Connect users:
- Users of Connect who are eligible for Single Sign-On to 340B Architect must have a valid email setup and an alternate login setup in 340B Architect.
Q: Can users receive 2FA phone calls on an indirect line (Ex: Extension or phone system using IVR)?
A: Users will need to have access to a direct landline or cell phone for 2FA. 2FA will not work with switch systems of Interactive Voice Response systems.
Q: Does a user need to take any actions to receive their 2FA code via email?
A: For work email addresses it may be required to whitelist the Microsoft domain. It's also possible that emails from Microsoft may be received but sent to the user's spam folder.
Q: What domains or URLs need to be whitelisted in order to ensure 2FA access
and verification works for each customer?
A: MS Azure B2C Domain URLs
The purpose of this URL is for the 340B Architect software, not for users to access. If users attempt to access this URL they will receive a "404 error"
2FA Email Domains-ability to receive 2FA emails from Microsoft on behalf of Macro Helix
- Email sender msonlineserviceteam@microsoftonline.com
- Header "Macro Helix Account Email Verification Code"
- Sender Label "Microsoft on behalf of Macro Helix"
Users should not send emails to this email address as it is a "No Reply" email address.
Q: Do users have to perform 2FA verification every time they log in? How long will the 2FA token last?
A: For an active session, if the user does not sign out of 340B Architect or close their browser the 2FA verification will last for 8 hours. If 340B Architect times out, the user can return to the application without going through the authentication steps.
After 8 hours, the user token will expire and the user will have to complete the 2FA verification to sign in. A single authentication can be used for multiple browser tabs, but not across multiple browsers.
Q: Does the phone number used for 2FA have to match the number in the user’s 340B Architect profile?
A: No. The phone number the customer will use for 2FA is not stored in their 340B Architect User Profile. If the user needs to update their phone number for 2FA, they can use the link to "Reset Your 2FA Option" in their 340B Architect user profile.
Q: How long will users have to enter the 2FA code that is sent to them via email/phone?
A: Verification codes are time-sensitive. The user will have up to 5 minutes to enter the code before it expires. If the code expires prior to the user being able to enter it, they can use the "Send new code" link to receive another code.
Q: How does 2FA affect Connect users of 340B Architect?
A: Users that log into 340B Architect from Connect SSO will be required to set up and then use 2FA going forward.
Q: How does a user update their phone number for 2FA?
A: Users can change the phone number used for 2FA at any time with the "Reset Your 2FA Option" function in their 340B Architect user profile.
Q: How long do users have to set up 2FA?
A: There is no time limit for how long a user has to set up 2FA. Once the 2FA process is live, all active accounts will be required to complete the setup process the next time they attempt to log in.
Q: How does a new user set up 2FA?
A: An invitation email will be sent to the user with a link to set up 2FA on their account. The link in the email will expire after 7 days.
Q: Can you reset an expired password before setting up 2FA?
A: As long as the account is active and has a valid email address, the "Reset Your Password" link on the login page can be used. Once the password is reset, the user will be taken through 2FA set up at the next login.
Q: How can I troubleshoot if I cannot log in to 340B Architect?
A: Users can troubleshoot by clearing their browser's cache. Additionally, once the cache has been cleared, it is advised that the entire browser window be closed before reattempting to log in. If this does not work, rebooting the computer is recommended as there may be browser tasks running in the background.
2FA-Setting up an Existing User