Components
Alert - Sign-in
Use with caution: candidateExamples
Required sign-in (verified)
View va-alert required sign in verified in Storybook
View va-alert required sign in verified in StorybookOptional sign-in (verified)
View va-alert optional sign in verified in Storybook
Optional sign-in (verified) No Prefill
View va-alert optional sign in verified no prefill in Storybook
Verify with ID.me
See the ID.me brand assets for buttons and branding guidelines.
View va-alert verify with id me in Storybook
Verify with Login.gov
See the Login.gov brand assets for buttons and branding guidelines.
View va-alert verify with login gov in Storybook
Sign in with a different account
See the Login.gov and ID.me brand assets for buttons and branding guidelines.
View va-alert sign in with another-account in Storybook
Usage
When to use Alert - Sign-in
- Static pages with entry points to online tools. The sign-in alert appears on a static unauthenticated VA.gov page and serves as the entry point to the tool’s authenticated experience. The Office of the Chief Technology Officer’s content/information architecture/accessibility team (CAIA) team manages these pages in Drupal. Work with CAIA to add the alert to the correct page.
- Form intro pages. The sign-in alert goes on the form intro page that the product team creates and manages. The URL for this page ends in /introduction. Exception: If your form is only accessible after signing in (meaning there is no unauthenticated state of the intro page), the sign-in alert must appear on the static unauthenticated page that serves as the entry point. Currently, this only applies to 2 forms in the /my-health section: the 1010EZR and the order form for CPAP and hearing aid supplies.
Placement
- For entry points to online tools, work with CAIA to determine placement on the static page. Placement may vary depending on the page structure. Always place the alert directly under a header that makes it clear what the user is signing in to do (for example, “Check your claim status online”).
- On form intro pages, place the alert directly after the process list or “what to know” section of the intro page. (Some forms have a process list and some have “what to know.” Refer to the form intro page template for that guidance.)
Behavior
Refer to the related sign-in pattern page for full guidance
Authentication level definitions
LOA levels
LOA (Level of Assurance): A measure of the strength of an authentication process defined by NIST. LOA refers to the level of confidence in a user’s claimed identity.
- LOA1 - Low-assurance level where self-asserted identity is acceptable with basic authentication
- LOA3 - High-assurance level requiring verified identity and strong authentication
IAL levels
IAL (Identity Assurance Level): A category defined by NIST that indicates the strength of the identity proofing process.
- IAL1 - Self-asserted identity with no verification required
- IAL2 - Identity verified either remotely or in-person with appropriate documentation
All products that only allow verified accounts must implement 1 of these 2 alert variations
Required sign-in (verified)
When these are true:
- Person is not signed in, and
- Your product requires people to sign in, and
- Your product only accepts verified (LOA3 or IAL2) accounts
Optional sign-in (verified)
When these are true:
- Person is not signed in, and
- Your product is a form, and
- Your product doesn’t require sign-in, but if people choose to sign in they must use verified (LOA3 or IAL2) accounts, and
- Your form supports both prefill and save-in-progress
All products that only allow verified accounts must implement all 3 of these alerts
Verify with ID.me
When these are true:
- Person is signed in with an unverified (LOA1 or IAL1) ID.me account, and
- Your product only accepts verified (LOA3 or IAL2) accounts
Verify with Login.gov
When these are true:
- Person is signed in with an unverified (LOA1 or IAL1) Login.gov account, and
- Your product only accepts verified (LOA3 or IAL2) accounts
Sign in with another account
This variation was used as we sunset MyHealtheVet credentials. However, a new version will be developed, if necessary, to handle the transition away from DS Logon credentials.
NOTE: DS Logon is to be sunset in September 2025.
Code usage
Attributes and Properties
headingLevel
heading-level
number
2
Header level for button wrapper. Must be between 1 and 6
noSignInLink
no-sign-in-link
string
For the ‘optional’ variant, the link to the form to complete without signing in
timeLimit
time-limit
string
'15 minutes'
For the ‘optional’ variant, how long the respondent has to submit their form
variant
variant
string
ASIVariants.signInRequired
Required. Determines the text content and border/background color. Must be one of “signInRequired”, “signInOptional”, “signInOptionalNoPrefill”, “signInEither”, “verifyIdMe”, or “verifyLoginGov”.
visible
visible
boolean
true
If true, the alert will be visible.
Content considerations
If your product fits one of these descriptions, you may need to adjust the standard sign-in alert component content for your situation:
- A product that either requires or allows sign-in, but accepts unverified accounts
- An online form that allows sign-in but does not support prefill
- An online form that allows sign-in and offers a different reason to sign in—like generating an automatic Intent to File (ITF)
- A health tool that requires registration with My HealtheVet (currently only applies to messages, medications, and medical records tools)
Work with the Content & IA and Identity teams to adjust the content in this component for your product. Refer to the Sign in and identity verification guidance for additional information on using consistent language around signing in to VA and verifying identity.
Accessibility considerations
- Do not assign an ARIA role. This alert is a static alert that exists on the page when the page gets loaded and thus doesn’t need a role.
- Use the appropriate branding images only. See the Login.gov brand assets for buttons and branding guidelines. No other images are appropriate for use in this component.
Any additional accessibility considerations should follow the parent Alert component guidance.
Related
Component checklist
Maturity
-
Guidance - Examples, usage, code usage, content considerations, and accessibility considerations are all complete.
-
Research - VFS team conducted research on this component which is linked from this page.
-
Stability - Component has been in production for more than 3 months with no significant issues found.
-
Adoption - Multiple teams have adopted this component.
Accessibility
For more information on each category, see Accessibility testing for design system components.
- Last audit date
- 2025-01-09
-
Code review - Pass
-
Readability - Conditional Pass
Note: This category is dependent on how you use this component. Test this for accessibility in your project.
-
Automated scans - Pass
-
Use of color - Pass
-
Text resizing, zoom, and magnification - Pass
-
Screen readers - Pass
-
Input and interaction methods - Pass
Code assets
-
Variations - Storybook includes all variations (style, size, orientation, optional iconography, selection, error state, etc.)
-
Responsive - Component depicted in all responsive breakpoints.
-
Interactive states - Includes all interactive states that are applicable (hover, active, focus, keyboard focus, disabled).
-
Tokens - All design attributes (color, typography, layout, etc.) are available as tokens.
-
Internationalization - Describes i18n attributes.
Visual assets
-
Variations - Figma library includes all variations (style, size, orientation, optional iconography, selection, error state, etc.)
-
Responsive - Component designed to work in all responsive breakpoints.
-
Interactive states - Includes all interactive states that are applicable (hover, active, focus, keyboard focus, disabled).
-
Tokens - All design attributes (color, typography, layout, etc.) are available as tokens.
Legend:
-
Complete -
Incomplete -
Not applicable