Force Multi-Factor Authentication MFA/2FA User Experience
The Enterprise Health system supports Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA) using one-time passwords (OTP):
- Via authentication using an external device or app that generates the OTP
- Via authentication based on an email that generates the OTP
For information on system administrator configuration of MFA/2FA for the system and options, please refer to guide Multi-Factor Authentication MFA/Require 2FA Configuration.
Force MFA/2FA Security Permission
This guide is an overview of the ‘Force’ permission to Require 2FA security permission. It requires an external device/authentication app by the user.
However, a permission to ‘Encourage’ to have users login using WebChart EHR Multi-Factor Authentication (MFA) or 2FA is available and an overview of its user experience is in a separate guide. Systems that utilize SSO (single sign-on) will not be affected.
User Experience as ‘Force’ security permission users for Require 2FA
The user manually logs in with their username/email and then keys in their unique password.
The next screen regarding MFA/2FA will display contents based on what the system wide system setting for Use 2FA is configured to.
Then, users get a screen (after keying in their username and password) to set up MFA/2FA. Note: Users are forced to create & setup their MFA/2FA. They cannot bypass it.
Setting up MFA/2FA
System Wide Setting Value 3 (allow both HOTP or TOTP) what user sees when logging in:
System setting ‘Use 2FA’ is set to value 3 (offers either HOTP or TOTP for the user to select):
The User should click the Create button to advance.
System Wide Setting Value 2 (allow only TOTP) what user sees when logging in:
System setting ‘Use 2FA’ is set to value 2 (TOTP time based):
SystemWide Setting Value 1 (allow only HOTP) what user sees when logging in:
System setting ‘Use 2FA’ is set to value 1 (HOTP counter based):
Scan Barcode with Authentication Device App
Make sure to have some authenticator app installed on your external device/phone (ex: Google Authenticator, Microsoft Authenticator).
- On the Enterprise Health system
screen:
- Select Yes for Does device support scanning a barcode
- It is recommended to utilize Time Based
- Click the Create button
The Enterprise Health system will generate a unique QR code and displays that on the next screen upon clicking the Create button.
On your external device (ex: smartphone), open the authenticator app you utilize (ex: Google Authenticator, Microsoft Authenticator).
- Within the authenticator app, there is an icon ability to ‘Scan a QR code’.
- Point the device camera to the QR code on the Enterprise Health system screen.
- Your device authenticator app will now display a unique 6-digit OTP (one-time password) for you to use.
Go back to Enterprise Health system screen and Enter the OTP from your device. Next, click the Complete Setup button.
If successful, you will see that your 2 Step Verification setup is now complete. Click the Continue button.
You will now advance and gain access into the Enterprise Health system.
Cannot Scan Barcode with Authentication Device App
Make sure to have some authenticator app installed on your external device/phone (ex: Google Authenticator, Microsoft Authenticator).
- On the Enterprise Health system
screen:
- Select No for Does device support scanning a barcode
- It is recommended to utilize Time Based
- Click the Create button
The Enterprise Health system will generate a unique secret Key and displays that on the next screen upon clicking the* Create* button.
On your external device (ex: smartphone), open the authenticator app you utilize (ex: Google Authenticator, Microsoft Authenticator).
- Within the authenticator app, there is an ability to ‘add a new account’ typically found within a plus (+) button.
- Click, within the authenticator app, what kind of account you are adding.
- Then select the option, within the authenticator app, to manually enter a setup key instead of scanning a QR barcode.
- Enter the account details by giving it an account name, enter in the
Key that the Enterprise Health system
generated on the Enterprise Health login
screen. Make sure to type it exactly as it appears.
- Tap the Finish button or ‘add’ or the checkmark within the authenticator app to save the account.
- Your device authenticator app will now display a unique 6-digit OTP (one-time password) for you to use.
Go back to Enterprise Health system screen and Enter the OTP from your device. Next, click the Complete Setup button.
If successful, you will see that your 2 Step Verification account setup is now complete. Click the Continue button.
You will now advance and gain access into the Enterprise Health system.
MFA/2FA Account Setup on an Authenticator
Once the user has setup their MFA/2FA account on an external device authenticator app, the next time they log in to the system, they will not have to create a new MFA/2FA account. They will get a screen (after manually keying in username & password), to key in a new OTP from their authenticator app on their external device.
The user would open up their authenticator app on their other device, get the random generated 6 digit OTP from their authenticator app, and key it into the Enterprise Health system extra authentication needed screen.
Additional Resources
- Multi-Factor Authentication MFA/Require 2FA System Configuration
- Encourage Multi-Factor Authentication MFA/2FA User Experience
- One Time Password Authentication via Email User Experience
Enterprise Health Documentation
Last Updated:
Last Build:
Tue, 11 Nov 2025 22:15:30 UTC
WikiGDrive Version: v2.15.27