2 Factor Authentication is configured in two spots:
- Configuration Keys
- Staff Details
Note: 2FA is enabled by Environment (QA, PROD), not by User – ensure ALL Staff have email/text entered before turning on!
Note: 2FA is by Staff login, not workstation and SMS is prioritized over email
- Cannot reorder prioritization
Configuration Keys
Set the following Configuration Keys:
EnableEmailNotifications – set to Yes
EnableMobileNotifications – set to Yes
EnableMobileTFA – set to Yes
Optional:
PromptForMobileTFAAfterTheseNumDays – controls how often Staff receives 2FA prompt. Numbers above 0 are how often Staff receive a 2FA prompt, in days. Default is 0 (zero). When the value is set to 2, a 2FA prompt will appear every two days.
- This is per Staff login, not workstation; will need to authenticate every time you login (regardless of workstation) if set to 0
- Values above 0 are 24 hour increments, not midnight to midnight
- If set to 2 and login Monday @ 11:43am, next prompt will be Wednesday @ 11:44am
Staff Details Screen
The following needs to be done for each staff member:
- Navigate to the Staff Details Screen.
- On the General tab, each staff member must have a phone number OR email address.
- Click the Staff Preferences tab.
- In the mobile section, ensure that there is a check mark next to Registered for SMS Notifications or Registered for Email Notifications
- Click Save.
Note: CalMHSA can give you a report of Staff who are missing Email/Phone
How 2 Factor Authentication Looks to the User
- Enter Username/Password as normal
- Click Login
- You will receive the following 2FA code either in a text or email.
- Enter the answer to your security question.
- Enter the code in the appropriate field.
- Click Submit.