Clinigence clients can implement an advanced credentialing model for accessing Clinigence applications. This requires Multi-factor Authentication (MFA) in addition to the username + password login requirements. If implemented for an organization, all users in the organization are required to enter the MFA code at login.
MFA Use Cases and Availability
The Clinigence Health platform provides services and products for a variety of health care organizations and user types including individual practices, health care systems, ACOs, IPAs, front office personnel, care providers, care coordinators, data analysts and healthcare executives. The multi-factor authentication feature is offered and applicable to all users and applications.
MFA Implementation
MFA is implemented in the Clinigence applications as follows:
Each user can select the method of authentication code delivery:
- Email - must be the same email associated with the login account
- Google Authenticator
PIN codes are:
- Minimum of 5 digits
- Not all same digit (11111 not allowed)
- Not more than three consecutive digits (1234888 not allowed)
On the next login attempt after the MFA has been setup for the organization, the user will see the following after successfully entering their username and password:
This screen will not appear again for the user unless an administrator resets the user's MFA setting. So if a user initially chooses the email method, then wishes to change to the Google Authenticator method, they will need the organization administrator to reset their MFA option on the user's account setup screen.
Email Code Delivery
If the user selects the Email method, an email with a code will be sent to the user and the user will see the code entry screen after successfully entering the username and password.
Activating Google Authenticator
If the user selected the Google Authenticator option, they must first install the Google Authenticator app, then setup the Clinigence account in the app using the QR Code supplied by Clinigence via the login dialog. This requires the user to make two successive code entries to make sure it is working correctly (and that they understand how to use it). If they enter the codes incorrectly they are allowed re-tries. If they enter the codes correctly, they gain access to the system.
After the user has a delivery method saved, the code request occurs automatically and the code entry screen appears after their initial login.
Entering the Code
The MFA code is entered via this screen. If the user fails to enter the code five times, their account will be locked for 15 minutes. The start over link takes them to the Login Screen, logged out, and the authentication code expired.
