Skip to main content

Troubleshooting MFA Login Issues and Account Lockouts in Elation EHR

This guide helps practices resolve login problems caused by multi‑factor authentication (MFA), including lost devices, blocked codes, or factor errors. It also covers how Admins can reset factors so users can get back in quickly and securely.

What this article covers

  • MFA prompts (authenticator code, push approval, security key/biometric, or email code) that prevent login and how to recover access.
  • How Admins can reset a user’s MFA factor(s), and what to do if the locked‑out user is the sole Admin at the practice.
  • Best practices to prevent future MFA lockouts (e.g., set up multiple factors and choose the right factor per device).

Quick diagnosis: Identify your factor and error

If you have multiple factors, use the dropdown (⏷) on the MFA screen to pick a different factor and attempt login again. Common symptoms by factor:
  • Authenticator app: 6‑digit code rejected or app on a device you no longer have.
  • Okta Verify: push not received; use “enter code” instead and verify from the app.
  • Security key/biometrics: browser/OS prompt fails; may need to unlock your password manager or use the device with Touch ID/Face ID configured.
  • Email code: code not arriving; check spam or IT filtering (least secure option).
Note: SMS/phone call codes are not supported by Elation due to security risks.

Fastest recovery paths by scenario

  • Lost or changed phone (Authenticator app or Okta Verify)
    • Ask an Admin at your practice to reset your MFA factors in Manage Accounts so you can set them up again at next login.
    • If you’re the sole Admin, contact Elation Support; we’ll verify your identity and reset your factors for you.
  • Security key or biometric not working
    • Try on the device where the key/biometric is registered; if using a password‑manager‑stored key, sign into your password manager first so the browser can find the key.
    • Use the factor dropdown to switch to another factor (e.g., Authenticator app) and log in; then update or re‑register the key in Settings later.
  • Okta Verify push not received
    • Choose “enter code” in Okta Verify and type the 6‑digit code from the app; or switch to another factor via the dropdown and log in.
  • Email authentication not working
    • Check spam/junk and email filtering; resend the code; if unreliable, log in with another factor and remove/re‑add Email Authentication (remember it’s the least secure option).

Admin steps: Reset a user’s MFA so they can log back in

  • Go to SettingsManage Accounts → find the user → click Reset Multi‑factor next to their name. This clears their factors so they’ll be prompted to set up a new factor at next login.
  • If the locked‑out person is the only Admin at your practice, have them contact Elation Support; we’ll verify their identity and reset the factors on their behalf.

After a reset: Set up MFA again

  • The user will be prompted to set up at least one factor at next login; we strongly recommend adding more than one (e.g., Authenticator app plus a security key/biometric) for backup.
  • You can manage or add factors later in Settings → Security/MFA preferences (update or remove individual factors as needed).

Using the right factor for the right device

  • Authenticator app (e.g., Google Authenticator): reliable across devices; enter the 6‑digit code during login.
  • Okta Verify: you can approve a push or enter a code; great if your organization uses Okta.
  • Security key or biometric (Touch ID, Face ID, Windows Hello, password‑manager key): best for a single, personal device; set a second factor for mobile/alternate devices.
  • Email authentication: available but least secure; may be blocked by filters; use only when other factors aren’t feasible and add a stronger backup factor.

Helpful tips

  • Select “Do not challenge me on this device for the next 24 hours” on the MFA screen if you want a 24‑hour grace period on that browser/device.
  • Do not share accounts; each user must log in with their own unique credentials and set up their own MFA factor(s).

Still locked out?

  • If there’s an Admin available, ask them to reset your factors in Manage Accounts so you can set them up again at next login.
  • If you are the sole Admin or can’t reach an Admin, contact Elation Support:
    • Include your full name, practice name, best callback number, and your login email.
    • We’ll verify your identity and reset factors for you.