2 Factor Authentication

2 Factor Authentication is configured in two spots:

  1. Configuration Keys
  2. Staff Details 

Note: 2FA is enabled by Environment (QA, PROD), not by User – ensure ALL Staff have email/text entered before turning on! 

 

Note: 2FA is by Staff login, not workstation and SMS is prioritized over email

  •            Cannot reorder prioritization

Configuration Keys

Set the following Configuration Keys:

EnableEmailNotifications – set to Yes

EnableMobileNotifications – set to Yes

EnableMobileTFA – set to Yes

Optional:

PromptForMobileTFAAfterTheseNumDays – controls how often Staff receives 2FA prompt. Numbers above 0 are how often Staff receive a 2FA prompt, in days. Default is 0 (zero). When the value is set to 2, a 2FA prompt will appear every two days.

  • This is per Staff login, not workstation; will need to authenticate every time you login (regardless of workstation) if set to 0
  • Values above 0 are 24 hour increments, not midnight to midnight
    • If set to 2 and login Monday @ 11:43am, next prompt will be Wednesday @ 11:44am

Staff Details Screen

The following needs to be done for each staff member:

  1. Navigate to the Staff Details Screen.
    1. On the General tab, each staff member must have a phone number OR email address. 
  1.  Click the Staff Preferences tab.
    1. In the mobile section, ensure that there is a check mark next to Registered for SMS Notifications or Registered for Email Notifications
  2. Click Save.

Note: CalMHSA can give you a report of Staff who are missing Email/Phone

How 2 Factor Authentication Looks to the User

  1. Enter Username/Password as normal
  2. Click Login
  1.  You will receive the following 2FA code either in a text or email. 
  1. Enter the answer to your security question.
  2. Enter the code in the appropriate field. 
  3. Click Submit.
NoteNote: ‘Remember Me’ does not do anything and can be skipped. This has no functionality related to 2FA.