FIRST Portal and Identity Solution

FIRST services and membership resources are all available via FIRST Portal (portal.first.org). Access to these services is controlled via an identity and access management system where members and contributors authenticate using single sign-on (SSO) with Multi-Factor Authentication (MFA).

This is a guide and troubleshooting page for onboarding into the FIRST Portal and configuring MFA credentials (if you are an eligible member).

Roles at FIRST Portal

These are the basic roles within FIRST Portal:

  1. Team Representatives and Liaisons have the ability to manage their team and member information, support onboarding their members, and view and pay team dues invoices. Representatives are required to set up at least one MFA option to access FIRST Services.
  2. Team Members and Contributors with access to FIRST Services are required to have at least one MFA option to access FIRST Portal.
  3. Guests are not affiliated with a FIRST team but can access FIRST Portal to apply for membership, register for an event, or access resources specific to volunteering with FIRST.

Note:

  • If is the first time you are accessing FIRST Portal, or you are unsure of your role, or do not recall if you have an account, please proceed to the Sign up section.
  • If you were previously a liaison or a member of a different team, or have now become a liaison, you may reach out to FIRST Infrastructure for support with adjusting your existing profile. It is best if you do not sign-up for a new account.

Sign Up

Proceed to the FIRST Portal sign-up page and click the Sign Up button.

Portal Home Screen

E-mail Validation

In order to verify if you have an existing account, or should sign up for a new one, we must first verify ownership of your e-mail address.

Step 1

Fill out the E-mail Address field with the primary e-mail that you would like to use with your FIRST Portal account and click Request confirmation code.

E-mail Validation

A 9-digit confirmation code will be sent to this e-mail address. If you do not receive it, please check your junk/spam folder.

Step 2

You may click the confirmation link found in the message, or use the confirmation code on the next screen.

E-mail Confirmation Code

Note:

  • You do not have a FIRST Portal profile: you will be forwarded to the Profile Creation page.
  • You already have a FIRST Portal profile: you should be redirected back to the FIRST Portal home page with instructions on how to recover your account. If you need to recover your credentials please skip to Password Recovery.

Profile Creation

If you do not have an existing profile, you may complete the creation of a new profile by providing your name and a password.

Profile Creation

After a successful submission of the profile creation form, you should be redirected back to the Sign In page.

Sign In

You can sign-in to FIRST Portal using either your primary e-mail address or your FIRST username. If you just created your profile, you will need to create a username, so you should use the e-mail.

Note: The Remember me option will just store the last used username within browser storage, there are no cookies involved.

Step 1

Enter the username or primary e-mail, hit ENTER or click Continue.

Sign In to FIRST Portal

Step 2

You will be prompted for your password, if you forgot it please skip to Password Recovery. If you are a SSO-enabled user and have already completed your Multi-Factor Authentication (MFA) configuration, you will be prompted for MFA next.

Enter your password hit ENTER or click Sign In.

Sign In to FIRST Portal

After a successful sign-in, you will see the FIRST Portal home page, where you will find the services and actions available for your profile.

Sign In to FIRST Portal

Note:

  • We encourage you to generate and download your Recovery Codes (see how to do this on the next section), available from your profile menu and page, and store them securely. The Recovery Codes can be used for account recovery, alongside PGP keys.
  • We also encourage you to upload your PGP key or another secure communication method (like Keybase, Signal, or Threema), to your profile, as this is one way to perform password and MFA recovery and to communicate securely with other members. You can upload your PGP key at Account Security > Change PGP button, and list your Keybase, Signal, and/or Threema details at My Profile > Change Profile Information (button) > Other Communication (+).

FIRST Portal does not provide email based password recovery. If you lose your password and do not have either a Recovery Code or PGP key, you will be required to ask your team rep to reset your password or you will need to confirm your identity via a secure channel before the password can be reset.

Recovery Codes

These codes can be used for self-service password reset or or updating multi-factor authentication in the event of a lost password or security device. Please ensure that you download them and securely store them, as they can be used for recovering access to your account.

