Contents x
    Security Center
    • 26 Nov 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Contents

    Security Center

    • Updated on 26 Nov 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Article summary

    image.png

    Security Center

    The security center allows you to add new users, register devices, conduct security reviews and update settings.

    Tools in the Security center include:

    • Users:
      • Create and manage users and their roles.
        • Roles determine function access as well as record level access to PHI other information.
      • Inactive accounts are auto locked after 30 days.
    • Device Registrations:
      • Register user devices for streamlined, multi-factor authentication (MFA). Two-factor authentication is used by organizations to further enhance security for mobile devices. Enable two-factor authentication in your organization settings. Once enabled, users are sent a text message with an access code they must enter to complete their login. Access is denied if either their credentials or access code are invalid or the code has expired. Registering individual devices for single or all users is also supported to streamline this process and eliminate the need for text messages at each login.
    • Security Review:
      • Generate documentation to support regular security reviews, including:
      1. User accounts and their assigned roles.
      2. Security roles and their assigned permissions.
    • Settings:
      • Create and manage both organization and user settings.

    Multi-Factor Authentication (MFA):

    • MFA is turned on for all users by default when accessing Dr. Know unless setup otherwise by account owner.
    • MFA is supported via text messaging using the cell phone number associated with the user account.
    • Registered (company owned) devices can be excluded from MFA through a device registration process.

    About MFA:
    Each user account has a password. This represents the first authentication factor that the user has and satisfies the ‘something you know’ requirement of MFA.

    When MFA is enabled, users must also configure their mobile device # to be used as their 2nd form of authentication. This satisfies the ‘something you have’ requirement of MFA since the user will be sent a temporary access code to their mobile device, which must be entered after their password, to complete their login.

    What's Next