|
In this article |
|
This article covers the new MFA setup screen, shown once your account is enforced (or for Bupa clinics, who are already on this flow). If you're setting up MFA voluntarily before enforcement via My Account, see How can I enable/disable multi-factor authentication for my account? instead. |
Why is multi-factor authentication now required?
HotDoc is introducing mandatory multi-factor authentication (MFA) across all Dashboard and Sidebar accounts, as part of an ongoing program to strengthen the security of login credentials across clinics, protecting patient data.
MFA is being rolled out in stages between July and September 2026. You'll see a banner in your Dashboard letting you know the date MFA becomes required for your account.
If you set MFA up before that date – which we'd recommend – you'll most likely be taken through the setup flow described in How can I enable/disable multi-factor authentication for my account? via the My Account menu. If MFA still isn't set up once your date passes, you'll be blocked from logging in and taken through the screens described in this article instead.
| Setup takes less than 2 minutes. We'd recommend completing it as soon as you see the banner, rather than waiting until your next login is blocked. |
What to expect when you log in
If your account's enforcement date has passed and MFA still isn't set up, you'll see the screen below the next time you try to log in, and won't be able to access your Dashboard until setup is complete. Select Get started to begin.
How do I set up MFA?
| Using an authenticator app is the most secure option and is recommended. However, receiving codes via email may be suitable if your email account is already protected with its own MFA. If you're unsure which is best for your setup, check with your IT team or security provider. |
-
On the How you'll receive your one-time code screen, select Authenticator app or Email, enter your current Dashboard password, and select Continue.
Authenticator app option Email option -
If you selected Email, skip to step 6. If you selected Authenticator app, continue below.
-
Choose one authenticator app from the options provided – Authy, Microsoft Authenticator, or 1Password. You only need one of these. Download and open your chosen app on your device.
-
In your authenticator app, use the option to add a new account and scan the QR code shown on screen. If you can't scan it, select Copy next to the setup code and enter it manually instead.
-
Enter the 6-digit code your authenticator app generates into the One time code box, then select Next. Skip to step 7.
-
If you selected Email, we'll send a one-time code to your email address. It will be sent to the email address for the user account you're currently signed into. Enter this code when prompted to verify your email.
-
Once your method is verified, you'll be shown a set of recovery codes. Select Download or Copy and store these somewhere safe and separate from your authentication method.
Recovery codes let you log in if you lose access to your authentication method. Each code can only be used once. -
Select Finish setup.
-
Confirm you've saved your codes by selecting Yes, I've saved them.
-
You'll then see confirmation that MFA is enabled on your account. Select Go to Dashboard or Continue.
If you set up authenticator app If you set up email verification
FAQs
I'm setting up MFA now, but my screens don't look like the ones in this article – what should I do?
+
That's expected if you're setting MFA up before your account's enforcement date – most accounts still use the older setup flow until then. See How can I enable/disable multi-factor authentication for my account? instead.
What should I do if I'm having trouble entering my code or I didn't receive it?
+
See I'm having trouble with my multi-factor authentication code for troubleshooting steps, including what to do if you didn't receive a code at all.
What happens if I don't set up MFA by my account's deadline?
+
You won't be able to log in to your Dashboard or Sidebar until MFA setup is complete. You'll see the setup screen shown above the next time you try to log in.
My clinic shares one login between multiple staff members – what should we do?
+
We strongly recommend each staff member has their own individual HotDoc login – this gives you proper audit trails and means MFA protects each person individually. See How to create, edit or delete a User Account.
If your practice currently shares a login, set up MFA using an email address that all staff can access, so everyone can retrieve the one-time verification code. For individual logins, we recommend using an authenticator app instead.
I need to disable or reset MFA – how do I do that?
+
Once MFA is required for your account, it can't be switched off entirely – but if you can still log in, either with your current method or with a recovery code, you can select Reset MFA from My Account. This disables your current method and takes you straight back into MFA setup to add a new one.
If you can't log in at all – no access to your authenticator app or email, and no recovery codes – contact HotDoc Support for help regaining access.