Excluding Users from MFA

Multi-Factor Authentication User Guide

Client API Integrations

If you have built any custom integrations that use the REST API and require automatic, programmatic access, most likely you will want to exclude the user tied with the integration from MFA. No additional development is needed. See Excluding Users from MFA. If your custom integration still interacts with the user, you can elect to handle the multifactor signatures and codes manually. Because of the nature of multifactor authentication, Basic HTTP Auth is not supported when MFA is enabled. Instead invoke the /users/_login and /users/_logout endpoints to perform session-based auth. Using the TOTP API Integration Using the TOTP API integration. Using the Duo API Integration Using the Duo Universal API Integration Using the Duo Universal API integration Parent topic: Limitations of MFA

Multi-Factor Authentication User Guide

Resetting TOTP User Credentials

If a user gets a new device or for any reason can no longer access the key saved in the authenticator app, an administrator can reset the user's MFA credentials from the settings page. Upon next login, the user will be shown a new QR code and will need to import it into the new device. Selecting a user from the Multi-Factor Authentication Settings and then selecting Reset User Credentials from the MFA Tasks pane Parent topic: Using TOTP Multi-Factor Authentication

Multi-Factor Authentication User Guide

Configure Duo Integration Settings

Log on to the Mirth® Connect by NextGen Healthcare Administrator, and open the Settings view: Selecting the Settings View Select the MFA settings tab to view the current Multi-Factor Authentication Settings. Next to Enabled, select Yes to enable MFA. Next to MFA Type, select Duo. Copy the Client ID, Client Secret, and API Hostname from the Duo Admin Panel. Copying Values from the Duo Admin Panel When you are done, select the Save task on the left-hand side to save changes. Parent topic: Using Duo Multi-Factor Authentication

Multi-Factor Authentication User Guide

Client API Browser

You can still access the Client API documentation and browse the various methods available. However, logging in and testing operations from this browser using an MFA-enabled user is not yet supported. However, if the user is excluded from MFA, see Excluding Users from MFA, then that user will still be able to log on and perform actions here. Mirth Connect window with sign in fields and links to documentation Parent topic: Limitations of MFA

Multi-Factor Authentication User Guide

Web Dashboard

Logging into the Web Dashboard with an MFA-enabled user is not yet supported. However, if the user is excluded from MFA, then that user will still be able to login here. Web Dashboard Sign In Panel Parent topic: Limitations of MFA

Multi-Factor Authentication User Guide

Using TOTP Multi-Factor Authentication

Configure TOTP Integration Settings TOTP User Enrollment Logging In With TOTP Resetting TOTP User Credentials Preventing Brute-Force Attacks Configure TOTP Integration Settings TOTP User Enrollment Logging In With TOTP Resetting TOTP User Credentials Preventing Brute-Force Attacks

Excluding Users from MFA

Recommendations

Client API Integrations

Resetting TOTP User Credentials

Configure Duo Integration Settings

Client API Browser

Web Dashboard

Using TOTP Multi-Factor Authentication

Client API Integrations

Resetting TOTP User Credentials

Configure Duo Integration Settings

Client API Browser

Web Dashboard

Using TOTP Multi-Factor Authentication