In order to enhance account security and protect data, we have introduced the two-factor authentication (2FA) model to log in to VarSome, VarSome Clinical and VarSome Premium.
Two-Factor Authentication required enrollment
As soon as you provide your username (email address) and password which you used to register to VarSome to our SSO (Single sign-on) page (https://sso.varsome.com/app/dashboard)
the next step is to set up two-factor authentication, which is mandatory for new users, by providing a mobile phone number. You cannot add the same mobile phone number for more than one account.
⚠️ Please note that we do not accept numbers generated through a service that provides temporary telephone numbers. If such a number is used, the following error message will be displayed:
"This mobile phone number does not pass our system's security checks. Please use another number."
After clicking Submit, a text message with a code should have been sent to the provided mobile number. Once you receive the code this has to be given in the next step in order to complete the login.
You can select the option "Remember me for 30 days on this device" in case you do not want to add the code on every login.
⚠️ Please note that you cannot alter your current phone number. If you want to change it, you need to contact our support team (support@varsome.com). They will remove your existing number, allowing you to add the new one and reconfirm your account.
Other 2FA methods
It is possible to enable 2 additional authentication methods, by using an application or saving backup codes. To enable the other methods there is a need to log in to sso.varsome.com your VarSome account manager page. To land on the same page from inside VarSome Clinical, click on your name at the top right and then on Profile. This will redirect you to your VarSome account manager.
Once logged in to the VarSome account manager, on the top right of the page there is a shield icon.
When clicking on it the user will be able to configure their privacy setting, such as changing passwords, enabling other authentication methods or seeing the API token.
The 2FA via the authenticator app is allowed by scanning the QR code or by manually entering to your authenticator app the code available in the Two-Factor Authentication page. The user will need to enter the code generated by the app to access the platform.
Please note that when using the Authenticator App, no SMS will be sent automatically. Instead, you should enter the code provided by the Authenticator App when prompted by VarSome. You may still request an SMS code to be sent by clicking on the "Receive code through SMS" link.
The 2FA via backup codes will generate 3 backup codes that the user can use to enter the platform. Those backup codes can be used only once and are meant for situations where the primary device (sms or application) is not available.
Please note that the backup codes should be used as the last option in case the user loses their phone or does not have access to the authenticator App.