Scroll

Enable Two-Factor Authentication on Your Medidata Account (Required in 2021)

Avatar
Jennifer Eolin
  • Updated
Follow

iMedidata Two-Factor Authentication 

As your trusted partner, Medidata wants to make sure that your data is as secure as possible. 

With organizations seeing increased security threats by those attempting to illegally acquire data on drugs currently in development, we recommend that you enable two-factor authentication on your Medidata account.

By enabling this enhanced security feature now, you can add an extra level of security to your trials. Medidata will be requiring use of two-factor authentication in the second half of 2021.

Please follow the instructions here or below to enable two-factor authentication for your account.

What is Two-Factor Authentication?

Two-factor authentication, also known as multi-factor authentication, adds a second layer of security on your Medidata account to help protect against unauthorized access. In addition to the password, you will be required to enter an additional code provided from an SMS text, a phone call, or on Authy - authentication application available on your smartphone.  

When you submit your two-factor authentication code, you will have the option to “Remember this device for 30 days.”  If you select this option, you will not have to enter a code every time you log in to your Medidata account. Instead, you will have to provide a two-factor authentication code once every 30 days. 

Why Should You Enable Two-Factor Authentication Now?

The US National Institute of Standards and Technology (NIST), the gold standard of Information security policy, recommends two-factor authentication as best practice to protect against hacks, cyber attacks, and data breaches.

How Do You Enable Two-Factor Authentication on your Medidata account?

To enable two-factor authentication through your desktop, follow these instructions 

  1. Log into iMedidata, and click your Name at the top of the homepage
  2. Click Edit Profile.
  3. Click the Security tab.
  4. Click Activate Two-Factor.
  5. If your country name and code does not appear in the Country Code field, click the box and select your country name to set its code dialing prefix.
  6. Enter the telephone number you want authorization codes sent to. If you want to receive codes as text messages, specify a phone that can receive text messages.
  7. Select a delivery method: Text Message or Voice. You must receive and enter a code sent to this number to authenticate that you have access to the phone.
  8. Click Send Code. A code is sent using the specified method. 
  9. Enter the code in the Code field and click Verify.
  10. When the code is accepted, click Activate to activate two-factor authentication immediately, or click Activate Later to activate it at a later time by repeating this process.

If you would like to know more about how to enable two-factor authentication or how to use a mobile application for your two-factor authentication in place of SMS text or Voice, please follow  these instructions.

 

Frequently Asked Questions

 

Q. What is two-factor authentication?

Two-factor authentication, also known as multi-factor authentication, adds a second layer of security to your Medidata account to help protect against unauthorized access. In addition to the password, you will be required to enter an additional code provided from an SMS text, a phone call, or through an authentication application available on your smartphone.  Prior to requiring two-factor authentication for all users, Medidata will also support email as a delivery channel. 

 

When you submit your two-factor authentication code, you will have the option to “Remember this device for 30 days.”  If you select this option, you will not have to enter a code every time you log in to your Medidata account. Instead, you will have to provide a two-factor authentication code once every 30 days per internet browser and device.   

 

Q. How does two-factor authentication work?

Two-factor authentication requires you to enter something you know, which is your username and password, and something you have, which is a verification code as an additional measure to access your account.

When you log into iMedidata using your username and password, before you can access your account, you receive a message: "Please enter your verification code for security purposes."  You will then receive either a text message, an automated phone call, or use the smartphone as previously configured through your iMedidata profile to receive a code.  Enter the code into iMedidata, and you will be able to access Medidata.

If you selected the "Remember me" option, you will be prompted on your next login after 30 days to provide another two-factor authentication.  The “Remember me” option is saved per browser and device.  If you set your laptop to remember your two-factor authorization and then use a different device such as a tablet or phone, you will have to enter a code into that device when you next log in. 

 

Q. Why is Medidata requiring two-factor authentication?

With organizations seeing increased security threats by those attempting to illegally acquire data on drugs currently in development

The US National Institute of Standards and Technology (NIST), the gold standard of Information security policy, recommends two-factor authentication as best practice to protect against hacks, cyber attacks, and data breaches.  As your trusted partner, Medidata wants to make sure that your data is as secure as possible.

 

Q. When will two-factor authentication be required?

Q3 2021.  We will be enhancing the system in advance of the rollout to require two-factor authentication. Analysis is still in progress therefore we don’t have a firm target yet on how long the implementation effort will take.  We realize that clients need advanced notice to respond to the change therefore we will be providing 3 months notice making two-factor authentication required.

