address or your FIRST username. If you just created your profile, you will need to create a username, so you should use the e-mail.

Step 1

Enter the username or primary e-mail, hit ENTER or click Continue.

Step 2

You will be prompted for your password, if you forgot it please skip to Password Recovery. If you are a SSO-enabled user and have already completed your Multi-Factor Authentication (MFA) configuration, you will be prompted for MFA next.

Enter your password hit ENTER or click Sign In.

After a successful sign-in, you will see the FIRST Portal home page, where you will find the services and actions available for your profile.

Recovery Codes

These codes can be used for self-service password reset or or updating multi-factor authentication in the event of a lost password or security device. Please ensure that you download them and securely store them, as they can be used for recovering access to your account.

Once generated they cannot be retrieved again, so make sure to copy them as you generate them the first time. You may, at any time, revoke your existing codes and generate new ones.

Select your FIRST.Org Username

You can always use the primary e-mail to authenticate to FIRST Services. Additionally, a unique and persistent FIRST.Org Username can be chosen from pre-selected options based on your name.

Once logged in, you can go to Account Security > Choose Username (button) to select your username.

Once selected, this username will be linked to your account and cannot be changed. In case you do not have any options available or the options presented are undesirable, please reach out to FIRST Infrastructure for assistance.

Multi-Factor Authentication

During the initial sign-in process, Team Members and Contributors will be asked to configure at least one Multi-Factor Authentication (MFA) device. MFA can be viewed and edited at the Account Security of SSO-eligible users.

The FIRST identity platform supports the following multi-factor options:

1. WebAuthn-compliant Security Keys / Biometrics (Most Secure / Preferred)

Supported Options: Most WebAuthn / FIDO2 compliant solutions should be supported. FIRST is unable to test all options / platforms. The following options have been successfully tested:

• Biometrics:
  • Apple FaceID / TouchID
  • Windows Hello
• Passkeys
• Hardware Authenticators: Titan Security Keys, Yubikeys

1. Under 'Add another authentication method' select 'Security Keys'.
2. Connect your Security Key and click Continue.
3. Follow the steps in your browser.
4. Name your Security Key to more easily identify it later.

2. One Time Password (OTP)

Supported Options: Most TOTP compliant solutions should be supported. However, FIRST is unable to test all options / platforms. The following options have been successfully tested:

• Auth0 Guardian (Android, iOS)
• Authy (Android, iOS)
• Duo Mobile (Android, iOS)
• FreeOTP (Android, iOS)
• Google Authenticator (Android, iOS)
• Microsoft Authenticator (Android, iOS
• YubiKey Authenticator (Android, iOS)

1. Under 'Add another authentication method' select 'One-Time Password (OTP) Authenticators'.
2. Scan the QR code that is shown with your preferred authenticator app
3. Enter a 6-digit OTP code and click Continue
4. (Optional) Enter a name for this OTP to more easily identify it later.

3. Auth0 Guardian (Mobile App)

Download and install the mobile app from the following links: Android and iOS. The mobile application supports push notifications.

1. Download and install the mobile app from the links shown.
2. Under 'Add another authentication method' select 'Auth0 Guardian App' and click Continue.
3. Scan the QR code that is shown with the Auth0 Guardian app.
4. (Optional) Enter a name for this Auth0 Guardian configuration to more easily identify it later.

Reset Multi-Factor Authentication Preferences

Should you lose access to your configured MFA options, you can update your MFA configuration through this reset procedure. At the Sign In screen there is a button to Reset MFA, which you can access without authentication. However, you will be required to confirm your e-mail first.

Once you have done so you need to validate this request using a Recovery Code or decrypting a message using your personal PGP key. The validation options should match your profile at this point: if you did not download your Recovery Codes or set your PGP key, those options will not be available. The fallback option is requesting FIRST support, which might rely on validating your ID through a secure channel.

After you validate the request, you will be redirected to your MFA Configuration page.

Password Recovery

If you do have a working profile within FIRST, but do not know the password, you can try the password recovery procedure, which can be accessed directly at portal.first.org/auth/pass.

If you have not verified your e-mail yet, you will be prompted for an E-mail Validation before continuing.

There are several password recovery options available, based on your account security information:

• You can use either your existing password (if you are just updating your password) or a Recovery Code.
• If you have a valid PGP key associated with your profile, you can receive an encrypted confirmation code. PGP keys must not be expired and have an encryption sub-key to be considered valid at FIRST Portal.
• If you are part of a Team, you can use the Team PGP Key for an encrypted confirmation code or request assistance from your team representative(s).
• If you cannot use any of the above options, you may request support from FIRST Infrastructure.

Inviting new Members to a Team

Only Team Representatives can invite new members to an existing team. Each team may have a maximum of two team representatives (a primary and a secondary) with the ability to invite new members and submit team updates at FIRST Portal. Existing members are listed at FIRST Membership > Team Members, which also enables the representative to update the team member's profile information.

At the Team Member Invitation page, clicking on the Invite new member will start the process of adding a new member to your team roster. You should set the member name and e-mail address, and optionally the member's public PGP key.

By submitting the invitation form, an invitation e-mail will be sent from FIRST Infrastructure <no-reply@first.org> with the subject FIRST.Org Team Member Invitation. It should contain an unique URL that the invited member will be able to use once to join the team.

If a PGP key is provided, the message will be encrypted alongside a secret unique URL that enables the user to join the team. If no PGP is provided, the team representative will be shown a confirmation code that they should securely transmit to the invited user.

Clicking on the invitation mail URL, the invited member should be able to join the team. The team representative may cancel any sent invitation or remove existing team members at any time.

Joining a Team

To be part of a team at FIRST Portal, a member must receive an invitation from the team representatives. Within the invitation a unique URL will lead to the invitation with the data provided by the team rep.

If you access the invitation link without authentication, you will be given an option to create a new profile within FIRST Portal already linked to this team. However, if you have already created your FIRST Portal profile, we encourage you to sign in and use the simplified version of the interface. A FIRST profile may be associated to multiple teams and even apply to a new membership (for example a Liaison membership).

Within the invitation, you will be prompted to confirm your agreement with the FIRST Privacy Policy and FIRST Code of Conduct and — if a PGP key was not used with your invitation— provide the confirmation code you should have received through a secure channel from your team representative.

Once confirmed you will be listed as a team member, and be granted access to services available to full FIRST team members.

Frequently Asked Questions

If your question is still unanswered, or you require special support, please contact FIRST Infrastructure Team.