New Login Requirements for the RCM

  • Updated

MFA Deadline
All users will be required to enable Multi-Factor Authentication (MFA) no later than July 7, 2025.

Users who have not selected their preferred MFA method by July 7, 2025, will not have access to the RCM until they complete the MFA process.

Kipu RCM is excited to announce our latest security enhancement. This enhancement allows us to improve security and anticipate HIPPA's proposed regulations. The RCM will update password requirements and enable Multi-Factor Authentication (MFA) to achieve this. Let's review both of these enhancements together!

New Password Requirements

Users will be required to update their passwords following the release. All users will be notified on the Kipu RCM Login Page at least five business days before the new requirements take effect. On login, users will be asked to create a new password following the criteria below:

  • One lower-case letter
  • One upper-case letter
  • One number (0–9)
  • One symbol (e.g., !@#$%^&*)
  • Cannot be the same as the previous 4 passwords

Multi-Factor Authentication Enrollment

In tandem with the password update, users will also be required to set up Multi-Factor Authentication (MFA) for the RCM. MFA is a security process that requires users to verify their identity using multiple forms of authentication before gaining access to an account or system. MFAs add another layer of security to further protect sensitive data in your RCM account.  

What steps do I need to take?

  • Before taking any action to enable MFA, please consult with your organization's IT and/or Security team to ensure you're following best practices.
  • All users will have 90 days from the release of MFA to set up an authentication method. Users can choose Skip For Now during login to delay enablement.
  • After 90 days, users will not be able to log into their Kipu RCM account without enabling MFA.
  • Users with MFA will need to enter their Text Message or Auth App generated code on the login screen when prompted. 

Setting Up Multi-Factor Authentication

Users will be prompted to choose a Text Message or an Authentication App to enable MFA for their profile.

  • This option will require a user to enter a US phone number that can receive an authentication code via SMS text. Once received, input the code on the authentication form in the RCM to complete login steps.
  • Before choosing an Authentication App, please consult with your organization's IT and/or Security team to ensure the preferred app is selected. Standard apps include Microsoft Authenticator, Google Authenticator, and Authy.

    This option requires users to create a new account in their preferred auth app by scanning a QR code or manually entering a security key. Once the account is successfully created, enter the 6-digit token on the authentication form in the RCM to complete the login steps.
  • Instead of using a mobile device, a desktop authenticator extension is available through the Chrome Web Store. Please consult with your organization's IT and/or Security team to ensure the preferred app is selected.

    This option requires users to create a new account in their preferred authenticator extension by manually entering a security key. Once the account is successfully created, enter the 6-digit token on the authentication form in the RCM to complete the login steps.

MFA Accessibility 

If a user loses access to their device with an authenticator, a Managing Organization (MO) Admin can reset the MFA settings within the User profile. However, an MO Admin must have the Security Admin permission toggled on in their user profile before resetting any MFA settings. For additional information on updating user permissions, click here
                                           

Once the reset process has been completed, users will be prompted to set up the MFA again at their next login. Resetting the MFA restores the Skip for Now option, but only until the enrollment deadline of July 7th, 2025. On July 8th, 2025, Users who did not set up their MFA in the allotted timeframe cannot log in to the RCM until the MFA method has been selected. 

Note: If an MO Admin holding Security Admin permission cannot reset a user's MFA or has lost access, they should contact Kipu RCM Support (support@aveasolutions.com) and provide written consent for an MFA reset.

Resetting the MFA

  1. Navigate to Managing Organization Admin > Users.
  2. Select the user name whose MFA you want to reset.
  3. In the user profile, click the Reset MFA Settings.
  4. A confirmation window will appear.
  5. Click Confirm to proceed and complete the process.

Session Timeout Policies

To enhance the security of your accounts and data, we've updated the session timeouts for both passwords and MFA. This means: 

  • Users must log back in with their username and password after 15 minutes of inactivity.
  • Users must reauthorize their login period via MFA with either a code or token every 10 hours.

Was this article helpful?

5 out of 9 found this helpful

Comments

0 comments

Article is closed for comments.