Patient Authentication Settings

Patient Authentication Settings

The Patient Authentication settings page lets you configure how patients verify their identity and manage portal credentials across your organisation.

How to Get There

Navigate to Settings > Patient Authentication.

Settings Tab

Configure verification requirements for your organisation:

• Require phone verification - when enabled, patients must verify their mobile number during booking and portal login
• Require email verification - when enabled, patients must verify their email address

At least one verification method should be enabled. If both are disabled, a warning appears because patients could book appointments without identity verification (spam risk).

Credentials Tab

The Credentials tab shows all patients with configured portal credentials in a searchable table:

• Patient name
• Mobile credential and verification status
• Email credential and verification status
• Last authentication timestamp

Click a patient row to open the credential sidebar where you can:

• View detailed credential information
• Add a new email or mobile credential (marked as unverified)
• Clear an existing credential (removes portal access for that method)
• See verification timestamps and last login times

Backfill Feature

The Backfill credentials button scans all patients and promotes unique demographic contact details to portal credentials. See the Managing Patient Portal Credentials article for details.

Session Behaviour

• Base portal session - lasts 24 hours from login. Patients can view appointments, invoices, and basic information.
• Clinical record elevation - accessing clinical records requires a separate verification step. Elevated access lasts up to 60 minutes and can be revoked by an admin.

Tip: Enable at least phone verification to prevent spam bookings. Most practices enable phone verification and leave email verification optional.