Overview

Two Factor Authentication (2FA) is an added security feature that provides an extra layer of protection to the user accounts in your Virtual Practice. Enabling two-factor authentication means that Virtual Practice will ask for an additional code, in addition to email and password, when authenticating.

This code will be generated by an authenticator app (e.g. Google Authenticator App, Authy, Microsoft Authenticator) that you can install on your phone.

Enabling 2FA for User Accounts

To enable 2FA for your Team Users and Patients, go to the Two Factor Authentication section on the Settings page of your Virtual Practice. You can choose to make the feature Mandatory or Optional for both user types.

If you choose the Mandatory option, all users will be required to set up 2FA in order to login and access the Virtual Practice.

If set as optional, users will have the choice to skip the authentication process while logging in. By default, the prompt for 2FA settings during login will be ON. If you wish to turn this OFF during the login flow, simply deselect the option ‘Prompt for 2FA Settings in Login also’.

Note: Remember to click the ‘SAVE’ button to apply any changes.

How Does Two-Step Verification Work?

Step 1: Enter your Log-In credentials

Enter your registered email ID or phone number and your password to Log In to the Virtual Practice Application.

Step 2: Setting up Two-Factor Authentication using Authentication Apps

• Once your Log-In credentials are verified, the system prompts you to set up the 2FA. This additional layer of security prevents unauthorized access even if someone manages to obtain your login credentials.
• You have the option to use a time-based authentication app such as Google Authenticator, Authy, or Microsoft Authenticator. These apps generate time-based one-time codes (TOTPs) that are needed for the second verification step.
• During the initial 2FA setup, you’ll be presented with a QR code containing setup information. You can scan this QR code using your chosen authentication app, which automatically configures it and generates the verification code for you. Alternatively, you can manually enter the provided Verification code into your authentication app.
• The 6-digit verification code from the authentication app can be pasted on the space provided and click Sign in.

Subsequent Logins with Two-Step Verification

Once you have set up two-step verification (2FA) for your account, the process for subsequent logins involves an extra layer of security through the verification code generated by your authentication app.

• After entering your Log-In credentials, the system will prompt you to provide a verification code from the authentication app you previously set up (e.g., Google Authenticator, Authy or Microsoft Authenticator).
• The Authentication app displaysa new six-digit verification code that is unique to your account.
• Enter the Six-digit Verification code on the Virtual Practice Login screen and Click Sign In.

Reset Two-Factor Authentication

There may be instances where the users need to reset the  Two-Factor Authentication settings.  For added convenience, there is the ability to reset Two-Factor Authentication from the Login page. It is important to note the  Primary Account Owner of the Virtual Practice will need to approve any requests to reset  Two-Factor Authentication.  They will need to approve the request and a verification link will be triggered to the users to reset the Two-Factor Authentication.

After entering the login credentials, click Reset Two-Factor Authentication and confirm the action.

This will send a request to Primary Account Owner through the supported notification channels to verify the Two-Factor Authentication request.

The Primary Account Owner can navigate to the user’s profile (Patient or Team User), and after confirming the request’s authenticity, the user can approve or reject it.

The user who initiated the Two-Factor Authentication request will receive a verification link via the supported notification channels after the Primary Account Owner approved the request.

When the user clicks the verification link, they will be prompted to enter their login credentials, allowing them to reset the Two-Factor Authentication.

Note: Users who have previously set up Two-Factor Authentication for their accounts will not have the Skip option; they will always be required to submit Two-Factor Authentication verification, even if the prompt is enabled. If Two-Factor Authentication is set as optional for the Virtual Practice, users can skip the Verification procedure when resetting the 2FA after getting the approval from the Virtual Practice Owner. In addition, if the prompt for Two-Factor Authentication is turned ‘OFF’ in the log in flow, users can log in directly to the application after the Two-Factor Authentication reset request has been validated.