Using TOTP Multi-Factor Authentication
Configure TOTP Integration Settings
TOTP User Enrollment
Logging In With TOTP
Resetting TOTP User Credentials
Preventing Brute-Force Attacks
Configure TOTP Integration Settings
TOTP User Enrollment
Logging In With TOTP
Resetting TOTP User Credentials
Preventing Brute-Force Attacks
Recommendations
Explore
Multi-Factor Authentication User Guide
Resetting TOTP User Credentials
If a user gets a new device or for any reason can no longer access the key saved in the authenticator app, an administrator can reset the user's MFA credentials from the settings page. Upon next login, the user will be shown a new QR code and will need to import it into the new device. Selecting a user from the Multi-Factor Authentication Settings and then selecting Reset User Credentials from the MFA Tasks pane Parent topic: Using TOTP Multi-Factor Authentication
Multi-Factor Authentication User Guide
TOTP User Enrollment
After TOTP multi-factor authentication is enabled, your next log on prompts you to enroll with a secondary device. After logging on with the primary credentials, a window like this appears: Enter Verification Code window has a QR code to scan with your camera and a field to enter the code manually Add account in device authenticator app Enter verification code Parent topic: Using TOTP Multi-Factor Authentication
Multi-Factor Authentication User Guide
Preventing Brute-Force Attacks
Since verification codes are typically only 6 digits long, technically a brute-force attack could be used to guess the correct code in the given time window. To prevent that from happening, you can enable the retry limit and lockout period in the advanced password settings. This feature is not only for the Multi-Factor Authentication plugin; it's available in the standard Mirth® Connect by NextGen Healthcare distribution as well. In your mirth.properties file, there are several password-related properties you can set: # password requirementspassword.minlength = 0password.minupper = 0password.minlower = 0password.minnumeric = 0password.minspecial = 0password.retrylimit = 0password.lockoutperiod = 0password.expiration = 0password.graceperiod = 0password.reuseperiod = 0password.reuselimit = 0 To prevent users from brute-forcing the TOTP secondary verification code, set both retrylimit and lockoutperiod to a non-zero value. password.retrylimit: The maximum number of times a user may retry
Multi-Factor Authentication User Guide
Logging In With TOTP
After self-enrolling and logging in for the first time, on subsequent login attempts you will no longer be shown the QR code / secret key. Instead you'll be prompted to enter in the latest verification code: Enter Verification Code window Open the authenticator app you used, and find the key associated with your server. Enter the verification code displayed in the app, and select OK. If the code was correct, the Administrator will log in as usual. Parent topic: Using TOTP Multi-Factor Authentication
Multi-Factor Authentication User Guide
Configure TOTP Integration Settings
Log on to the Mirth® Connect by NextGen Healthcare Administrator, and open the Settings view: The Settings link opens the Mirth Connect Settings View Select the MFA settings tab to view the current Multi-Factor Authentication Settings. Next to Enabled, select Yes to enable MFA. Next to MFA Type, select TOTP. Select the Save task on the left-hand side to save changes. Multi-Factor Authentication Settings Advanced Settings Typically none of these settings need to be changed beyond the default values, which should work with most multi-factor authenticator apps (such as, Google Authenticator, Authy, and so on). Account Name: The name associated with the private key. This is used when importing a key into an authenticator app to give the key a unique name. This name is also embedded into the generated QR code. Time Step Size: The amount of time (in milliseconds) to create time windows from. These windows are used to account for differences between the client and server clocks. The larger th
Mirth® Connect by NextGen Healthcare User Guide
§170.315(d)(13) Multi-Factor Authentication
(d)(13) Multi-factor authentication requires that the system mandates access with multi-factor authentication. Required Extensions Multi-Factor Authentication Features that Support the Certification Multi-Factor Authentication Extension Required Actions Using the Mirth® Connect Multi-Factor Authentication Extension with Duo or TOTP, set up all users to be required to use the selected authentication method. Parent topic: Cures Certification
