Purpose and context
This guide aims to support the users of the PLM Portal - ePI in completing the registration steps to gain access to the platform to manage ePI.Important note: ePI roles are currently only available to participants in the ePI pilot project.
Pre-requisites to access the PLM portal – ePI
To sign into the PLM Portal - ePI you will need:
- an active EMA user account — How to create and manage an EMA account
- the organisation you are working for listed in EMA’s Organisation Management Service (OMS) — How to request access for your organisation
- ePI user access role(s) assigned to that account — How to request roles
The PLM Portal - ePI Identity Access Management has applicant roles, admin roles and regulator roles. A single user must have no more than two roles per organisation – one applicant role and one admin role.
Roles are assigned to single users and are granted at organisation level – not at ePI level. For instance, a user should not be referred to as an ‘Applicant Coordinator of ePI X’ and ‘Applicant Manager of ePI Y’. If a user holds the Applicant Coordinator role, s/he plays that role for the organisation on whose behalf s/he is acting. A user may be referred to as an ‘Applicant Coordinator of organisation X’ and ‘Applicant Manager of organisation Y’.
For every organisation you belong to, you can request a different role type. You can be contributor on ORG1 and, manager on ORG2 and ORG3, and coordinator on ORG4
Applicant roles
There are 3 applicant roles enabling different levels of access for management of ePI.
| User | Applicant role names | |
| in Production environment | in UAT environment | |
| Industry user(s) | ePI Applicant Contributor | uat_ePI Applicant Contributor |
| ePI Applicant Manager | uat_ePI Applicant Manager | |
| ePI Applicant Coordinator | uat_ePI Applicant Coordinator | |
The roles identified in the column above ‘in UAT environment’ are only needed when you are involved in a testing activity of the PLM Portal - ePI. Please note that participants in the pilot of the PLM Portal - ePI must request an applicant role from the ‘in Production environment’ column, even if previously assigned with a role ‘in UAT environment’.
Regulator roles
There are 4 regulator roles. Users with these roles work for EMA or an NCA and are able to approve or publish ePI on behalf of their authority.
| User | Regulator role names | |
| in Production environment | in UAT environment | |
| NCA user(s) | ePI NCA Approver | uat_ePI NCA Approver |
| ePI NCA Publisher | uat_ePI NCA Publisher | |
| EMA user(s) | ePI EMA Approver | uat_ePI EMA Approver |
| ePI EMA Publisher | uat_ePI EMA Publisher | |
The roles identified in the column above ‘in UAT environment’ are only needed when you are involved in a testing activity of the PLM Portal - ePI. Please note that participants in the pilot of the PLM Portal - ePI must request a regulator role from the ‘in Production environment’ column, even if previously assigned with a role ‘in UAT environment’.
Admin roles
There are 2 admin roles. Users with these roles are able to approve or reject roles requests from within their organisation.
| User | Admin role names |
| in Production & UAT environments | |
| Industry user(s) | IRIS / eAF Industry Admin |
| NCA user(s) | IRIS / eAF Competent Authority Admin |
| EMA user(s) | IRIS / eAF /ePI EMA Admin |
The admin roles are shared with the PLM Portal - eAF and the IRIS Portal.
If you are already have an admin role for IRIS or eAF, and if your organisation is participating in the ePI pilot, you will automatically be an admin-user for ePI.
The above roles can approve/reject ePI applicant or ePI regulator roles during the ePI pilot (although ePI is not mentioned in all role names).
The admin roles can approve/reject access roles requests in both Production and UAT environments.
Applicant and regulator roles
The table below summarises the operations that each applicant and regulator role can perform in the PLM Portal - ePI.
| Grant | ePI Applicant Contributor | ePI Applicant Manager | ePI Applicant Coordinator | ePI NCA Approver | ePI NCA Publisher | ePI EMA Approver | ePI EMA Publisher |
| Create ePI | û | ü | ü | û | û | û | û |
| Edit ePI you created/co-authored | ü | ü | ü | N/A | N/A | N/A | N/A |
| Edit all ePI of your organisation | û | û | ü | û | û | û | û |
| View/Export ePI you created/co-authored | ü | ü | ü | N/A | N/A | N/A | N/A |
| View/Export all ePI of your organisation | û | û | ü | ü | ü | ü | ü |
| Add co-authors to ePI you created/co-authored | û | ü | ü | N/A | N/A | N/A | N/A |
| Add co-authors to all ePI of your organisation | û | û | ü | û | û | û | û |
| Be added as a co-author | ü | ü | ü | û | û | û | û |
| Add/update translations to ePI you created/co-authored | ü | ü | ü | N/A | N/A | N/A | N/A |
| Add/update translations to all ePI of your organisation | û | û | ü | û | û | û | û |
| Change ePI status to Submission for ePI you created/co-authored | û | ü | ü | N/A | N/A | N/A | N/A |
| Change ePI status to Submission for all ePI of your organisation | û | û | ü | û | û | û | û |
| Change ePI status to Update for ePI you created/co-authored | û | ü | ü | N/A | N/A | N/A | N/A |
| Change ePI status to Update for all ePI of your organisation | û | û | ü | û | û | û | û |
| Approve ePI | û | û | û | ü | û | ü | û |
| Publish/Unpublish ePI | û | û | û | û | ü | û | ü |
| Delete ePI for ePI you created/co-authored | û | ü | ü | N/A | N/A | N/A | N/A |
| Delete all ePI of your organisation | û | û | ü | û | û | û | û |
Deactivate ePI | ü | ü | ü | N/A | N/A | N/A | N/A |
| Deactivate all ePI of your organisation | û | û | ü | ü | û | ü | û |
We recommend granting the role that allows the user to access only the resources necessary for its purpose. When requesting/granting roles keep in mind:
- The ePI Applicant Coordinator role can perform all actions on all ePI of a given organisation.
