Hi,
As it is pretty much general policy that the use of remote access and cloud services in healthcare require a multi-factor authentication to be set for access.
Is it possible to make this a requirement for new users to set up, or is it possible to at least allow us as a company to have it so new users must set up MFA in order to create their login?
Many Thanks
I would prefer this also, despite asking all users to do this I managed to get 5 (incl. myself) out of 34 to use 2FA. I can turn blue in the face explaining cyber security but getting people to comply just isn’t easy.
It would help if as an Admin I could:
I would prefer this also, despite asking all users to do this I managed to get 5 (incl. myself) out of 34 to use 2FA. I can turn blue in the face explaining cyber security but getting people to comply just isn’t easy.
It would help if as an Admin I could:
Exactly, one practice has all but 1 who have set 2FA, but with multiple practices it is a whole task in itself to sit with each team until they do it.
It would be ideal and really in line with guidance to make this mandatory to create the account.
And The suggestion for level 4’s to be able to go in and reset the account I like.
Hi
Totally understand why you’d want to enable it practice-wide. I’ve also highlighted this request in our Feature Request widget on the Community homepage, as we’re keen to gather more feedback and real-world scenarios from other practices to support the team’s discovery work. If this would help your practice, please like this post and add a short comment about your policy/regulatory driver.
As a reminder, we already run risky/unusual sign-in detection, if we spot something suspicious, users receive an email to confirm or secure their account. Level-4 admins can also apply IP restrictions (limit logins to known locations). This is optional but can help if you’re not on SSO yet. Another option available today is to enable Single Sign-On (SSO) and enforce MFA in your identity provider, which effectively makes MFA mandatory for all users.
On your request to enforce 2FA at practice level (and related admin controls), I’ve shared this with our Product and Engineering teams so they can evaluate a practice-wide enforcement option. In the meantime, SSO + enforced MFA at your identity provider is the quickest way to meet policy requirements across all users.
I’ll keep this thread updated with any news. 😊
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
