Security (Practice Settings)
lock So important it gets its own article!
This area of the system allows you to set your security and compliance related settings:
Timed automatic sign out, two-factor authentication requirements, login banner that staff and clients see after signing in, 90 day inactive user lockout, record and document deletion, as well as single sign-on (SSO) is all included here.
Read on for more information about each option, top to bottom
In this Article:
- Access Security Settings
- Security & Compliance Settings (auto sign out, require 2 factor, login banner, limit simultaneous logins)
- Inactive Users Lockout
- Records Deletion (who can delete docs & forms)
- Records Retention Compliance
- Single Sign On (SSO)
Access Security Settings
To access these settings:
- From any screen click (top right)
- Click Security (top tab)
- Find the top section titled Security and Compliance Settings
- Click (top right) and re-enter your password
- The button will then turn to indicating you can make changes
- Review the options for each section below:
Security & Compliance Settings
timer Automatically sign users out
- If a client or provider is inactive past this time, they will be signed out automatically
- They will need to sign back in to resume use
security_update_good Require Two-Factor Authentication
computer Simultaneous Login Limit
- Limit how many devices / browsers a single user can be logged in with at the same time
- Logging in with more than the limit will result in the oldest sign in to be logged out
sms Login Banner
- A paragraph field type that you can enter
- If enabled, after signing in and before seeing the dashboard, this message will be displayed to both staff and clients shown here:
Inactive Users
update 90-Day Inactive User Lock-Out
- Automatically inactivate staff and / or clients after 90 days of inactivity
- Even with the right password, they won't be able to sign in until reactivated
- If it's a billable provider account, this is not the same as deactivation and you will be charged until you deactivate the provider
Staff or clients having issues signing in after?
- To unlock staff: Click here
- To unlock clients: Unlock them from their client profile via the right hand menu shown below. Grey is inactive blue is enabled:

Records Deletion
Control permanent deletion permissions for online forms, standard client documents, files, and message attachments in client's profiles under the Docs & Forms tab.
Example:
Enabling is on a permissions basis and you can enable it for:
- Managers
- Records Custodians
- Supervisors
- Therapists
Records Retention Compliance
Set a yearly threshold where client data will automatically be eligible for deletion via a report.
Article: Records Deletion & Report
Range:
- 1 - 35 years
Single Sign On (SSO)
You can use your own OpenID Connect provider for staff to sign in to TherapyAppointment.
- To do so, check off the box:
- Review the prompt:
- Then click
- Follow the instructions from top to bottom (screenshot below) to configure
- Click (bottom right) when done