Skip to main content

Overview

After your account is approved, your first login involves setting a secure password and configuring two-factor authentication (2FA). The platform enforces strong security defaults to protect sensitive patient data and clinic operations.

Setting your password

2
Check your email for the password setup invitation from the platform. Click the link to open the password setup page.
3
The invitation link expires after 7 days. If the link has expired, ask your clinic Admin to resend the invitation from the staff management panel.
4
Choose a strong password
5
Enter a password that meets the following requirements:
6
  • Minimum 8 characters
  • Use a mix of uppercase, lowercase, numbers, and symbols for best security
    • 7
    Use a password manager to generate and store a strong, unique password for your your account.
    8
    Confirm and save
    9
    Re-enter your password to confirm, then click Set Password. You will be redirected to the login page.

    Configuring two-factor authentication

    After your first successful login, the platform prompts you to set up two-factor authentication (2FA). This adds a second layer of security beyond your password.

    Available 2FA methods

    Email OTP

    A 6-digit code sent to your registered email. This is the default method enabled for all accounts.

    Authenticator App

    Time-based one-time passwords (TOTP) via apps like Google Authenticator or Authy.

    Passkeys

    Biometric authentication using FaceID or TouchID via the WebAuthn standard.

    Email OTP (default)

    Email OTP is automatically enabled when you set up 2FA. Each time you log in:
    1. Enter your email and password
    2. A 6-digit code is sent to your registered email
    3. Enter the code on the verification screen
    Email OTP codes are valid for 10 minutes. If the code expires, request a new one from the login screen.

    TOTP authenticator app

    For faster and offline-capable authentication, configure a TOTP authenticator app:
    2
    Go to Settings > Security > Two-Factor Authentication.
    3
    Select authenticator app
    4
    Choose Authenticator App as your 2FA method.
    5
    Scan the QR code
    6
    Open your authenticator app (Google Authenticator, Authy, or any TOTP-compatible app) and scan the QR code displayed on screen.
    7
    Enter the verification code
    8
    Type the 6-digit code from your authenticator app to confirm the setup.

    Passkeys (FaceID / TouchID)

    Passkeys provide the most seamless login experience using your device’s biometric capabilities:
    2
    Go to Settings > Security > Passkeys.
    3
    Register a passkey
    4
    Click Add Passkey and follow your browser’s prompts to register your device using FaceID, TouchID, or another WebAuthn-compatible method.
    5
    Confirm registration
    6
    Once registered, you can use your passkey as a second factor during login.
    You can register only one passkey per account. If you need to switch devices, remove the existing passkey from Settings > Security before registering a new one.

    Session security policies

    The platform enforces several session-level protections to keep your account safe:

    Login lockout

    If you enter the wrong password 5 times in a row, your account enters a 10-minute cooldown period. During this time, no login attempts are accepted — even with the correct credentials.
    The lockout timer resets automatically after 10 minutes. If you are locked out frequently, consider resetting your password.

    Single-session enforcement

    The platform allows only one active session per user at a time. If you log in on a new device or browser, your previous session is terminated automatically. This means:
    • You cannot be logged in on your desktop and phone simultaneously
    • Logging in on a new device immediately logs you out of the old one
    • There is no warning before the old session is ended

    Session timeout

    Your session automatically expires after 30 minutes of inactivity. When your session times out:
    1. You are redirected to the login page
    2. Any unsaved work may be lost
    3. You must re-authenticate with your password and 2FA
    Save your work frequently, especially if you step away from your desk. The 30-minute timeout is designed to protect patient data in shared clinic environments.

    Frequently asked questions

    No. Two-factor authentication is mandatory for all your accounts to comply with data security requirements for healthcare platforms.
    Contact your clinic Admin or our support team to regain access. They can reset your 2FA so you can reconfigure it from a new device.
    Yes. You can have email OTP, an authenticator app, and passkeys all configured simultaneously. During login, you choose which method to use.