- The ePI Applicant Manager role can perform all actions on ePI they create or co-author.
- The ePI Applicant Contributor can edit ePI, but cannot create, submit or delete.
- Each Industry organisation should have at least one user with the ePI Applicant Coordinator role.
- A maximum of two roles are to be requested per individual user (one admin-related role and one applicant-related role).
Admin roles
The table below summarises the roles that each admin role can approve or reject for their organisation.
| Grant | IRIS / eAF Industry Admin | IRIS / eAF Competent Authority Admin | IRIS / eAF /ePI EMA Admin |
Can approve/reject role requests and remove roles for: - ePI Applicant Contributor | ü | û | û |
| Can approve/reject role requests and remove roles for: - ePI NCA Approver - uat_ePI NCA Approver - ePI NCA Publisher - uat_ePI NCA Publisher | û | ü | û |
| Can approve/reject role requests and remove roles for: - ePI EMA Approver - uat_ePI EMA Approver - ePI EMA Publisher - uat_ePI EMA Publisher | û | û | ü |
If organisations intend to have more than a user accessing the PLM Portal - ePI, then it is required that some user performs the access management for that organisation. In that case:
- Each industry organisation should have at least one user with the IRIS / eAF Industry Admin role;
- Each National Competent Authority should have at least one user with the IRIS / eAF Competent Authority Admin role.
How to request roles
Prior to the submission of access role(s) request(s), you must ensure that you have an active EMA account and that the organisation on whose behalf you will be acting is listed in the EMA’s Organisation Management Service (OMS).
To request ePI roles, first log in to EMA Access Management and next click on 'Request Access for Organizations'. This will enable you to find your organisation and request associated roles (see Request user access webpage ).
To learn more about ePI roles and which role to request, see ePI user access roles and Grants provided by user access roles.
Multifactor authentication when logging in to PLM portal
Logging into the PLM Portal requires multi-factor authentication (MFA).
This means that, in addition to the standard username and password, you are required to verify your identity with an additional authentication method. MFA adds a layer of security to access your account and it protects your data from being accessed by an unauthorised third party.
The additional authentication step can be using an app – the Microsoft Authenticator app – considered the most secure method. A SMS sent to a mobile phone number or calls to an office or a mobile phone number are other possible authentication methods. Please access My Account to manage/setup your MFA authentication methods.
Authentication steps when signing in to the PLM portal
1. On clicking Sign in at the PLM portal, pick an account
Important note: You must sign in with your username followed by @id.ema.europa.eu: for example, surname_n@id.ema.europa.eu
2. Enter password
Use the same EMA account password you use at the EMA Account Management portal.
3. Verify your identity
Select one of the following authentication methods to verify your identity:
- Microsoft Authenticator app
The authenticator app is considered the most secure and convenient authentication method. Use the Microsoft Authenticator app in your registered mobile device to prove who you are either by:
Approve a request on your Microsoft Authenticator app
You receive a notification in your registered mobile device, which will direct you to the Microsoft Authenticator app. There, a pop-up will be displayed which you must Approve/Deny the sign in attempt.
Use a verification code
In the Microsoft Authenticator app, every 30 seconds a verification code is generated. Enter the code generated in the Microsoft Authenticator app. - SMS
You receive a verification SMS code in your registered mobile phone. Add that code to sign in. - Call
You receive a phone call in your registered mobile phone. In the call, approve/deny the sign in attempt.
4. Set up of multifactor authentication
Access My Account to manage/setup your MFA authentication methods. In this link, you can find guidance on how to setup the above-mentioned authentication methods.
Support
Registration for PLM portal – ePI is currently restricted to ePI pilot participants only. Pilot participants experiencing any issue with user registration should contact their EMA/NCA contact person.