Purpose

During the login process, it is possible that a user may no longer be able to generate a one-time passcode from their Authenticator app. Due to the sensitivity of the data held within Medicus, only an administrative user can recover their account by generating a 2FA recovery code. This guide covers the steps required to action this.

Steps to generate a 2FA recovery code

1. From the modules menu on the side navigation bar select 'staff administration'.

Screenshot 2024-01-31 at 14.58.51.png

2. From the staff list, locate and select the staff member that you would like to resend the recovery code to. This will open up the staff details.

3. Select 'Login & Security' on the side navigation bar.

4. Select the 'Generate 2FA recovery code' button.

Screenshot 2024-01-31 at 15.41.14.png

5. The following screen is displayed which shows the recovery code. It is valid for 24 hours.

Once the expiry time has passed, a new recovery code is generated.

6. Provide the recovery code to the user who is trying to login. They are able to enter the recovery code by selecting 'enter recovery code' from the 2FA login flow.

Screenshot 2024-01-29 at 11.37.35.png

7. If the user enters the code incorrectly, or enters an expired code, an error is displayed on the screen. Otherwise, if entered correctly the user will be able to regain access to their account.

8. Once they are logged in, you can direct them to their 'My account' settings to reset their 2FA.