Enhanced Security Login and MFA

by

EARLY ACCESS ONLY

We’re making it even easier to protect your patient data. Dentrix Ascend is introducing an enhanced security experience that includes multi-factor authentication (MFA).

Why This Matters

  • Better protects patient health information (PHI) and reduces the risk of unauthorized access.
  • Meets enterprise-level security standards and HIPAA best practices.

When to Expect the Change

You will receive a communication when it is your turn to be activated.

What to Expect

Even if MFA is active, you might not be required to complete the MFA steps to log in. For most users, MFA will only be required when something unusual occurs—like logging in from a new device or location. If MFA is required, complete the following steps:

  1. When you log in to Dentrix Ascend, you’re prompted to enter a one-time code that is sent to your email address.
  2. Enter the code you received to proceed.
  3. Enter your mobile number to register your device and receive an SMS with a code.
  4. Enter the code you received to complete the MFA.

Note: If you’re unable to use a mobile device at your workstation, please contact Support.

Coming Soon: Authenticator Apps
Right now, MFA uses SMS. In the future, you’ll be able to choose an authenticator app (like Google Authenticator) if preferred.

Making Sure User Accouns Are Eligible for MFA

MFA requires verification using a unique email address for each individual user. Therefore, MFA cannot be enabled for user accounts that share the same email address. To ensure that the user accounts in your organization are not prevented from having the higher level of security provided by MFA, make the following changes as needed to user accounts that are currently ineligible for MFA:

  • Email addresses – Replace duplicate email addresses with unique ones. Any user accounts with shared email addresses will not be enrolled in MFA.
  • Usernames – Change usernames that do not follow the naming convention that is required for MFA. Any user accounts with unapproved usernames will not be enrolled in MFA.

Example of a duplicate email address

In this example, the same email address ([email protected]) is being shared between two user accounts (Sam’s and Sally’s); therefore, the email address for one or both of those accounts must be changed.

Approved naming convention for usernames

  • Letters (a-z, A-Z) are allowed
  • Numbers (0-9) are allowed
  • The following special characters are allowed: underscore (_), dot (.), plus sign (+), and dash (-)
  • Spaces are NOT allowed
  • Email addresses are NOT allowed

What to do if some people use a shared account

A shared account is a user account that multiple people can use to log in to Dentrix Ascend (for example, a user account with the username “bookings” and the email address “[email protected]”). A shared account can be used for bookings or a similar purpose.

With the requirement in place to complete MFA by entering a code from an SMS on a mobile device, you may want to consider having a single device that is available to multiple users; otherwise, in the absence of such a device, you may want to request that MFA be disabled for a shared account by notifying Support.

Logging In With Enhanced Security and MFA

The enhanced security login process is the first step to enabling a more secure login process for users.

Notes:

  • For now, this adds an additional login screen, which is detailed below.
  • Some users will be required to complete an additional verification using a mobile phone to receive a code, which is then entered onscreen. Once a user has completed this step, he/she might not be asked to do this again for some time.

To log in with enhanced security

The initial login page opens.

A screenshot of a login screen AI-generated content may be incorrect.

1. Enter the organization ID and your username.

2. Click Continue.

An additional login page opens.

A screenshot of a login form AI-generated content may be incorrect.

Notes:

  • Your username is pre-filled.
  • The password is not pre-filled even if it is saved in the Chrome browser’s password manager.
  • If you can’t remember your password, click the Forgot Password link to reset your password.

3. Enter your Password.

4. Click Continue.

You will be required to complete the MFA steps below only if there is something out of the ordinary with your login; otherwise, you are logged in to Dentrix Ascend and can ignore the MFA steps.

Notes:

  • Once you have completed verification using your mobile to receive an SMS, you will most likely not be asked again for some time to complete the MFA steps to login.
  • The MFA steps will not be required for every login.
  • If you are not permitted to use your mobile phone in the office, you must contact Dentrix Ascend Support.
  • We strongly encourage everyone to use a mobile device to verify your identity as this helps keep your organization’s data more secure.

To continue logging in with MFA

The Verify Your Identity page opens. Your email address is pre-filled. A numeric code is sent to that email address.

A screenshot of a cell phone AI-generated content may be incorrect.

5. Enter the code from the email message you received.

6. Click Continue.

7. When you are asked to register your mobile device, enter your mobile phone number.

The next Verify Your Identity page opens. A numeric code is sent to your mobile phone.

A screenshot of a cell phone AI-generated content may be incorrect.

Note: If you did not receive the code, click the Resend link. If you still do not receive a code, contact Dentrix Ascend Support.

8. Click Continue.

You are logged in to Dentrix Ascend.