Two-Factor Authentication (2FA) is a form of multi-factor authentication that requires two separate pieces of information to confirm the identity of a user attempting to log in to the system. When 2FA is enabled, you must enter both a password and a 6-digit verification code to log in to Clarity Human Services. You can receive the verification code through your email account (if allowed by your system administrator) or through an Authenticator App.
- The 6-digit code generated for the user must be entered before it expires. The expiration time frame is between 10 and 20 minutes, depending on the timing of the request.
- Users who enter an incorrect code more than 5 times in a minute will be locked out of their account.
Authenticator Apps for Mobile Devices
There are several authenticator applications available for mobile devices. We recommend installing Google Authenticator for Android/iOS and Microsoft Authenticator for Windows Phone.
Implementing Two-Factor Authentication
Your system administrator has two options for configuring the implementation of Clarity Human Services 2FA:
- Mandatory (recommended): All users must use a 2FA method for logging in.
- Self-Enrolled: Users can voluntarily configure their account to use 2FA functionality for logging in.
In addition to the authentication configurations described above, system administrators may enable additional system-wide 2FA settings:
- Enable Trusted Devices: When this setting is enabled, you can designate your device as a trusted device for logging in to Clarity Human Services. When you log in with a trusted device during a specific time frame, you will not need to enter a verification code. Your administrator sets the time frame to 7, 14, 30, or 90 days.
- Allow Email Authentication: When this setting is enabled, you can choose to have the verification code sent to the email address associated with your account instead of having to use an authentication app.
These additional configurations will determine what options are available to you when accessing Clarity Human Services using 2FA and how the login process will behave for future logins.
Note: for this article, the 2FA configuration is depicted with Enable Trusted Devices and Allow Email Authentication settings enabled.
Setting Up Two-Factor Authentication
When you log in for the first time with 2FA enabled, you will need to set up your 2FA after entering your username and password.
If your system administrator has enabled Allow Email Authentication for the system, you will be asked to select a method for receiving the verification code.
Select either "Use an Authenticator App" or "Get a code emailed."
The selected option will be used for future login procedures until the authentication token is reset.
Setting Up the Authenticator App Option
If you are using the Authenticator App option, the system prompts you to scan a custom QR code using your mobile device's camera within the authentication app.
After the app scans the QR code on the screen, it generates a 6-digit numerical code. Enter the 6-digit code and click VERIFY CODE to complete the login process.
Note: the TRUSTED DEVICE checkbox will appear in this step if your system administrator has activated the setting in the overall 2FA system configuration.
Setting Up the Email Option
If you are using the email option, the system sends an email containing a 6-digit code to the email address associated with your account.
Once you receive the email, enter the code into the dialog box and click VERIFY CODE to complete the login process. You may also click RESEND CODE to have a new code sent to your email address.
You have the option to restart the process by clicking RETURN TO LOGIN.
Note: Users who request more than one verification code within a 5-minute window will see a message saying that their request is still being processed.
If you do not receive an email, please check your junk/spam folder.
If you are unable to receive the email code, please ask your IT department to whitelist the incoming email address (email@example.com) so that it will be marked as a safe sender. Once your IT department has whitelisted the incoming email address, log on and have the code re-sent to your email address.
In the meantime, you can contact Bitfocus Support at (702) 614-6690, Ext. 2, to receive a temporary authentication code.
If you continue to have difficulty receiving email, we recommend downloading and using an authenticator app instead. If you have already attempted to obtain a code by email, you will need to ask Bitfocus Support to reset the code.
Subsequent Logins with 2FA Enabled
For subsequent logins after the initial login, you will see a dialog box asking you to enter the verification code.
- If you are using the email option, the system will send an email with a new code after you enter your username and password.
- If you are using the Authenticator App method, you'll be required to open the app and enter the code displayed.
Note: if your system administrator has configured 2FA to allow trusted devices for a specific amount of time, the TRUSTED DEVICE checkbox will appear. If you check this box, you will not have to enter a verification code during the specified timeframe.
Self-Enrolling in Two-Factor Authentication
If your system administrator has not activated 2FA for all users, you can still activate 2FA for your account. Agencies with stricter login regulations may find it helpful to require 2FA.
Accessing the 2FA Account Setting
To access the 2FA setting for your individual account, click the user icon in the upper right corner of the screen. When the user account control dialog appears, click ACCOUNT SETTINGS.
Toggle on Enable 2FA.
Reset Authentication Token
To reset the 2FA functionality, click RESET AUTHENTICATION TOKEN next to the Enable 2FA toggle in Account Settings. The next time you attempt to log in, you will be required to set up your 2FA again.