Multi-Factor Authentication (MFA)

This feature is enabled by HHAeXchange System Administration. Contact the HHAeXchange Support Team for assistance.

Multi-Factor Authentication (MFA) is an additional user security method that can be required at the Payer level and at the Provider Office level. When MFA is required, users must enter their Username and Password in addition to a unique and random system-generated code, obtained at a secure location such as the verified mobile phone or email address on file.

After MFA is set up, a six-digit system-generated code is sent to the user’s designated secure location email address or mobile phone when they log in. For this reason, shared accounts and accounts using Robotic Process Automation (RPA) are not compatible with MFA.

All users subject to MFA are asked to verify their identity using a unique MFA code every 30 days. Once the code is sent, you have 30 minutes to enter and submit the code on the Authentication page.

MFA Request page

  1. Once the MFA setup is complete, a first-time Setup Request page opens when the Username and Password are entered. Click the Set Up Now button to continue.

    MFA Setup Request page

  2. Select the method to verify your identity: Text or Email.

    Choose a Verification Method

    • Email Method:

      1. If Use your email to verify is selected, the system sends a unique six-digit code by email to the email address on the User Profile. This code is valid for 30 minutes from the time of issue. If a new code is needed, click the Resend link to receive a new code after 60 seconds.

      2. On the Let’s set up your email page, enter the 6-digit code and click Confirm to log in.

        If the email was not received, make sure to check you spam and junk folders for an email sent by help@hhaexchange.com. If you still can't find the email, click the Resend link after 60 seconds.

        Email Setup

        Reauthentication is required every 30 days, as well as when the browser is changed or the cache is cleared.

    • Phone Method:

      1. If Use your phone to verify is selected, then the Let’s set up your phone page opens. Enter the mobile phone number in the Phone Number field and click Get code.

        Phone Number Setup - Step 1

      2. The system sends a unique six-digit code to the mobile phone number entered. This code is valid for 30 minutes from the time of issue. On the Confirm that it works page, enter the 6-digit code and click Confirm to log in.

      3. If a new code is needed, wait 60 seconds and click the Resend link to receive a new code.

        Phone Number Setup – Step 2

        Reauthentication is required every 30 days. A random and unique MFA code is sent to log into the system.

        MFA Request page

       

Complete the following steps to add a mobile phone number when one has not been established.

You can add only one mobile phone number per user.

  1. Click the Add a phone number link in the mobile phone section of Available MFA methods.

  2. Enter the phone number in the New Phone Number field. Click Continue.

    Phone Number Setup – Step 1

  3. In the Enter the code field, type in the code sent to the mobile phone. Click Confirm to finalize.

    Phone Number Setup – Step 2

Complete the following steps to change a mobile phone number.

  1. Click the Change link In the mobile phone section of Available MFA methods.

    MFA Settings Page

  2. Enter the New Phone Number, and then click Continue.

    Phone Number Change – Step 1

  3. In the Enter the code field, type in the code sent to the mobile phone. Click Confirm to finalize.

    Phone Number Change – Step 2

Users subject to MFA can view and change their own MFA settings from the Enterprise Portal.

To change the MFA settings, click the MFA Settings link next to the Support Center link at top right. This link is only available to users who are subject to MFA.

MFA Settings Link Next to Support Center

Users cannot disable Multi-Factor Authentication or change the email address from the MFA Settings page. When the email address is changed in the User Profile, the system prompts the user to set up MFA again on their next login.

The Multi-Factor Authentication Setting page opens. Changes can be made to the MFA Settings as explained below.

MFA Settings Page

Complete the following steps to remove a mobile phone number or email address from available MFA methods.

  1. Click the Remove link from either the email address or mobile phone section of Available MFA methods.

    MFA Settings Page

    Only one method can be removed; either the email or mobile phone, not both.

  2. Click the Remove button when prompted to confirm the removal.

    Confirm Removal

Complete the following steps to change the default MFA method.

  1. Click the Set as default link in the email address or mobile phone section of Available MFA methods.

    MFA Settings Page

  2. A banner at the top of the MFA Settings page indicates that the default setting has been changed.