How To: Require Two-Factor Authentication for All Users
TherapyNotes offers two-factor authentication (2FA) that requires users to enter their practice code, username, and password along with a temporary token generated on their phone or other personal device. Any user in TherapyNotes may enroll a device in 2FA on their own, but as a Practice Administrator, you can require every user in your practice to utilize 2FA to log in to TherapyNotes. Practice Administrators may also disable 2FA for individual users.
Before requiring 2FA for your entire practice, you must have 2FA enabled for your own account. To enroll, follow the instructions in How To: Set Up and Use Two-Factor Authentication.
To require all users to enroll in 2FA:
- Click the User Icon > Settings > Security
- Under Login Settings, select Require two-factor authentication for all practice users when logging in
- Click the Save Custom Security Settings button
If a user needs to disable 2FA temporarily, click Staff > Staff Name and click the Remove Two-Factor Authentication link under Security & Activity. The user will be required to re-enroll in 2FA upon their next login. If a user loses access to the device they use for two-factor authentication and must get in to their account, you must temporarily disable 2FA in your practice's settings until the user can successfully enroll in 2FA again.