Skip to content
  • There are no suggestions because the search field is empty.

Two-Factor Authentication (2FA)

Learn how to access Clarity Human Services using Two-Factor Authentication (2FA).

Overview

Two-Factor Authentication (2FA) is a form of multi-factor authentication that requires two separate pieces of information to verify a user's identity when logging in to the system. When 2FA is enabled, you must enter both a password and a 6-digit verification code to log in to Clarity Human Services. You can receive the verification code through your email account (if allowed by your system administrator) or through an Authenticator App.

This article contains the following sections:

Implementing Two-Factor Authentication

Your system administrator has two options for configuring the implementation of Clarity Human Services 2FA: 

  • Mandatory (recommended): All users must use a 2FA method for logging in.
  • Self-Enrolled: Users can voluntarily configure their account to use 2FA functionality for logging in.

In addition to the authentication configurations described above, system administrators may enable additional system-wide 2FA settings:

  • Enable Trusted Devices: When this setting is enabled, you can designate your device as a trusted device for logging in to Clarity Human Services. When you log in with a trusted device during a specific time frame, you will not need to enter a verification code. Your administrator sets the time frame to 7, 14, 30, or 90 days.
  • Allow Email Authentication: When this setting is enabled, you can choose to have the verification code sent to the email address associated with your account instead of having to use an authentication app.

These additional configurations will determine what options are available to you when accessing Clarity Human Services using 2FA and how the login process will behave for future logins. 

Note: for this article, the 2FA configuration is depicted with Enable Trusted Devices and Allow Email Authentication settings enabled.

Setting Up Two-Factor Authentication

When you log in for the first time with 2FA enabled, you will need to set up your 2FA after entering your username and password.

If your system administrator has enabled Allow Email Authentication for the system, you will be asked to select a method for receiving the verification code. 


Select either "Use an Authenticator App" or "Get a code emailed."

The selected option will be used for future login procedures until the authentication token is reset.

Click NEXT.

Setting Up the Authenticator App Option

There are several authenticator applications available for mobile devices. We recommend installing Google Authenticator for Android/iOS and Microsoft Authenticator for Windows Phone.

If you are using the Authenticator App option, the system prompts you to scan a custom QR code using your mobile device's camera within the authentication app.

After the app scans the QR code on the screen, it generates a 6-digit numerical code. Enter the 6-digit code and click VERIFY CODE to complete the login process.

Notes:

  • The TRUSTED DEVICE checkbox will appear in this step if your system administrator has enabled the setting in the 2FA system configuration.  

  • Users who enter an incorrect code more than 5 times in a minute will be locked out of their account. For more information, please refer to the Locked Two-Factor Authentication section of this article.

Setting Up the Email Option

If you are using the email option, the system sends an email containing a 6-digit code to the email address associated with your account. 

2FA Email

Once you receive the email, enter the code into the dialog box and click VERIFY CODE to complete the login process. You may also click RESEND CODE to have a new code sent to your email address.

return to login

You have the option to restart the process by clicking RETURN TO LOGIN.

Notes:

  • The 6-digit code generated through your email account must be entered before it expires. The expiration time frame is between 10 and 20 minutes, depending on when the request is made.

  • Users who request more than one verification code within a 5-minute window will see a message saying that their request is still being processed.

  • Users who enter an incorrect code more than 5 times in a minute will be locked out of their account. For more information, please refer to the Locked Two-Factor Authentication section of this article.

If you do not receive an email, please check your junk/spam folder.

If you are unable to receive the email code, please ask your IT department to allowlist the incoming email address (noreply@bitfocus.com), so it is marked as a safe sender. Once your IT department has allowed the incoming email address, log in and have the code re-sent to your email address. 

If you're still having trouble receiving email, we recommend downloading and using an authenticator app instead. If you have tried all of these options, please reach out to your system administrator, agency contact, or submit a support ticket to the Bitfocus Help Desk for assistance. 

Subsequent Logins with 2FA Enabled

For subsequent logins after the initial login, you will see a dialog box asking you to enter the verification code.

  • If you are using the email option, the system will send an email with a new code after you enter your username and password.

  • If you are using the Authenticator App method, you'll be required to open the app and enter the code displayed.

Note: if your system administrator has configured 2FA to allow trusted devices for a specific amount of time, the TRUSTED DEVICE checkbox will appear. If you check this box, you will not have to enter a verification code during the specified timeframe set by your System Administrator.

Self-Enrolling in Two-Factor Authentication

If your system administrator has not enabled 2FA for all users, you can still enable it for your account in your Staff Member Account Settings. Agencies with stricter login regulations may find it helpful to require 2FA.

Accessing the 2FA Account Settings

To access the 2FA settings for your individual account, click the user icon in the upper-right corner of the screen. When the User Account Control dialog appears, click ACCOUNT SETTINGS


Toggle on Enable 2FA.

Reset Authentication Token

To reset the 2FA functionality, click RESET AUTHENTICATION TOKEN next to the Enable 2FA toggle in Account Settings. The next time you attempt to log in, you will be required to set up your 2FA again.

 

Locked Two-Factor Authentication

If a user enters an incorrect authentication code multiple times, their account "locks" and they are "blocked" from logging in for the Lockout Time setting period.

After the Lockout Time period ends, when the user enters a correct password and a correct authentication code (achieving a "successful login"), the system "unblocks" the user automatically, changes the user status, and makes a record in the audit log.

If the user cannot wait to log in, they can reach out to their system administrator or agency contact or submit a support ticket to the Bitfocus Help Desk for assistance. Even with assistance, the user will need to enter a correct password and a correct authentication code to achieve a successful login 

Updated: 01/22/2026