Multi-Factor Authentication ( MFA ) Follow

 

What is multi-factor authentication?

Multi-factor authentication (MFA) is a way of verifying users that requires more than one step to complete. Users can’t log in with just their username and password: an additional “factor” is required, such as a code sent via SMS or obtained from an Authenticator app. This ensures users are strongly authenticated and prevents bad actors from accessing an account even if they have acquired the username and password.

 

How does it work ?

  1. Log in to practice admin as usual.
  2. You will be prompted to complete multi-factor authentication.
  3. If this is your first time logging in, you will receive a verification code via email.
  4. Copy the code from the email and paste it into the authenticator.
  5. For enhanced security, you will have the option to set up additional authentication methods after your first login.
  •  

Example MFA - Email OTP

Email OTP is the default MFA if you haven’t enrolled in other MFA methods.

Step 1: Login as normal to practice admin

Step 2: Authenticator Screen

After successfully logging in you will be presented with the following MFA screen.

Step 2 Authenticator Screen.png

 

Step 3: Check your email for Authentication Code

Check the email used to login to your practice admin account for the Authentication Code.

Step 3 Check your email for Authentication Code.png

 

Step 4: Enter the Authentication Code

Enter the Authentication code to complete your MFA login to practice admin.

Step 4 Enter the Authentication Code.png

 

 

Alternative Authenticators

You can enrol in different authenticators for your account in Practice Admin by navigating to Account, then Authenticators.

 

Update Authenticators.png

 

Once you are in here, select 'Set up Authenticators':

 

Enter in the the OTP sent to your email when prompted, then select your chosen authentication method.

Please note: If your email has been temporarily whitelisted, you do not need to retrieve a code here.

 

Picture1.png

 

In this example, we are setting up an authenticator app. If you don't yet have the app installed on your mobile phone, click into one of the options shown below in your Practice Admin and you'll be able to scan a QR code and download to your device:

Picture2.png

Once you have downloaded & logged into the app, get it ready to add a new account via scanning a QR code, and click 'Continue' in your Practice Admin. 

You'll then be able to scan the QR code shown with your authenticator app, and you'll need to enter the 6-digit code given to you here. Upon success, you'll see the below message:

Picture3.png

 

MFA Options

Email OTP

Email OTP stands for Email One-Time Password. It's a security measure where a unique, time-sensitive code is sent to your registered email address to verify your identity.  This is the default authenticator is you have no others enrolled.

Authenticator app authentication

Authenticator apps are installed on your device and generate codes which are valid for a limited time and which can be entered as the additional factor. Examples of popular authenticator apps include Google Authenticator, Microsoft Authenticator and Authy (from Twilio).

Passkey authentication (Recommended)

Passkeys are a replacement for passwords. A password is something that can be remembered and typed, and a passkey is a secret stored on your device, unlocked with a biometric sensor (such as a fingerprint or facial recognition), PIN, or pattern, freeing you from having to remember and manage passwords.

Security key authentication

A security key can take many forms. These can include biometrics like a fingerprint, iris or voice. Common implementations of these are found on your device like FaceID or Windows Hello. Another option is to use a physical security key device, like a YubiKey (external link that opens in a new tab), that can be used over USB or NFC.

The technology that enables authentication through security keys is called WebAuthn and works on all modern browsers. For more information, visit WebAuthn (external link that opens in a new tab).

Article is closed for comments.

Comments

Have more questions? Submit a request