Security (Practice Settings)
lock So important it gets its own article!
This area of the system allows you to set your security and compliance related settings:
Timed automatic sign out, two-factor authentication requirements, login banner that staff and clients see after signing in, 90 day inactive user lockout, record and document deletion, as well as single sign-on (SSO) is all included here.
Read on for more information about each option, top to bottom
In this Article:
- Access Security Settings
- Security & Compliance Settings (auto sign out, require 2 factor, login banner, limit simultaneous logins)
- Inactive Users Lockout
- Records Deletion (who can delete docs & forms)
- Records Retention Compliance
- Single Sign On (SSO)
Access Security Settings
To access these settings:
- From any screen click (top right)
- Click Security (top tab)
- Find the top section titled Security and Compliance Settings
- Click (top right) and re-enter your password
- The button will then turn to indicating you can make changes
- Review the options for each section below:
Security & Compliance Settings
timer Automatically sign users out
- If a client or provider is inactive past this time, they will be signed out automatically
- They will need to sign back in to resume use
security_update_good Require Two-Factor Authentication
computer Simultaneous Login Limit
- Limit how many devices / browsers a single user can be logged in with at the same time
- Logging in with more than the limit will result in the oldest sign in to be logged out
sms Login Banner
- A paragraph field type that you can enter
- If enabled, after signing in and before seeing the dashboard, this message will be displayed to both staff and clients shown here:
Inactive Users
update 90-Day Inactive User Lock-Out
- Automatically inactivate staff and / or clients after 90 days of inactivity
- Even with the right password, they won't be able to sign in until reactivated
- If it's a billable provider account, this is not the same as deactivation and you will be charged until you deactivate the provider
Staff or clients having issues signing in after?
- To unlock staff: Click here
- To unlock clients: Unlock them from their client profile via the right hand menu shown below. Grey is inactive blue is enabled:
Important note: If the staff or client fail to sign in that day, the system will lock them out again as expected. Please repeat this process if needed and ensure they log in that same day.
Records Deletion
Control permanent deletion permissions for online forms, standard client documents, files, and message attachments in client's profiles under the Docs & Forms tab.
Example:
Enabling is on a permissions basis and you can enable it for:
- Managers
- Records Custodians
- Supervisors
- Therapists
Records Retention Compliance
Set a yearly threshold where client data will automatically be eligible for deletion via a report.
Article: Records Deletion & Report
Range:
- 1 - 35 years
Single Sign On (SSO)
You can use your own OpenID Connect provider for staff to sign in to TherapyAppointment.
- To do so, check off the box:
- Review the prompt:
- Then click
- Follow the instructions from top to bottom (screenshot below) to configure
- Click (bottom right) when done