Login Requirements

  • Updated

When a new user logs in to the RCM, they will be required to set up both a password and a second form of verification, known as Multi-Factor Authentication. Let's review each of these requirements together!

Password Requirements

On login, users will be asked to create a new password following the criteria below:

  • One lower-case letter
  • One upper-case letter
  • One number (0–9)
  • One symbol (e.g., !@#$%^&*)
  • Cannot be the same as the previous 4 passwords

Setting Up Multi-Factor Authentication

After the password is created, users will then set up Multi-Factor Authentication (MFA). MFA is a security process that requires users to verify their identity with multiple authentication factors before gaining access to an account or system. MFAs add another layer of security to further protect sensitive data in your RCM account. Users will be prompted to choose a Text Message or an Authentication App to enable MFA for their profile.

  • This option will require a user to enter a US phone number that can receive an authentication code via SMS text. Once received, input the code on the authentication form in the RCM to complete the login steps.
  • Before choosing an Authentication App, please consult with your organization's IT and/or Security team to ensure the preferred app is selected. Standard apps include Microsoft Authenticator, Google Authenticator, and Authy.

    This option requires users to create a new account in their preferred auth app by scanning a QR code or manually entering a security key. Once the account is successfully created, enter the 6-digit token on the authentication form in the RCM to complete the login steps.
  • Instead of using a mobile device, a desktop authenticator extension is available through the Chrome Web Store. Please consult with your organization's IT and/or Security team to ensure the preferred app is selected.

    This option requires users to create a new account in their preferred authenticator extension by manually entering a security key. Once the account is successfully created, enter the 6-digit token on the authentication form in the RCM to complete the login steps.

MFA Accessibility 

If a user loses access to their device with an authenticator, a Managing Organization (MO) Admin can reset the MFA settings within the User profile. However, an MO Admin must have the Security Admin permission toggled on in their user profile before resetting any MFA settings. For additional information on updating user permissions, click here
 

Note: If an MO Admin holding Security Admin permission cannot reset a user's MFA or has lost access, they should contact Kipu RCM Support (support@aveasolutions.com) and provide written consent for an MFA reset.

Resetting the MFA

Let's review how to reset the MFA!

  1. Navigate to Managing Organization Admin > Users.
  2. Select the user name whose MFA you want to reset.
  3. In the user profile, click the Reset MFA Settings.
  4. A confirmation window will appear.
  5. Click Confirm to proceed and complete the process.

Session Timeout Policies

To enhance the security of your accounts and data, we've updated the session timeouts for both passwords and MFA. This means: 

  • Users must log back in with their username and password after 15 minutes of inactivity.
  • Users must reauthorize their login period via MFA with either a code or token every 10 hours.

Was this article helpful?

5 out of 9 found this helpful

Comments

0 comments

Article is closed for comments.