Contents
What is multi-factor authentication (MFA)?
Whenever you log in to a website, you may use one or more “authentication factors”. The most common factor used is a password, but you may also be familiar with websites that send you codes via a text message, an app on your phone, or even a physical token with a small display.
Authentication factors generally fall into one of three categories:
- Something you know (like your username, passwords or security question answers)
- Something you have (like an app on your phone or a phone that can receive text messages)
- Something you are (like a fingerprint)
Strong authentication systems require factors from two or more of these categories. Requiring an additional factor beyond just a password protects against some of the most common ways that accounts on the internet are compromised.
With Elation’s MFA functionality, you can require the users at your practice to add a second authentication factor to their account, significantly increasing the security of your EHR. With Elation's MFA functionality you can choose from the following authentication factors:
- Okta Verify (use a push notification sent to the Okta mobile app)
- Windows Hello (sign in using Windows Hello)
- Google Authenticator (enter single-use code from the Google Authenticator Mobile app)
- Email Authentication (enter a verification code sent to your email)
Enabling/disabling multi-factor authentication
Admin Users Only: To view the
Security & Privacy settings page, you must have administrator (Admin) level privileges. If you do not see
Security & Privacy in your Settings page, then you are not an Admin. To become an Admin, you must ask an existing Admin level user in your practice (most likely a primary provider level account holder) to grant you privileges via the
Manage Accounts settings page.
Multi-factor authentication settings can be found in the
Security & Privacy section of the Elation settings page. To enable multi-factor authentication, click the "Turn on" button.
If you decide that you do not wish to use MFA at some point in the future, the Security & Privacy section will also allow you to disable the functionality.
Once MFA has been enabled for your practice, all users will be prompted to set up their second authentication factor the next time they sign in to Elation EHR. The various MFA options will display for you to choose from and you can click "Set Up" to set up as many as you wish.
Once you finish setting up all of your authentication factors, click "Finish" to proceed to your Elation account.
After MFA is set up, each time you attempt to sign in to your Elation EHR account, you will be prompted to enter the corresponding authentication details before you are granted access to your account.
Resetting lost or broken authentication factors
If a user loses or replaces the device they are using for MFA, they will need to have their authentication factors reset. This can be done by a practice admin on the Manage Users page in practice settings by clicking the “Reset MFA” button next to the user's name. The user will be prompted to set up a new MFA device the next time they attempt to sign in to Elation.
Important note: For security reasons, Elation will not readily reset MFA factors on a user's behalf. Safely resetting factors requires high confidence that the person making the request is the actual user, and practice administrators are better able to make that verification. If you are the sole administrator of an Elation practice and require an MFA reset, please
click here to contact the Support Team, and we will see what assistance can be provided.
You can combine multi-factor authentication with the Single Sign-On feature to add even more security to your patient's data. Learn more about the Single Sign-On feature through our User Accounts Guide- Using Single-Sign On to access your Elation EHR account Help Center article.
I am not able to sign in to Elation to reset my MFA. What should I do?
For security reasons, Elation Support is unable to reset MFA factors on a user's behalf. Please ask a practice Admin level user to reset your MFA for you under the Manage Accounts settings page. If you are the sole administrator of an Elation practice and require an MFA reset, please click here to contact the Support Team, who can coordinate with our security team to reset your MFA settings. You will then be prompted to set up a new MFA device the next time you attempt to log in to Elation.
Can SMS be an option for MFA?
Security research has shown that SMS is less secure than other factors for MFA. It is possible for your cell phone number to be compromised in a “SIM Swap” attack, where a bad actor tricks your carrier to port over your phone number to them. When a bad actor has access to your phone number, they can then receive the security codes used for MFA, increasing their chances of successfully gaining unauthorized access to your account. As a result, we have decided to only support other more secure factors for MFA at Elation.
If I choose to use email for MFA, does it have to be the email address associated with my Elation account?
Yes, when using the Email Authentication option for MFA, the email account must be the email address that you use to log into your Elation account.
How often do I have to re-authenticate using MFA?
You are required to re-authenticate after every session. This means that once your account is logged out for inactivity, you will be required to re-authenticate your account using MFA the next time you sign in.
How do I update my MFA?
To update your MFA, please ask a practice Admin level user to reset your MFA for you under the Manage Accounts settings page. If you are the sole administrator of an Elation practice and require an MFA reset, please click here to contact the Support Team, who can coordinate with our security team to reset your MFA settings. The user will then be prompted to set up a new MFA device the next time they attempt to log in to Elation.
I have not received any authorization code to my email, what should I do?
If it is taking a while to receive your authorization code via email, you will have an option in the sign in process to have Elation re-send the code. If you are still unable to receive your authorization code have a resend, please click here to contact the Support Team.
I have enrolled for MFA but I can not log in to my Elation account, what should I do?
For security reasons, Elation Support is unable to reset MFA factors on a user's behalf. Please ask a practice Admin level user to reset your MFA for you under the Manage Accounts settings page. If you are the sole administrator of an Elation practice and require an MFA reset, please click here to contact the Support Team, who can coordinate with our security team to reset your MFA settings. You will then be prompted to set up a new MFA device the next time you attempt to log in to Elation.
Does the entire practice need to enroll in MFA at the same time?
MFA enrollment is completed on a per user basis the next time that user signs in to Elation, therefore the entire practice does not need to enroll in MFA at the same time.
Can I set up more than one MFA for a single account?
You cannot set up more than on authentication factor for a single account. For example, you cannot choose to use both Google Authenticator and Okta Verify to sign in to your Elation account; you can only choose one of the two.
Related Articles