Recovery Codes

Once generated they cannot be retrieved again, so make sure to copy them as you generate them the first time. You may, at any time, revoke your existing codes and generate new ones.

Select your FIRST.Org Username

You can always use the primary e-mail to authenticate to FIRST Services. Additionally, a unique and persistent FIRST.Org Username can be chosen from pre-selected options based on your name.

Once logged in, you can go to Account Security > Choose Username (button) to select your username.

FIRST.Org Username selection

Once selected, this username will be linked to your account and cannot be changed. In case you do not have any options available or the options presented are undesirable, please reach out to FIRST Infrastructure for assistance.

Multi-Factor Authentication

During the initial sign-in process, Team Members and Contributors will be asked to configure at least one Multi-Factor Authentication (MFA) device. MFA can be viewed and edited at the Account Security of SSO-eligible users.

Multi-Factor Authentication

The FIRST identity platform supports the following multi-factor options:

1. WebAuthn-compliant Security Keys / Biometrics (Most Secure / Preferred)

Supported Options: Most WebAuthn / FIDO2 compliant solutions should be supported. FIRST is unable to test all options / platforms. The following options have been successfully tested:

  1. Under 'Add another authentication method' select 'Security Keys'.
  2. Connect your Security Key and click Continue.
  3. Follow the steps in your browser.
  4. Name your Security Key to more easily identify it later.

Security Keys

2. One Time Password (OTP)

Supported Options: Most TOTP compliant solutions should be supported. However, FIRST is unable to test all options / platforms. The following options have been successfully tested:

  1. Under 'Add another authentication method' select 'One-Time Password (OTP) Authenticators'.
  2. Scan the QR code that is shown with your preferred authenticator app
  3. Enter a 6-digit OTP code and click Continue
  4. (Optional) Enter a name for this OTP to more easily identify it later.

One Time Passwotd (OTP)

3. Auth0 Guardian (Mobile App)

Download and install the mobile app from the following links: Android and iOS. The mobile application supports push notifications.

  1. Download and install the mobile app from the links shown.
  2. Under 'Add another authentication method' select 'Auth0 Guardian App' and click Continue.
  3. Scan the QR code that is shown with the Auth0 Guardian app.
  4. (Optional) Enter a name for this Auth0 Guardian configuration to more easily identify it later.

Auth0 Guardian App Install Auth0 Guardian App QR Code example

Reset Multi-Factor Authentication Preferences

Should you lose access to your configured MFA options, you can update your MFA configuration through this reset procedure. At the Sign In screen there is a button to Reset MFA, which you can access without authentication. However, you will be required to confirm your e-mail first.

Reset MFA

Once you have done so you need to validate this request using a Recovery Code or decrypting a message using your personal PGP key. The validation options should match your profile at this point: if you did not download your Recovery Codes or set your PGP key, those options will not be available. The fallback option is requesting FIRST support, which might rely on validating your ID through a secure channel.

After you validate the request, you will be redirected to your MFA Configuration page.

Password Recovery

If you do have a working profile within FIRST, but do not know the password, you can try the password recovery procedure, which can be accessed directly at portal.first.org/auth/pass.

If you have not verified your e-mail yet, you will be prompted for an E-mail Validation before continuing.

Password Recovery

There are several password recovery options available, based on your account security information:

Inviting new Members to a Team

Only Team Representatives can invite new members to an existing team. Each team may have a maximum of two team representatives (a primary and a secondary) with the ability to invite new members and submit team updates at FIRST Portal. Existing members are listed at FIRST Membership > Team Members, which also enables the representative to update the team member's profile information.

Team Members

At the Team Member Invitation page, clicking on the Invite new member will start the process of adding a new member to your team roster. You should set the member name and e-mail address, and optionally the member's public PGP key.

Team Members Invitation

By submitting the invitation form, an invitation e-mail will be sent from FIRST Infrastructure <no-reply@first.org> with the subject FIRST.Org Team Member Invitation. It should contain an unique URL that the invited member will be able to use once to join the team.

