Multi-Factor Authentication (MFA)
This feature is enabled by HHAeXchange System Administration. Contact the HHAeXchange Support Team for assistance.
Multi-Factor Authentication (MFA) is an additional user security method that can be required at the Payer level and at the Provider Office level. When MFA is required, users must enter their Username and Password in addition to a unique and random system-generated code, obtained at a secure location such as the verified mobile phone or email address on file.
After MFA is set up, upon logging into the system with their Username and Password, a six-digit system-generated code is sent to the user’s designated secure location email address or mobile phone.
All users subject to MFA are asked to verify their identity using a unique MFA code every 30 days. Once the code is sent, you have 30 minutes to enter and submit the code on the Authentication page to be allowed access to the system.
Complete the following steps to add a mobile phone number, when one has not been established.
You can add only one mobile phone number per user.
-
Click the Add a phone number link in the mobile phone section of Available MFA methods.
-
Enter the phone number in the New Phone Number field. Click Continue.
-
In the Enter the code field, type in the code sent to the mobile phone. Click Confirm to finalize.
Complete the following steps to change a mobile phone number.
-
Click the Change link In the mobile phone section of Available MFA methods.
-
Enter the New Phone Number, and then click Continue.
-
In the Enter the code field, type in the code sent to the mobile phone. Click Confirm to finalize.
Users subject to MFA can view and change their own MFA settings from the Enterprise Portal.
To change the MFA settings, click the MFA Settings link next to the Support Center link at top right. This link is only available to users who are subject to MFA.
Users cannot disable Multi-Factor Authentication or change the email address from the MFA Settings page. When the email address is changed in the User Profile, the system prompts the user to set up MFA again on their next login.
The Multi-Factor Authentication Setting page opens. Changes can be made to the MFA Settings as explained below.
Complete the following steps to remove a mobile phone number or email address from available MFA methods.
-
Click the Remove link from either the email address or mobile phone section of Available MFA methods.
Only one method can be removed; either the email or mobile phone, not both.
-
Click the Remove button when prompted to confirm the removal.
Complete the following steps to change the default MFA method.
-
Click the Set as default link in the email address or mobile phone section of Available MFA methods.
-
A banner at the top of the MFA Settings page indicates that the default setting has been changed.
Once the MFA setup is complete, a first-time Setup Request page opens when the Username and Password are entered. Click the Set Up Now button to continue.
Select the method to verify your identity: via Text or Email.
If the Use your email to verify is selected, then the system sends a unique six-digit code by email to the email address on the User Profile. This code is valid for 30 minutes from the time of issue. If a new code is needed, click the Resend link to receive a new code after 60 seconds.
On the Let’s set up your email page enter the 6-digit code and click Confirm to log in and access the system home page.
If the email was not received, hover over Didn't receive the mail?. A message will appear Please make sure to check your spam or junk folder for an email sent by xxxx@hhaexchange.com.
Reauthentication is required every 30 days as well as when the browser is changed or the cache is cleared. A random and unique MFA code is sent to log into the system accordingly.
If the Use your phone to verify is selected, then the Let’s set up your phone page opens. Enter the mobile phone number in the Phone Number field and click Get code.
The system sends a unique six-digit code to the mobile phone number entered. This code is valid for 30 minutes from the time of issue. On the Confirm that it works page, enter the 6-digit code and click Confirm to log in and access the system home page.
If a new code is needed, click the Resend link to receive a new code after 60 seconds.
Reauthentication is required every 30 days. A random and unique MFA code is sent to log into the system accordingly.