How does Two Factor Authentication in iCM work?
At iCM security of the system is a top priority. All users of the system have an obligation to protect the content and adhere to HIPAA guidelines for safeguarding medical information. In this document we will discuss what happens if an employee attempts to sign in from an unrecognized device or computer. When this feature is turned on, the system will trigger additional authentication (or two-factor authentication) when your staff tries to login from an unrecognized computer or a computer that they haven't used for a while. The two-factor authentication further confirms the identity of the staff.
Two-factor authentication is a very simple concept and you may have already come across it while using online banking or logging into any credit card or e-commerce website. These sites ask you for your user ID and a password but they may also send you a text message or an email to confirm your identity.
Once this feature is turned on your staff will not be able to login from an unrecognized computer. They will be able to login only after going through the two-factor authentication in which the iCM will send a 4-6 digit code to the staff person's cell phone as a text message. Once they enter the code properly the staff will be able to login and that computer will be marked as a "recognized" computer. Other staff members will be able to login from that computer without going through this extra security since the computer is now recognized.
Here's how to enable your two factor authentication in iCM:
- The system administrator has access to setting the two-step authentication alert. From the main dashboard click/touch the small arrow next to his/her name.
- Click/touch settings to bring up the next screen.
- From here, find the setting called Unidentified Machine Authentication and then click/touch the small box to set this alert and hit Save.
Once the feature is turned on, make sure that your staff's Cell Phone field contains their number where they can receive text messages. If they don't have a cell phone then they will not be able to login from this computer as it is an unrecognized computer.
In this case the only way for this staff to be able to login from this computer would be to have another staff member (with a Cell Phone number in their profile) go through the login process, or an administrator can enter a Cell Phone number in this Staff's profile (as seen below).
You must make sure that staff has a cell phone number in their employee profile. Staff should also have an email listed for communication purposes.
It is recommended before this feature is turned on that at least one staff at each location have their phone number in the system to avoid a lock out.