Contents
ℹ️ REQUIREMENT
All Elation EHR users are
required to use multi-factor authentication for security and compliance purposes. Automatic activation dates will occur throughout the month of June, so look for further communication on your practice's designated deadline.
Click here to watch the latest webinar about this requirement.
Overview
What is multi-factor authentication (MFA)?
Multi-factor authentication (MFA) is a security process that requires two or more verification methods to access an application or online account.
Elation's multi-factor authentication feature requires all users to enter their login email address and password as the first authentication method and at least one additional authentication factor in order to access their Elation EHR account.
What are the benefits of using multi-factor authentication with Elation?
Multi-factor authentication significantly lowers the risk of unauthorized access to sensitive patient data, supporting ongoing HIPAA compliance. Multi-factor authentication helps prevent cyber attackers from accessing your account by requiring both your login credentials and a verification factor—something they are unlikely to have, even during phishing attempts.
Which authentication factors are available for Elation?
There are currently 4 authentication factors you can use. Choose the authentication factor that is most suitable for your workflows. You are only required to set-up one of these, but we recommend setting up additional factors. This way you have a back up in case one becomes compromised or you run into issues using one of your authentication factors.
|
Authentication Factor
|
Verification Method
|
Use Case
|
Additional Considerations
|
|
Authenticator App
(i.e. Google Authenticator, Windows Authenticator, Authy, etc.). Click here for additional examples.
|
Enter a code that is generated from a mobile app.
|
- You always carry a mobile device (e.g. your phone) with you.
- You share computers with other users in your practice.
|
- Default option for most.
- You must have a smart phone or tablet.
- You can be locked out if your phone is lost or misplaced.
- Can be used across devices.
|
|
Okta Verify
|
Enter a code that is generated from the Okta Verify mobile app OR send a push notification to the Okta Verify mobile app.
|
- You always carry a mobile device (e.g. your phone) with you.
- You share computers with other users in your practice.
|
- You must have a smart phone or tablet.
- You can be locked out if your phone is lost or misplaced.
- Can be used across devices.
- Ideal option if your company/business uses Okta to manage the accounts you have access to.
|
|
Security Key or Biometric Authenticator
(i.e. password manager, Touch ID, Face ID, Windows Hello, etc.) Click here for additional examples.
|
Use a key stored on your computer/laptop OR a biometrics reader that is connected to your computer/laptop.
|
You access Elation on a single, personal device.
|
- Not suitable if you are working in multiple environments (e.g. home & office) on different devices.
- Can be more complex to set up.
Recommendation: Set up an additional authentication factor in case you need to access Elation on a different device.
|
|
Email Authentication
|
Enter a code sent to your login email address.
|
You are unable to use other authentication factors.
|
- Least secure.
- You can only set up Email Authentication when setting up authentication factors for the first time through the login screen workflow.
- If you are using Email Authentication as a backup, set up Email Authentication first.
- Verification code email can be blocked by IT or spam filters.
|
SMS or phone calls are not supported by Elation due to known vulnerabilities (e.g. SIM Swapping & phishing).
Set-up
Enabling multi-factor authentication for the practice
ℹ️ ADMIN USERS ONLY
To turn on multi-factor authentication:
| 1 | Go to Settings -> Security & Privacy. |
| 2 | Click Turn on. |
Setting up authentication factors
Click here for instructions on how to set up authentication factors.
Workflow Instructions
ℹ️ NOTE You cannot share accounts while using multi-factor authentication. Shared, or generic, user accounts or passwords are strictly prohibited by
Elation's Terms of Use and security policies. Individuals who use the EHR must log in using their own, unique account.
Signing in with multi-factor authentication
After multi-factor authentication is turned on, each time you log in to your Elation EHR account, you will be prompted to enter your login email address, password, and your authentication factor before you are granted access to your account.
-
If you have multiple authentication factors, click the ⏷ button to select the authentication factor you want to use.
