logo

MFA Setup

Coda Crimson uses multi-factor authentication (MFA) to keep patient data secure. MFA is automatically enabled on all accounts and must be set up before you can access the app.

MFA methods

You can use one or more of the following methods:

MethodHow it works
Email codeA one-time verification code is sent to your email address each time you log in.
PasskeyYour device verifies your identity using biometrics (Face ID, Touch ID, Windows Hello) or a hardware security key (e.g. YubiKey). No code required.

Setting up MFA on first login

After changing your temporary password, you will be redirected to the MFA setup screen.

Email code

  1. Select Email code as your MFA method — a verification code is sent to your email address automatically.
  2. Enter the code and click Confirm.

Passkey

  1. Select Passkey as your MFA method.
  2. Click Register passkey — your browser or device will prompt you to verify using biometrics or a security key.
  3. Complete the prompt (e.g. scan your fingerprint, use Face ID, or tap your hardware key).
  4. Give the passkey a name (e.g. "Work MacBook") and click Save.

Tip: Passkeys are tied to the device or browser you register them on. If you use multiple devices, you can add a passkey for each one from your account settings.

Recovery codes

After completing MFA setup, you will be shown a set of one-time recovery codes. Save these immediately — they will not be shown again. Each code can be used once to log in if you lose access to your other MFA methods.

You can regenerate recovery codes at any time from your account settings — regenerating invalidates any previously saved codes.

Verifying MFA on login

Each time you log in, after entering your password you will be prompted to verify your identity. Choose from your configured methods:

Email code: Check your email for the code sent automatically, and enter it on screen.

Passkey: Your browser or device will prompt you automatically — complete the biometric or security key verification.

Recovery code: Enter one of your saved recovery codes. Each code can only be used once.

If you have multiple methods set up, you can switch between them on the MFA screen.

Managing your MFA methods

From your account settings you can:

  • View your registered MFA methods and passkeys
  • Add a new email code or passkey method
  • Remove a method or individual passkey
  • Regenerate recovery codes

Warning: If you remove all MFA methods, you will be redirected to the MFA setup screen on next login to reconfigure authentication.

Lost access to your MFA method?

Use one of your saved recovery codes on the MFA screen to log in. After logging in, go to your account settings to reconfigure your MFA method.

If you have no recovery codes remaining, contact your administrator to reset your MFA.