Overview
The Authentication Methods page allows system administrators to define the security rules for user credentials and access. This ensures that all users accessing the ClinicalDataS platform meet your organization's compliance and security standards.
Access this page via System Settings → Authentication Methods.
Password Policy
Define the complexity and lifecycle rules for user passwords. These rules are enforced when users create or change their passwords.
| Field | Description |
|---|---|
| Minimum Length | The minimum number of characters required for a password (e.g., 8 characters). |
| Require Uppercase Letter | Force passwords to contain at least one uppercase letter (A-Z). |
| Require Lowercase Letter | Force passwords to contain at least one lowercase letter (a-z). |
| Require Number | Force passwords to contain at least one numeric digit (0-9). |
| Require Special Character | Force passwords to contain at least one special character (e.g., !@#$%^&*). |
| Password Expiration | Number of days before a user is forced to reset their password (e.g., 90 days). Set to 0 or disable to never expire. |
| Password History | Number of previous passwords remembered by the system to prevent users from reusing old passwords (e.g., last 5 passwords). |
Two-Factor Authentication (2FA)
Enhance account security by requiring a second form of verification (via Google Authenticator or similar TOTP apps) upon login.
| Field | Description |
|---|---|
| Enforce 2FA | Toggle this setting to Yes to make 2FA mandatory for all users upon their next login. If set to No, 2FA remains optional and can be enabled individually by users in their Profile Drawer. |
Note: When enabling enforced 2FA, users who have not yet set up their 2FA device will be prompted to configure it immediately after entering their username and password.
Multi-Device Login
Control whether a single user account can be active on multiple devices or browser sessions simultaneously.
| Field | Description |
|---|---|
| Allow Multiple Devices | - Yes: Users can log in from multiple browsers or devices at the same time without being logged out of previous sessions. - No: Logging in from a new device or browser will automatically terminate the previous active session for that user. This is recommended for strict security compliance. |
Saving Changes
Click Submit at the bottom of the page to apply your authentication policies.
Important: Changes to the Password Policy will only apply to new passwords or when users are next prompted to change their password. It will not immediately lock out users whose current passwords do not meet the new criteria.