Introduction
Multifactor authentication (MFA) is a layered approach to security, combining something you know (your username and password) with something you have (your mobile device or hardware token). Your identity is verified only when both factors are satisfied.
MFA is significantly more secure than password-based authentication alone, and to protect Community Connect users and their patients, MFA is required whenever Epic Community Connect is accessed.
This web page provides guidance for enrolling in Community Connect MFA and answers frequently asked questions (FAQs) about it.
How it Works
VUMC uses Thales SafeNet MFA for Community Connect. When accessing Community Connect, users will be prompted for a one-time passcode (OTP) in addition to their Epic Community Connect ID (CC ID) password. This passcode is valid only for a short period of time and cannot be reused.
Users who do not e-prescribe controlled substances (EPCS) can enroll in one of three methods to generate the one-time passcodes:
- SafeNet MobilePASS+ app
- SMS / text messaging
- physical (hardware) tokens
Due to US Drug Enforcement Administration (DEA) guidelines on the electronic prescription of controlled substances (EPCS), the only choice offered to EPCS users is the Thales SafeNet MobilePASS+ app.
Enrollment Process
To enroll in Community Conect MFA for the first time, go to https://mymfa.app.vumc.org and log in with your CC ID username and password. The MyMFA wizard will guide you through selecting the most secure MFA method available to you:
If you choose the MobilePASS+ app, an email will be sent to you from "VUMC MFA" (safenet@vumc.org) with a unique enrollment link. The enrollment link will take you to a SafeNet website which will guide you through completing the process.
If you use an Android mobile device, you must install the Thales SafeNet MobilePASS+ app from the Google Play Store. If you use a mobile device from Apple, you must install the MobilePASS+ app from the Apple App Store.
The MobilePASS+ app does not record or restrict what you do on your mobile device, nor does it give VUMC or HMA access to your mobile device. When you install the application, you will be prompted to give the app access to your camera and allow it to receive push notifications. Camera access is used only to read the QR code that is part of the enrollment process, and push notifications are quicker and easier than manually typing the six-digit passcode.
- If you select SMS/text messaging for your MFA method, you will receive a code on your mobile device that you must enter into MyMFA to confirm ownership of the device. Once enrollment is complete, you will receive a text message from 55218, VUMC’s “short code,” welcoming you to VUMC MFA.
- If you select a physical hardware token as your MFA method, you will receive an enrollment email from VUMC MFA (safenet@vumc.org). Save the email and contact the Help Desk of your organization for guidance on obtaining the hardware token. Once you receive your token, click the link in the enrollment email to activate it.
If you wish to change your MFA method after enrolling, return to https://mymfa.app.vumc.org, complete the login process (including the MFA verification), and select a different method. Note that those who can e-prescribe controlled substances (EPCS) can only select the “MobilePASS+ app” option due to U.S. Drug Enforcement Administration (DEA) guidelines.