 

Q: Can I opt out of using two-factor authentication?

Two-factor authentication is currently available within Medidata’s offering and optional at this time although recommended to be used. Some employers already require it for their staff.  In 2021 it will be required for all users with no exceptions or ability to opt out. We recommend using this time to get comfortable with the functionality while you can turn it on and off.

 

Q. What if I would like to require two-factor authentication for my staff now with the current offering. What options do I have?

Clients can require two-factor authentication for their company email domain knowing that:

- if a user changes their email address, two-factor authentication will no longer be required so the user can turn off two-factor authentication within their User Profile.

- two-factor authentication is required upon login and not when the user attempts to access a study groups or studies

 

There's no option for the user to turn two-factor authentication off, but there is an option for the helpdesk to provide a one-time back-up code.  Typically customers who have built a single sign on integration with iMedidata are the clients interested in enabling two-factor authentication to encourage their employees to use their company single sign on instead of iMedidata login.  By default these users have a back-up path (their company's single sign on) to login when they can't complete their iMedidata two-factor authentication. 

 

Additionally, those customers who have a single sign on integration have an incentive to keep their company email address on their iMedidata account. They can single sign on using their company's authentication credentials instead of iMedidata's.

 

If you want to turn on two-factor authentication now, you can submit a ticket to helpdesk@mdsol.com requesting that two-factor authentication be required for a company email domain (@companyabc.com).  Please specify the iMedidata environment and the date the two-factor requirement should be created.  For example:

 

Company ABC is requesting that iMedidata users with their email domain @companyabc.com are required to use two-factor authentication in iMedidata Innovate starting Monday February 1, 2021

 

Q. iMedidata already supports two-factor authentication. How do I turn it on now?

To enable two-factor authentication through your desktop, follow these instructions 

  1. Log into iMedidata, and click your Name at the top of the homepage
  2. Click Edit Profile.
  3. Click the Security tab.
  4. Click Activate Two-Factor.
  5. If your country name and code does not appear in the Country Code field, click the box and select your country name to set its code dialing prefix.
  6. Enter the telephone number you want authorization codes sent to. If you want to receive codes as text messages, specify a phone that can receive text messages.
  7. Select a delivery method: Text Message or Voice. You must receive and enter a code sent to this number to authenticate that you have access to the phone.
  8. Click Send Code. A code is sent using the specified method. 
  9. Enter the code in the Code field and click Verify.
  10. When the code is accepted, check the box stating that “I understand by enabling two-factor I will need my phone to login to iMedidata” and click Activate to activate two-factor authentication.  

Upon clicking Activate you will receive the message “Two-Step Authentication was just configured for your iMedidata account.  Install Authy at https://www.authy.com/install to get your security codes.”  After you receive this message two-factor authentication is enabled.  You do not need to install the Authy mobile application to receive codes unless you prefer to use an app instead of SMS text or Voice.  

 

Q. What will be the user experience when two-factor authentication becomes required?

The user experience will consist of a UI refresh with fundamental functionality remaining the same. Users will create an account to sign-up for two-factor authentication, an email delivery will be added, and there will be changes to the app.

 

Q. What if I don’t want to use a personal phone number for two-factor authentication?

Before two-factor authentication is required, iMedidata will be enhanced to support email as a two-factor token delivery mechanism.

 

Q. I log in through a single sign on integration. Will I have to use two-factor authentication?

No, if a user is logging in through a single sign on integration, the user will not be prompted to authenticate from us.

 

Q. I use Cloud Administration for study administration. Will my users be required to use two-factor authentication?

Yes, users logging directly into iMedidata will be required to use two-factor authentication.

 

Q. What if the two-factor authentication code doesn’t work?

If you find yourself in a situation where you cannot receive a code – such as you do not have your phone or are in an area without cellphone coverage – contact the Help Desk and an operator can provide you with a one-time code to use.

 

Q. How do I get more information on Medidata’s current two-factor authentication offering?

Please visit iMedidata’s help documentation.  You may be prompted to log in to view the content.

 

Feel free to reach out to your customer service representative if you have any questions.

Thank you for your continued support and commitment to excellence in clinical development.

 

 



Related articles

Comments

0 comments

Please sign in to leave a comment.

Articles in this section