Two Factor Authentication for Patient Portal

Article author
Michelle Craigie
  • Updated

What is the context?


Two factor authentication is an extra layer of security that has been introduced on the Patient portal. It enables patients to log into the portal using their login details and a verification code. Once the login details are entered, patients will be prompted for a validation code which is sent to their mobile device or email address which is registered on their demographic record. This will then allow patients to log into the portal.

How do I enable 2FA on the Patient Portal?


There are two ways that two-factor authentication can be enabled via the chamber.

The first option, is you can enable two-factor authentication chamber wide. This can be achieved by going to Admin > Configuration > Online Portal > Select tick box ‘Require two-factor authentication’.

2FA Location 1.gif

The second option is you can choose to enable two-factor authentication for individual companies. To do this you will need to navigate to Company > Find Company > Select relevant company > Company details > Patient Portal.

From here you can decide if the company requires two-factor authentication or to use the Chamber as default.  

2FA Company Location.gif

You can disable 2FA by going through the same process. Doing so will disable 2FA for the specific employer.

How do patients enable 2FA on the Patient Portal?


When patients log into the portal, they will complete the following steps to enable 2FA.

  1. Navigate to the Patient portal and enter login details 
  2. Patients will then be prompted to enter a validation code which has been sent to their mobile or email address.
  3. Submitting a correct validation code will complete the login process. 

What if the validation code does not work?


There are a few reasons why a validation code will not work. These include the following:

  1. The validation code has been entered incorrectly. 
  2. Too much time has elapsed since the validation code was sent to the mobile device or email address. In cases like this, a new validation code will need to resent. 

What if patients do not receive a validation code?


There can be a few reasons why a patient may not receive a validation code. Its recommended that patients complete the following: 

  1. Make sure their mobile number and email address are accurate on their demographic record.
  2. If using an email address, to check their junk/spam folder.
  3. If a validation code is not received then patients can request a new validation code by clicking on the hyperlink underneath the authentication box.

Click to resend.png

4. If patients do not receive a validation code after a few attempts then they will be prompted with an option to request for the validation code to be sent to their email address.

Resend via email.png

What if a patient loses access to their mobile or email address?


If a patient loses their mobile device or loses access to their email address then it is strongly recommended that the patient contacts the relevant health care service to get their details updated. This will ensure that patients continue to gain access to the portal without further issues.