Security and Passwords (2024)

In-App Help was last updated in 8.6.4 (released 10/23/2019) if you are looking for help with a feature that has been added or enhanced since 8.6.4, please check in Online Help from Help menu.

You are here: For All Users > Security and Passwords

Staff Manager has advanced security measures in place to protect user and patient data. Which features you can access depends on your security permissions, including which security group you belong to and which employee permissions you have. Managers set security groups in Staff Manager Administrator. Employee permissions are set in Staff Manager Client.

Unless specifically stated otherwise, the only permissions needed to access a page are the average permissions for the user group (either employees or managers).

The user login and password are examples of security measures that all users see.

Any changes you make to your Clairvia Web password also affect your password in Staff Manager Client and Staff Manager Administrator, if you have security access to those applications. In single sign-on facilities, Clairvia Web gets your password directly from the network. Single sign-on users who lose their passwords or need them changed should contact their System Administrator.

Lost Passwords

You should contact your Staff Manager administrators if you have forgotten your password. Administrators can use Staff Manager Administrator to clear the forgotten password. The next time you log in, the Mandatory Password Change page opens automatically so that you can create a new password. If you have been locked out due to multiple password failures, administrators can unlock your account with the Account Maintenance page, which automatically clears the old password.

In single sign-on facilities, Clairvia Web gets your passwords directly from the network. Single sign-on users who lose their passwords or need them changed should contact their System Administrator.

Changing Passwords

From the Tools menu, select My Information > Change Password. This opens the Change Password page. The page automatically enters your Username information.
Enter the old password in the Your Old Password box.
Enter a new password in the New Password box.
Confirm New Password by entering the new password again.
If your organization uses Clairvia Web security questions, you must:
1. Select a Security Question from the menu.
2. Enter the answer in the Your Security Answer box.

If your organization does not use security questions, these options are not available.

Click Save Changes.

The Mandatory Password Change Dialog Box

Clairvia Web checks that your password meets your organization's password strength requirements upon login. If a password is not strong enough, the Mandatory Password Change dialog box opens so that you can correct the issue.

The Mandatory Password Change dialog box has three parts:

The Reason the password must be changed. This is sometimes accompanied by an Explanation giving more information.
A list of the Password Rules being used by your organization
The New Password area, containing the New Password box and the Confirm Password box

If you receive a Mandatory Password Change warning, you must:

Enter a password in the New Password box, making sure it meets the Password Rules.
Enter the new password again in the Confirm Password box.
Click OK to save the change.

The following are reasons you would receive the Mandatory Password Change dialog box.

Password Not at Required Strength: If the password does not meet the facility's password strength rules, Clairvia Web opens the Mandatory Password Change box with the Reason Password not at required strength. Clairvia Web displays the required password rules in the Password Rules box.
Security Question Was Used to Access Account: Using a security question instead of a password to open the application triggers the Mandatory Password Change dialog box if your organization has security questions equipped.
Account Password Has Expired: Many administrators set passwords to expire after a set time, since changing passwords regularly increases password strength. If your password has expired, the Mandatory Password Change box includes the Reason Account password has expired and the Explanation Passwords expire [X] days after last change, with X being the number of days.
Password Will Expire Warning: Administrators who set passwords to expire may also configure an expiration warning. If so, a Login Warning box opens shortly before your passwords expire. The box displays the message Your password will expire within [number] days. Click Yes to change your password now. Clicking Yes opens the Password Nearly Expired dialog box, allowing you to create a new password. You should:
1. Enter a new password in the New Password box, making sure the new password meets the Password Rules.
2. Enter the new password again in the Confirm Password box.
3. Click OK to save the change.

Locked Accounts

Administrators can set Staff Manager security so that user accounts are locked down automatically for one of two reasons.

Consecutive login failures
Prolonged period of inactivity

In both of these situations, locking the user account prevents unauthorized personnel from accessing the application. Administrators can also lock user accounts manually in Staff Manager Administrator.

If your account is locked, you receive the following message when trying to open the application: Your account has been locked out. Please see your System Administrator.

If you receive the account lock out message, you should contact your Staff Manager administrator as soon as possible.

Security Questions

Security questions are an optional feature. The Change Password page Security Question and Security Answer options are disabled for organizations without security questions enabled. In addition, you cannot use security questions if your organization uses single sign-on.

Administrators can enable security questions and answers for their organizations. This feature lets you access Clairvia Web even if you have forgotten their passwords.

Selecting a Security Question and Answer

From the Tools menu, select Change Password. This opens the Change Password page.
Select a Security Question from the menu. Available choices are:
- What was the make of your first car?
- What is your mother's maiden name?
- In what city were you born?
- What is the name of your first pet?
Enter Your Security Answer. For example, users who chose the question What was the make of your first car might enter answers such as Ford, Chevrolet, or Toyota.
Click Save Changes.

You can also change your passwords at this time by completing the old and new passwords boxes, but this is not necessary to select a security question.

Using the Security Question to Access Clairvia Web

When Clairvia Web recognizes that you have entered an incorrect password, it presents you with the Password Security Question dialog box. If you answer the question correctly, Clairvia Web opens the application.

After using the security question to access the application, Clairvia Web requires you to create a new password with the Mandatory Password Change dialog box.

EXAMPLE

Barbara tries to log in to Clairvia Web by entering her username and password but realizes she has forgotten her password. Instead of entering a password, she clicks Log In. The Password Security Question dialog box opens, showing the security question Barbara selected: In what city were you born? Because Barbara was born in Springfield, she enters Springfield in the Security Answer box and clicks OK.

Clairvia Web opens and presents Barbara with the Mandatory Password Change dialog box so that she can immediately select a new password.

Password Strength

Administrators configure the password strength used in their organizations. The following factors determine a password's strength:

How long is the password in characters? For Staff Manager, the recommended range is from six to eight characters, with 32 characters being the maximum length.
How frequently are passwords updated?
Do users have a limited number of password entry retries?
Does the organization lock out user accounts after periods of disuse?
Does the organization use security questions so users can access the application if they forget their passwords?

Passwords in Single Sign-On Facilities

In single sign-on facilities, Clairvia Web gets your password directly from your network. Single sign-on users who lose their passwords or need them changed should contact their System Administrator.

New employees who have not received their single sign-on passwords yet can create a Clairvia Web password to open the application. Once users have a single sign-on password, however, Clairvia Web uses that information to log them in. The application ignores any later changes users make to their Clairvia Web passwords.