Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt

Use this file to discover all available pages before exploring further.

Patient portal security page at /portal/security where portal users manage their multi-factor authentication enrollment and app-lock preferences.

Overview

The portal Security Settings page (rendered by PortalMfaPage) allows authenticated portal patients to enroll and manage TOTP-based MFA factors. It uses usePortalMfaFactors to list current factors, usePortalMfaEnroll to begin enrollment (returning a QR code and secret), usePortalMfaVerify to complete TOTP verification, and usePortalMfaUnenroll to remove a factor. The page is nested within PortalLayout which requires an active portal session.

Who it’s for

No explicit permission gate on this route. Requires an active portal session.

Before you start

  • You must be signed in to the patient portal.
  • A TOTP authenticator app (e.g., Google Authenticator, Authy) is required to complete MFA enrollment.

Steps

  1. Navigate to /portal/security (accessible from the portal navigation sidebar under Security).
  2. Click Enable MFA (or equivalent) to begin TOTP enrollment.
  3. Scan the QR code shown with your authenticator app, or enter the secret manually.
  4. Enter the 6-digit code from your authenticator to verify and activate MFA.
  5. To remove an existing MFA factor, select it and confirm unenrollment.

Key concepts

TOTP factor — A time-based one-time password method. Enrollment creates a factor with status verified once confirmed. App-lock — SME: confirm if the portal-side MFA page also surfaces app-lock preferences or if that is staff-only via /settings/security.

Platform Foundation

Platform Foundation overview.

Governance & parity

This page documents shipped product behavior. It is not medical, legal, or billing advice. Verify against your organization’s policies and applicable regulations before using it for clinical, compliance, or billing decisions. Protected health information (PHI) shown in the product is governed by your tenant’s access controls and is never exposed in this documentation.
  • src/routes/pm.tsx
  • src/cores/pm/pages/portal/PortalMfaPage.tsx
  • src/cores/pm/hooks/usePortalMfa.ts