Using MFA within Health Call Products

Creating Auth0 Account for the Management Portal

To enable the rollout of Multi-Factor Authentication the My Health Call Management Portal Login page will be changing because login page is being migrated to Auth0.

Step 1: 

As a new or migrated Auth0 user you will receive an email from noreply@remote-monitor.com asking you to complete your onboarding process for the Health Call Management Portal.

Step 2: 

Click Complete Onboarding to set up your password.

What is Multi-Factor Authentication (MFA)?

Multi-factor authentication (MFA) is an additional way of checking that it is really you when you log in to your account. In addition to your email address and password, you will need to set up a second form of authentication, such as an authentication app on your mobile phone, text message or email. This second layer of security is designed to prevent anyone but you from accessing your account, even if they know your password.

What are the benefits of MFA?

• Keeps any patient data in a more protected environment
• Helps you gain access to your account should you forget your password
• Helps protect NHS reputation
• Provides increased protection against cyber attacks
• Checks if an attempt is made to access your account from an unusual
  location or device

There are 2 methods of authenticating your account:

1. Authenticator app – This is the most secure method.
2. SMS – You will receive a One-Time Passcode (OTP) to your mobile number.

The next time you authenticate your account, you will be sent a One-Time Passcode (OTP) to the method you have selected. If you cannot authenticate using this method, you will be asked to verify your identity using either:

1. OTP to user’s email address
2. Recovery Code

Setting up MFA

Step 1:

Ensure you have an authenticator app downloaded to your smart phone or device.

The authenticator app recommended by the NHS is Microsoft Authenticator. The following support will be provided on the assumption that Microsoft Authenticator is used.

Step 2:

Login to the solution normally, using your current username and password.

Step 3:

Press “Continue” then select Google Authenticator or similar

Step 4:

Open your authenticator app and add an account.

Step 5:

Use the authenticator app to scan the QR code.

Step 6:

Enter the code into your authenticator app, which will return a one-time code. Enter this into your Health Call login page as requested.

Step 7:

You will be provided with a Recovery Code. You should store this somewhere safe to refer back to in future.

A recovery code can be used to login to your account if you do not have access to your device to authenticate using the usual method. A new recovery code will be provided every time you verify your identity.

Click Continue to access the Health Call product.

Second time logging in: The next time you log in with your email address and password, you’ll need to provide an additional verification to access your account.

Use your authenticator app to generate a one-time code, or select Try another method to authenticate using your Recovery Code.

Setting up MFA – SMS Route

Step 1:

Login to the solution normally, using your current username and password.

Step 3:

Press Continue then select SMS.

Step 4:

Select your country code and enter your mobile phone number. A 6-digit code will be sent to your mobile via SMS.

Verifying your Identity

Once you have set up MFA via either SMS, or authenticator app, this will be your default authentication route. If you are asked to authenticate when logging in, and you are no longer able to authenticate using this method, you may be asked to verify your identity using another route. See the below steps to follow this process.

Step 1:

Login to the solution normally, using your current username and password.

Step 2:

You will be asked to submit a 6 digit code. This will be sent to your authenticator app, or an SMS to your mobile number, depending on the route you have previously authenticated with.

Step 3:

If you cannot proceed with this method, e.g. you may not have your mobile phone to access the application, click Try another method.

Step 4:

Select one of the following to verify your identity:

If you have selected SMS:

You will receive an OTP to the mobile number you have previously provided. This will appear with the mobile number hidden, but the last few digits shown. Enter the code and press Continue.

If you have selected Google Authenticator or similar:

Open your chosen authenticator app and you will see a 6 digit code associated with your email address. Enter the code and press Continue.

If you have selected Email:

You will receive an OTP to the email address associated with your Health Call account. Enter the code and press Continue.

If you have selected Recovery code:

You should have previously saved this code, when you previously authenticated your account. Copy the recovery code you have previously saved and paste it into this box. Press Continue.

Step 5:

You will be presented with a new recovery code. Once again, you should store this in a safe place, should you need to verify your identity without access to SMS or authenticator app.