2 Factor Authentication (2FA) in EpiSoft

2-Factor Authentication (2FA) is now available as a login option for all EpiSoft organisations.

All organisations (except organisations that wish to implement SAML authentication instead) will need to adopt this additional user authentication measure for added security no later than July 2023.

Regardless of the organisation's adoption state, all EpiSoft support staff access to any customer production environment is protected by 2FA.

Each organisation can choose to have 2FA enabled or not. The 2nd factor will be remembered for that user for that device and that browser for 30 days and then will ask you to enter the validator code again. Your users can tick 'remember me' so they don't have to be prompted for second factor at every login.

The user will be asked for the 2nd factor (code from app) again if:
1) they use a different device to access epi-me
2) 30 days have elapsed since their last 2FA check
3) they clear their browser cookies
4) they use a different browser (that is switch from Edge to Chrome)

Tip! Please ensure your users are aware they should never select 'remember me' on a shared computer or other device or a that is not secure / unique to them.


Before any organisation can implement 2FA, your organisation will need to confirm an implementation plan, and relay this plan to all end-users well ahead of implementation. All organisations must have the available support to assist your end-users in re-authenticating their EpiSoft accounts to ensure business continuity.

In preparation for switching on 2FA, please ensure you have completed the following checklist

1. All your users are using a modern supported browser (Chrome, Edge, Firefox) - We do not guarantee this function will work on IE11 (for which we are in the process of withdrawing support)

2. All your users have a Smartphone

3. All your users have downloaded an Authenticator App of your organisation's choosing

Important! EpiSoft recommends Google Authenticator or Microsoft Authenticator as these have been tested for compatibility with EpiSoft. However it does not mean you cannot use another authenticator app - it just isn't guaranteed to be supported.




If you are planning on implementing 2 factor authentication, please let us know via help@episoft.com.au so that we can schedule an implementation plan with you. We will need to stagger the roll out across different customers in order to provide dedicated assistance to you and your end users as it will be a login change to your end users.


Once you have completed the checklist and we have jointly agreed a date for implementation, we will switch this function on for you.

Once the functionality is enabled for your organisation or community, all existing users will be prompted at their next login to scan the QR code to obtain a validator code to their authenticator app.

All new EpiSoft users will be sent a Registration email (from mp-reply@episoft.com.au) that contains a their Username, plus a link to finalise their password and 2FA credentials.

Once the link from the email has been clicked, users will confirm their password, as well as their two security questions and answered which are essential when retrieving forgotten passwords.

Users will then be displayed the page below, where they will be required to complete the final step of the 2FA process.


The QR code scan should take you to your Authenticator App to complete the setup. However if it does not automatically do this, open your Authenticator App, there should be a little PLUS + sign in the bottom right. If you click this you will get option to scan the QR code from within the app.

If you have multiple login accounts to EpiSoft, you may need to do this. You can store 2 factor validator codes for all your different user names in the same app.

What to do if you get a new phone

If you get a new phone after implementing 2 factor, once the Authenticator app is installed on their new device, you will need contact your local EpiSoft administrator (not EpiSoft) who can reset your account to 'not configured for 2FA' to be resent the QR code.

System administrators - before removing a 2FA configured account by editing the user and hitting the button, please use the challenge questions and answers to verify the end user identity if you are not familiar with the end user.

Please ensure you follow the app instruction steps to remove the login token from your old phone.