Multi-Factor Authentication (MFA)

Valant supports Multi-Factor Authentication (MFA) for providers and staff.  Rather than just asking for a username and password, MFA requires one or more additional verification factors. For example, a bank account may require this information. When MFA is enabled, users will need to take something they know (their password) and combine it with something they have like access to a phone number, email, or soft-token app. This is an additional layer of security to protect Valant practices, users, and patient data.  

This feature will be available to all existing practice users from Account Settings | Security, and optional for newly created Valant accounts. It will not be required for any user unless the practice wishes to do so and Valant configures the setting. 

Types of MFA

Valant supports three different types of MFA. SMS (text message), Email, and Authenticator apps that a user can choose from to enable MFA for their account. Each user can only use one type of authentication to go along with their password. Users can switch between different types from Account Settings | Security. For more information about the Security page, review the User Account Settings article.

SMS (Text Message)

Users can set up MFA with any US based phone number (+1 country code) that receives SMS messages. There are no additional costs for text messages through Valant when using this feature.   
 
When enabled, users will enter their password and click Log In. This will trigger a text message to be sent to the phone number submitted by the user with a code for the user to input. After entering the code and clicking Enter, the user will be taken to the dashboard.  

  1. Select SMS from "Choose MFA Device:"
  2. Enter the phone number used to verify in the “Phone Number” field, click Save Phone Number 
  3. User will be taken to “Enter the code provided” field, enter the 6-digit code from the SMS
  4. Click Verify which opens the dashboard

Email  

Users can set up MFA with the verified email address used to log in to Valant. They cannot use an email that differs from their verified log in email.

When enabled, users will enter their password and click Log In. This will trigger an email that contains a code to enter on the next screen. After entering the code and clicking Verify, the user will be taken to their dashboard.

  1. Select Email from "Choose MFA Device:" which automatically enables the email MFA verification
  2. Next Log In with username email and password triggers the email
  3. User will be taken to “Enter the code provided” field, enter the 6-digit code from the email
  4. Click Verify which opens the dashboard

Soft-Token  

Users can download Third Party Time-Based One-Time Password (TOTP) Soft Token apps to enable MFA with their Valant account. The most popular soft tokens are apps like Google Authenticator, Microsoft Authenticator, Symantec VIP Access, and many others. Most of these third party TOTP apps across major platforms like Android, Apple, MAC OS and/or  Windows are supported by our solution. Valant does not have a comprehensive list. Symantec VIP Access is the token used by many practices with DrFirst, recommend using for consistency.  

  1. Select Authenticator Apps from "Choose MFA Device:"
  2. Scan the QR code or manually input the code (if you are on a device without a camera) on your selected authenticator app 
  3. Once your app has scanned the QR code or you input the code, click Continue  
  4. Click Verify which opens the dashboard 
Delete

Existing or New User Set Up

Existing Valant Users  

Users whose have existing Valant accounts can configure their MFA settings from Account Settings | Security.

  • Click Account Settings from the top right drop down menu
  • Re-enter password on the Security tab
  • Select a MFA type Under “Choose MFA Device”:  
    • SMS  
    • Authenticator Apps  
    • Email
  • Complete one of the methods to enable MFA

New Valant Users

New users will not be given the option to configure MFA when they setup their account, but can set it up anytime from Account Settings | Security.

Delete

MFA FAQs

I have lost access to my Phone number or Soft-Token App? How can I access Valant? 

Unfortunately, in a scenario where someone gets a new phone number or a new phone and does not transfer their Authenticator app, there is not a self-recovery option. Contact support so Valant can clear MFA settings.  

Is there a cost for MFA?  

There is no cost associated with this feature, and no cost for the text messages sent related to SMS (text message) authentication.  

Can I switch which method of MFA I want to use after I already set it up?  

Yes, on the Account Settings page a user can switch between SMS, Email, or Authenticator Apps.  

Can I require MFA for only some users at the practice?  

At this time it is all or nothing to require MFA at the practice level.  

My practice doesn’t require MFA, but I enabled it anyway. How can I turn it off?

Once enabled optionally by a user it can only be disabled by a Valant user. Contact support in order to complete this.  

How long is my text or email code valid for?  

Five minutes. If more than five minutes has elapsed, use the click here link to resend the code.

Delete

 

Was this page helpful?

Yes No