If a PGP key is provided, the message will be encrypted alongside a secret unique URL that enables the user to join the team. If no PGP is provided, the team representative will be shown a confirmation code that they should securely transmit to the invited user.

Team Members Invitation - Confirmation Code

Clicking on the invitation mail URL, the invited member should be able to join the team. The team representative may cancel any sent invitation or remove existing team members at any time.

Joining a Team

To be part of a team at FIRST Portal, a member must receive an invitation from the team representatives. Within the invitation a unique URL will lead to the invitation with the data provided by the team rep.

Join a Team - signed out

If you access the invitation link without authentication, you will be given an option to create a new profile within FIRST Portal already linked to this team. However, if you have already created your FIRST Portal profile, we encourage you to sign in and use the simplified version of the interface. A FIRST profile may be associated to multiple teams and even apply to a new membership (for example a Liaison membership).

Join a Team - signed in

Within the invitation, you will be prompted to confirm your agreement with the FIRST Privacy Policy and FIRST Code of Conduct and — if a PGP key was not used with your invitation— provide the confirmation code you should have received through a secure channel from your team representative.

Once confirmed you will be listed as a team member, and be granted access to services available to full FIRST team members.

Frequently Asked Questions

If your question is still unanswered, or you require special support, please contact FIRST Infrastructure Team.

Do I need to setup a new account?

If your organization already has a FIRST team reach out to your Team Representative requesting an invitation or a temporary password to onboard. If you are unsure if your organization has a FIRST team, then you can access a full list of FIRST Teams here.

If you are not a member, but are a contributor to a Special Interest Group (SIG), working group, or committee and already have access to a FIRST mailing list, you should try Signing Up to FIRST Portal and use the e-mail that is subscribed to a mailing list. Please wait a few minutes for the synchronization process to catch up with your profile upgrade.

Most SIGs detail the requirements for joining, and most do not require FIRST Membership. In order to apply for a FIRST group, you will be requested to create an account at FIRST Portal.

If you just want to register for a FIRST event, or apply for a FIRST membership, and have not created an account on FIRST website before, you are welcome to setup a new account.

Why do I need to confirm my e-mail address?

You will be asked to confirm your e-mail address in order to prevent spam and bots and to verify your profile status. This does not authenticate you to use FIRST Portal. It is a means to check if you are a team member, have an existing account profile, determine if you already have a password, if you have access to FIRST services, or if you are a guest user.

What are the password setup/recovery options?

Mechanisms for setting your password:

I have lost or can no longer use the PGP key on file, can you update it with my new key?

Team and individual PGP key updates can be made from within Portal. If you need assistance updating your PGP key you can contact your team representative or sign a message to FIRST Infrastructure Team from your team key.

What if I have already set my password, but the services are still locked?

Most FIRST services require you to have configured and enabled MFA for your account. FIRST services requiring MFA should be available shortly after you have configured MFA.

What if I loose my MFA device / OTP and need to recover MFA?

It is recommended that you register two MFA mechanisms and configure Recovery Codes in the event that you lose one or it becomes unusable. If you need to perform MFA recovery, please use the Reset Multi-Factor Authentication Preferences and leverage a Recovery Code or PGP, and contact support if you run into any difficulties.

What are the supported MFA options?

1. WebAuthn-compliant Security Keys / Biometrics (Most Secure / Preferred)

Supported Options: Most WebAuthn / FIDO2 compliant solutions should be supported. FIRST is unable to test all options on all platforms. The following options have been successfully tested:

2. One Time Password (OTP)

Supported Options: Most tOTP compliant solutions should be supported. However, FIRST is unable to test all options on all platforms. The following options have been successfully tested:

3. Auth0 Guardian (Mobile App)

Android and iOS supports Push Notifications.

What if I have setup an OTP device, but it is not working?

Please ensure that your phone, tablet, or device has properly synchronized time and is correctly configured to the appropriate time zone. We suggest that devices be synchronized to the carrier/Internet time.

My question is not answered here, or I am having difficulties onboarding or using FIRST Portal or SSO-enabled services.

For additional support, questions, and/or comments, please email to open an issue with the FIRST Infrastructure Team.