Provider Two-Step Verification Guide
Two-Step Verification (MFA) help and FAQs for Manage My Health providers
General
What is Two-Step Verification?
Two-step verification (also known as Multi-Factor Authentication or MFA) adds an extra layer of security to your account. In addition to your username and password, you’ll need to enter a one-time verification code to confirm your identity when logging in.
Why is Two-Step Verification now mandatory?
Previously, Two-Step Verification was optional and had to be manually enabled. This led to inconsistent use and created potential security risks for patient accounts.
Making two-step verification mandatory helps:
- Better protect personal and health information
- Reduce the risk of unauthorised access
- Provide consistent security for all users
Why can't I log in without Two-Step Verification?
Two-Step Verification is now mandatory to keep your account and health information secure. It adds an extra verification step after your password to prevent unauthorised access. 2SV cannot be turned off and is required for all users on both web and mobile.
Can I turn off Two-Step Verification?
No. Two-Step Verification (MFA) is now enabled by default in Manage My Health and cannot be turned off.
Why can’t it be disabled?
- Protect your personal health information
- Prevent unauthorised access
- Strengthen overall account security
- Meet modern healthcare security standards
Do I need internet access for Two-Step Verification?
Yes. Internet access is required to receive and enter verification codes.
Email Verification
How does Two-Step Verification work on the mobile app?
- Enter your username and password, sign in.
- A verification code is sent to your registered email.
- On the Two-Step Verification screen, enter the code.
- Then click Verify & Continue.
- After your first successful verification, you may enable biometric login (Face ID or fingerprint) for faster future sign-ins.
How does Two-Step Verification work in the app?
When you sign in to the app, after entering your password you’ll receive a one-time code by email.
Enter this code in the app to complete sign in. The code expires after 10 minutes.
How long is the email verification code valid for?
The email verification code is valid for 20 minutes.
What this means:
- You must enter the code within 20 minutes of receiving it
- After 20 minutes, the code will expire and you will need to request a new one
- If you have not received the code (usually sent within seconds), you can request a resend after 3 minutes on the Two-Step Verification page
If your code has expired, simply request a new verification code and try again.
What if I can't find my verification email?
Here are some things you can try:
- Search your inbox — Try searching your email for: ManageMyHealth OTP Security Code. The email may be in Spam, Junk, Promotions, Updates or another inbox category.
- Check your Spam or Junk folder — Sometimes verification emails end up there by mistake.
- Check other inbox tabs or categories — If you use Gmail, Outlook or another email provider, the email might be in Promotions, Updates, Social or other tabs.
- Allow more time for delivery — In some cases, emails can take a few minutes to arrive due to email filters, firewalls or network settings.
- Make sure you’re using the right email — If the email address shown isn’t yours, you may be using a different account. Try logging in with a different email.
- Still can’t find it? — You can request a new code by tapping ‘Resend code’ on the verification screen.
Troubleshooting
What happens if I enter the wrong verification code?
- You will see an error message.
- You can return to the verification screen and try again.
- Multiple failed attempts may temporarily lock your account.
Can my account get locked if I enter the incorrect verification code multiple times?
Yes. For security reasons, if multiple incorrect verification codes are entered, your Manage My Health account may be temporarily restricted.
What should I do if this happens?
- Wait a short period and try again with a new verification code
- Ensure you are using the most recent code sent or generated in your authenticator app
- If the issue continues, contact Manage My Health Support for assistance: managemyhealth.co.nz/support/
What should I do if I get a code I did not request?
If you receive a Two-Step Verification code that you did not request, do not enter the code. This may indicate that someone else is trying to access your account. If you are concerned, you can contact Manage My Health Support for assistance: https://managemyhealth.co.nz/support/
Web Portal
Watch a short video
Watch our short walkthrough video to see the full email verification sign-in process.
Signing in on the web portal
How does Two-Step Verification work on the web portal?
- Enter your username and password, sign in.
- A verification code is sent to your registered email.
- You will see a “Verify Your Identity” screen.
- Enter the code from your email to complete login.
- You will see a “Trust this device” screen with an option to trust the device. If you trust this device, you won’t need to enter a verification code every time you sign in from this device.
After your first successful login, you will be directed to your Two-Step Verification settings.
Why is email verification the default method?
Email verification provides:
- Immediate access without extra apps
- A consistent security baseline
- A reliable way to confirm your identity
How long is the email verification code valid for?