-
Check off the Do not challenge me on this device for the next 24 hours box on the authentication screen if you want to bypass multi-factor authentication while logging in and out of Elation for the next 24 hours.
|
Authenticator App
* If you use an authenticator app other than Google Authenticator, you can still enter its code when prompted for a Google Authenticator code during login.
|
-
Enter your Elation login email address and password and then click Sign In.
-
Enter the 6 digit number that appears on your Google Authenticator app in the Enter Code field.
-
Click Verify to complete authentication and proceed to the Practice Home.
|
|
Okta Verify
|
-
Enter your Elation login email address and password and then click Sign In.
-
Click Send Push to send a notification to your Okta Verify app for you to confirm your identity.
-
Alternatively click Or enter code to enter the 6 digit number that appears on your Okta Verify app in the Enter Code field.
-
Click Verify to complete authentication and proceed to the Practice Home.
|
|
Security Key or Biometrics Authentication
|
-
Enter your Elation login email address and password and then click Sign In.
-
Follow the prompts on your screen to verify your identity and proceed to the Practice Home. Examples:
-
If you are using a Security Key that is saved via a browser extension to your password manager, then you may need to log in to your password manager in order for Elation to locate your Security Key.
-
If you are using Touch ID on a MacOS device then you will need to authenticate with your fingerprint.
|
|
Email
|
-
Enter your Elation login email address and password and then click Sign In.
-
Click Send me a code. Elation will send a verification code to the email address you use to log in to Elation.
-
Look for an email with the subject line One-time verification code.
-
Enter the 6 digit number from the email into the Verification code box.
-
Click Verify to complete authentication and proceed to the Practice Home.
|
Updating authentication factors
Click here for instructions on updating authentication factors.
Resetting authentication factors (if locked out)
Click here for instructions on resetting authentication factors if you are locked out of Elation.
Frequently Asked Questions (FAQ)
I am not able to sign in to Elation to reset my authentication factor. What should I do?
If you find yourself locked out, ask an Admin Level User in your practice to reset your authentication factors for you in the Manage Accounts settings page (click here for instructions). If you are the sole administrator of an Elation practice, click here to contact the Support Team. We will send you an email to verify your identity and reset your authentication factor(s) on your behalf.
PRO TIP: After you have successfully logged in, set up additional authentication factors as back up in case this happens again.
I set up an authentication factor but cannot log in to my Elation account, what should I do?
If you find yourself locked out, ask an Admin Level User in your practice to reset your authentication factors for you in the Manage Accounts settings page (click here for instructions).
For security reasons, Admin Level Users are responsible for resetting authentication factors for their practice; Elation will not readily do so on a user's behalf. If you are the sole administrator of an Elation practice, click here to contact the Support Team. We will send you an email to verify your identity and reset your authentication factor(s) on your behalf.
PRO TIP: After you have successfully logged in, set up additional authentication factors as back up in case this happens again.
Does the entire practice need to enroll in multi-factor authentication at the same time?
Each user must independently set up an authentication factor but it does not have to be done at the same time.
What language can I use to notify other users in my practice?
You can use the following sample language to notify your staff about enabling multi-factor authentication. Feel free to simply copy and paste this text into an email:
|
Hello!
Our practice will be turning on a new security feature for the Elation app which requires your attention. On (insert date), when you log into Elation, you will be prompted to set up additional authentication information that you’ll use going forward to get into Elation. Set-up should only take a few minutes, but will be necessary to get access to Elation.
Before our implementation date, please go to this Help Center article and read through the instructions. Note that we are recommending (insert Google Authenticator or Okta Verify if you’d like all your users to use a specific method), so focus on that specific material in the article. Note that you can set your authentication factor(s) up by going to Settings, Account Details and following directions under Setup. If you have any questions, feel free to contact me or submit an “I need help” ticket directly through the Elation app and reference “MFA help”.
We will be turning on this feature at (insert time of day you will enable) on (insert date again), so please be prepared for this additional step to login by that time.
Thank you for your help in ensuring our patient data stays secure and compliant!
Your Signature / desired sign-off
|
Which Authenticator Apps can I use?
