# Multi-Factor Authentication(MFA)

The **Multi-Factor Authentication (MFA)** login feature provides added security by requiring OTP (One-Time Password) validation when users attempt to log in outside of defined working hours. This helps ensure that only authorized access occurs during off-hours.

{% hint style="info" %}
MFA must be configured by an **administrator**. Based on the configuration—whether at the **clinic level** or **user level**—the MFA workflow applies accordingly.
{% endhint %}

***

## MFA Workflow

When MFA is enabled and a user tries to log in before or after clinic or user-defined working hours, the system initiates an additional verification step after the standard login process. The application prompts the user to enter a registered email address, and based on the configuration, the OTP is sent either to the clinic’s email address or the user’s registered email address. Once the OTP is entered and verified, the user is securely logged in.

***

### Configuration Levels

#### **Clinic-Level MFA**

* At the **clinic level**, MFA applies to **all users**. Users can log in using only their credentials during working hours as defined in the **Clinic Calendar** screen. If a user attempts to log in outside of these hours, the system requires OTP verification.

#### **User-Level MFA**

* At the **user level**, MFA applies to **specific users** only. These users can log in with their credentials during the working hours set in the **My Calendar** screen. If a user attempts to log in outside their working hours, the system prompts for OTP verification using the email address configured in their profile.

***

### Steps to log in using MFA

* Open a web browser and enter the clinic-specific URL.
* On the login page, enter your **Username**.

  <figure><img src="/files/tOYu3YsyIkKJO249bG8n" alt="" width="413"><figcaption></figcaption></figure>
* In the **Password** field, enter your password. Select the **eye icon** to view the entered characters, if needed.
* Select the **LOGIN** button.
* If login occurs outside the configured working hours, and OTP will be sent to the registered email address and the system prompts for an OTP.
* Retrieve and enter the OTP sent to the specified email.
* Select **VERIFY** to complete login.

***


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://unitecare.gitbook.io/uniteemr/getting-started/security-features/multi-factor-authentication-mfa.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.