The email verification code is valid for 20 minutes.
What this means:
- You must enter the code within 20 minutes of receiving it
- After 20 minutes, the code will expire and you will need to request a new one
- If you have not received the code (usually sent within seconds), you can request a resend after 3 minutes on the Two-Step Verification page
For assistance, please contact: https://managemyhealth.co.nz/support/
What if I can't find my verification email?
Here are some things you can try:
- Search your inbox — Try searching your email for: ManageMyHealth OTP Security Code. The email may be in Spam, Junk, Promotions, Updates or another inbox category.
- Check your Spam or Junk folder — Sometimes verification emails end up there by mistake.
- Check other inbox tabs or categories — If you use Gmail, Outlook or another email provider, the email might be in Promotions, Updates, Social or other tabs.
- Allow more time for delivery — In some cases, emails can take a few minutes to arrive due to email filters, firewalls or network settings.
- Make sure you’re using the right email — If the email address shown isn’t yours, you may be using a different account. Try logging in with a different email.
- Still can’t find it? — You can request a new code by tapping ‘Resend code’ on the verification screen.
What browsers are supported?
Manage My Health supports current versions of Chrome, Firefox, Safari, and Microsoft Edge. Using an outdated browser may cause issues — update to the latest version if you’re having trouble.
Mobile app
Watch a short video
Watch our short walkthrough video to see the full sign-in process on the app.
Signing in on the mobile app
How does Two-Step Verification work on the mobile app?
- Enter your username and password and sign in.
- A verification code is sent to your registered email.
- On the Two-Step Verification screen, enter the code.
- Click Verify & Continue.
- After your first successful verification, you may enable biometric login (Face ID or fingerprint) for faster future sign-ins.
Can I use Face ID or fingerprint on the mobile app?
Yes. After your first successful email verification, you can enable Face ID or fingerprint login for faster future access.
Will I still need email verification if I use biometrics?
No. If biometrics is set up correctly, you will be able to login to the Mobile App without email verification.
What happens if I change or lose my mobile device?
Simply install the app on your new device and log in using your username, password, and email verification code.
How do I log in faster on the mobile app?
Instead of trusting the device, you can use biometric login, such as:
- Face ID
- Fingerprint
This allows secure and faster access without needing repeated verification.
Authenticator app
Watch a short video
Watch our short video guide to setting up an authenticator app on the website.
How do I set up Authenticator App Verification?
Follow these steps:
- Go to Two-Step Verification
- Click Switch to Authenticator App
- Select your preferred authenticator app
- Scan the QR code displayed on screen using the app
- Enter the 6-digit code generated by the app
- Save your recovery codes securely
- Click Complete Setup
Once completed, Authenticator App Verification will be enabled.
Which Two-Step Verification method does Manage My Health recommend and why?
What are some common Authenticator Apps?
What are the benefits of using an Authenticator App?
Using an Authenticator App for Two-Step Verification (MFA) provides stronger security and a smoother login experience.
Benefits include:
- Stronger account security
- More secure than SMS or email codes
- Works without mobile reception
- Faster login process
- Reduces risk of fraud
Can I use email verification instead of an Authenticator App?
Yes, email verification may be used as a method of Two-Step Verification in Manage My Health.
Email verification provides:
- Consistent protection across all users
- A reliable way to confirm identity
- Immediate access without needing additional apps
However, for enhanced security, an Authenticator App is recommended where possible.
Please ensure your email address is kept up to date to avoid issues receiving codes.
What if I cannot scan the QR code?
If you cannot scan the QR code:
- Click “Can’t scan the QR code?“
- Copy the secret key displayed on screen
- Enter the key manually in your authenticator app
What is the 6-digit verification code?
After scanning the QR code, your authenticator app will generate a 6-digit code.
Enter this code on the setup screen to complete the verification.
The code refreshes automatically every 30 seconds.
What are recovery codes?
Recovery codes are one-time use backup codes that allow you to log in if:
- You lose your phone
- Your device is damaged
- You uninstall the authenticator app
- You cannot access your authenticator app
What should I do if the verification code is not working?
Please check:
- Your phone’s date and time are set automatically
- The correct account is selected in the authenticator app
- You are entering the current (not expired) code
If the issue continues, try resynchronising the app or contact Manage My Health Support: https://managemyhealth.co.nz/support/
Trust this device
Watch a short video
Watch our short video to see how to trust a device and speed up future sign-ins.