Any Authenticator App that uses the same TOTP (Time-Based One-Time Password) algorithm as Google Authenticator can be used. Common TOTP Apps include:
- Google Authenticator
- Microsoft Authenticator
- Symantec VIP Access (mobile app)
- Authy
- Duo Mobile
- 1Password (with integrated TOTP support)
- LastPass Authenticator
- FreeOTP
- andOTP
- OTP Auth
Which Security Keys & Biometric Authenticators can I use?
Any software or hardware that verifies your identity using public-key cryptography can be used. Common examples include:
- Password managers that store a Security Key (e.g. 1Password, LastPass, etc.)
- Windows Hello (pin)
- YubiKey
- Feitian ePass / K27 / BioPass
- Google Titan Security Key
- SoloKey
- Thetis FIDO U2F Key
- OnlyKey
- MacBook Touch ID
- Apple Face ID
- Windows Hello fingerprint
- Windows Hello Face
- USB fingerprint readers
Can I set up more than one authentication factor for a single account?
Yes, you can set up more than one authentication factor for a single account and this is recommended practice. Note that you can only set up one of each type of factor (e.g. one Authenticator App, one Security Key). You can follow these instructions to learn how to choose which factor you want to use when logging in.
How often do I have to re-authenticate when using multi-factor authentication to log in?
By default, you are required to re-authenticate each time you log in. Check off the Do not challenge me on this device for the next 24 hours box if you want to bypass multi-factor authentication while logging in and out of Elation for the next 24 hours.
If your account is logged out due to inactivity, you’ll need to re-authenticate unless you previously chose to skip authentication for 24 hours and that time hasn’t fully elapsed.
Will multi-factor authentication still allow me to be logged in to multiple places at the same time?
Yes, you can still be logged in to multiple places at the same time.
How do I update my authentication factor(s)?
Click here for instructions on updating authentication factors.
If I choose to use Email Authentication, do I have to use the email address associated with my Elation account?
Yes, when using the Email Authentication option for multi-factor authentication, the email account must be the email address you use to log in to your Elation account.
To use a different email for Email Authentication, update your login email address from your Account Details Settings page in Elation first.
Why am I unable to set up Email Authentication from my Elation Settings?
Email Authentication is deemed as the least secure authentication method; therefore, we want you to set up a more secure authentication factor when possible. However, if Email Authentication is the only authentication factor you can use, log out of your Elation account and you’ll be able to set up Email Authentication from the login screen.
I am setting up Email Authentication but I have not received the email with my Verification Code, what should I do?
If you did not receive the email with the Verification Code, click Send again on the verify screen in Elation to prompt Elation to email the code to you again. If you continue to not receive the email, click here to contact the Support Team.
Can I use SMS as an authentication factor?
Security research has shown that SMS is less secure than other authentication factors. It is possible for your cell phone number to be compromised in a “SIM Swap” attack, where a bad actor tricks your carrier to port over your phone number to them. When a bad actor has access to your phone number, they can then receive the security codes used for multi-factor authentication, increasing their chances of successfully gaining unauthorized access to your account. As a result, Elation decided to only support other more secure factors for multi-factor authentication.
Can I use the single sign-on feature with multi-factor authentication?
If your organization uses its own single sign-on (SSO) provider to access Elation, all the security—like checking your password and asking for a verification code—is already handled by your company. As a result, you will not be required to use Elation’s built-in MFA feature.
Learn more about the Single Sign-On feature through our User Accounts Guide – Using Single Sign-On to access your Elation EHR account Help Center article.
My scribe needs to login to complete my visit notes daily. How do I give them access to my authentication factor?
You cannot share accounts while using multi-factor authentication. It's important to highlight that shared, or generic, user accounts or passwords are strictly prohibited by Elation's Terms of Use and security policies. Individuals who use the EHR must log in using their own, unique account.
Will I need to use my authentication factor when logging in to Elation Go (Elation's mobile application)?
Yes, you will need to use my authentication factor when logging in to Elation Go.
Will patients need to use multi-factor authentication for their Patient Passport account?
No, patients will not need to use multi-factor authentication for their Patient Passport account.
Related Articles
