Help Centre

MFA (multi-factor authentication) adds a second verification step when users sign in, significantly reducing the risk of unauthorised access even if a password is compromised. MFA is a DSPT requirement for accounts with access to patient-identifiable data.

MFA options in Folelse

• TOTP (Authenticator App) — users scan a QR code using Google Authenticator, Microsoft Authenticator, or a compatible app and enter a 6-digit code at each login.
• Email OTP — a one-time code is emailed to the user's registered address at each login. Less secure than TOTP but simpler to deploy.
• SSO-enforced MFA — if you use Azure AD or CIS2 SSO, MFA is enforced through those identity providers. No additional configuration is needed in Folelse.

Enforcing MFA for all users

1. 1 Go to Dashboard → Settings → Security.
2. 2 Toggle "Require MFA for all users" to On.
3. 3 Select the MFA method: Authenticator App or Email OTP.
4. 4 Click Save.
5. 5 On their next login, all users who have not yet set up MFA will be prompted to do so before gaining access.

Resetting MFA for a locked-out user

1. 1 Go to Dashboard → Users.
2. 2 Click the edit icon on the affected user.
3. 3 Click "Reset MFA".
4. 4 Confirm. The user will be prompted to set up MFA again on their next login.