What does 'Trust This Device' mean?
When you select ‘Trust This Device‘ during login, Manage My Health will remember the device and browser you are using. This means you will not need to enter a verification code every time you sign in from that device. Only trust devices you own or use regularly. You can remove trusted devices at any time in your account settings.
How long is 'Trust This Device' valid for?
The device will remain trusted for 90 days.
During this time:
- Two-step verification may be skipped on that device
- Login will be faster and more convenient
What happens after 90 days?
After 90 days:
- The device will no longer be trusted
- You will need to complete Two-Step Verification again when logging in
- You can choose to trust the device again if you wish
Can I trust this device again?
Yes. If the trust expires or is removed, you can simply select “Trust This Device” again the next time you log in. This will restart the 90-day trusted period.
Can I remove a trusted device?
Yes. You can remove a trusted device at any time:
- Log in to your Manage My Health account
- Go to Two-Step Verification
- Select Revoke next to the device
Once removed, the device will no longer be trusted and will require verification at next login.
What happens when I revoke trust?
When you revoke trust:
- The device will no longer be recognised as trusted
- You will need to complete Two-Step Verification again on that device
- Your account, data, and other devices are not affected
Why am I still being asked for a verification code on a trusted device?
Even on a trusted device, you may still be prompted for a code if:
• You use a different browser
• You clear cookies or browser data
• You log in from a new device
• The 90-day period has expired
Can I trust this device on mobile?
You can use “Trust This Device” on the mobile responsive website, but not on the mobile app.
Mobile responsive (browser)
- You can select “Trust This Device” when logging in via your mobile browser
- The device will remain trusted for 90 days
- You will not need to enter a verification code every time on that browser during this period
Mobile app
- The “Trust This Device” option is not available in the app
- Instead, you can use biometric login (Face ID or fingerprint) for faster access
Should I trust every device?
No. You should only trust:
- Devices you personally own
- Devices you use regularly
- Private and secure devices
Account & lockout
Account lockout & security
Can my account get locked if I enter the incorrect verification code multiple times?
Yes. For security reasons, if multiple incorrect verification codes are entered, your Manage My Health account may be temporarily restricted.
What should I do if my account is locked?
- Wait a short period and try again with a new verification code
- Ensure you are using the most recent code sent or generated in your authenticator app
- If the issue continues, contact Manage My Health Support:
https://managemyhealth.co.nz/support/
How long is the account locked for?
If multiple incorrect verification codes are entered, your account will be temporarily restricted for security reasons. The restriction lasts for 2 minutes.
After 2 minutes:
- You can try logging in again
- You may request a new verification code if needed
This security measure helps protect your account from unauthorised access attempts.
What should I do if I get a code I did not request?
If you receive a Two-Step Verification code that you did not request, do not enter the code. This may indicate that someone else is trying to access your account.
If you are concerned, contact Manage My Health Support: https://managemyhealth.co.nz/support/
Provider SSO
Single Sign-On (SSO) for Providers
How do I Single Sign-On (SSO) from Medtech into the MMH Provider Portal?
You can securely access the Manage My Health (MMH) Provider Portal directly from Medtech using Single Sign-On (SSO).
Steps to log in using SSO:
- Log in to Medtech
- Click Manage My Health
- Click the Manage My Health icon located on the top left-hand side of the screen
This will automatically log you into the MMH Provider Portal without needing to enter a separate security verification code.
Single Sign-On provides a quicker and more seamless login experience for authorised users accessing MMH through Medtech.
How do I log in faster on the mobile app?
Instead of trusting the device, you can use biometric login, such as:
- Face ID
- Fingerprint
This allows secure and faster access without needing repeated verification.
Why don't I need to enter a security verification code when using Single Sign-On (SSO)?
Because you are securely logged in to Medtech first, our system recognises you as a registered MMH staff member and identifies your assigned MMH user role.
Based on this secure authentication, MMH allows you to access the Provider Portal through the trusted connection between Medtech and MMH, without requiring an additional security verification code.
This process helps provide:
- A faster and more seamless login experience
- Secure access for authorised users
- Reduced need for repeated verification steps during daily workflows
Only authorised users with the correct permissions in Medtech and MMH can access the Provider Portal via SSO.
Still need help?
Contact our support team.