Alameda Health System
Two-Factor Authentication (2FA)

What is Two-Factor Authentication?

Two-Factor Authentication is an authentication method that will only allow you access after you have successfully confirmed any combination of the below items:

Something You Know

This is typically a password or a PIN code that you utilize on a consistent basis

Something You Have

This can be anything from a token that changes codes frequently to a one-time use verification code

Something You Are

Examples of this are facial recognition, fingerprints etc..

Alameda Health System is utilzing Imprivata as it's two-factor authentication source. This system allows for the use of the AHS username/password as it's first factor and a mobile device as it's second factor

Why is AHS implementing Two-Factor Authentication?

To deal with increasing security threats which can compromise basic username/password security (i.e. phishing, breaches)

How is AHS implementing Two-Factor Authentication?

In order to begin utilizing two-factor authentication staff must enroll a mobile device into our system so that they can receive the necessary authentication notifications.

This will entail going through a set of steps which have been documented and are available by going to the How-To Guides section of this page.

You will need to select the instructions for the remote authentication method that you currently utilize.


AHS Employees and vendors who currently have remote access


App Installation:
-iOS devices v.11.0 or later
-Android devices v.6.0 or later

SMS Text Messaging:
-Any mobile divice that can recieve SMS Text Messages

-Internet Explorer v.11.0 or later; Microsoft Edge
-Google Chrome


For assistance please call (510) 437-4503 (xt44503)
Submit a request to the AHS IS Service Center

How-To Guides

Two-Factor Authentication Enrollment

You must enroll a mobile device into our two-factor system so that you can receive the necessary authentication notifications.The below documents will guide you through the enrollment process.

Citrix Application Access

To gain access to applications such as Epic remotely please use the below document for enrollment

Remote Desktop Protocol (RDP)

If you utilize Remote Desktop Protol (RDP) to access the Alameda Health System network remotely please use the below document for enrollment

Cisco AnyConnect Secure Mobility Client

If you utilize the Cisco AnyConnect Secure Mobility Client to access the Alameda Health System network remotely please use the below document for enrollment


What logins will I need to use two factor for?

New initiatives like Electronic Prescribing of Controlled Substances (EPCS) for prescribing doctors will use two-factor authentication when SAPPHIRE(EPIC) is implemented. At this point we are focusing on external access to the network, so VPN and Remote Desktop Protocol (RDP). Email access via Outlook Web Application (OWA) from outside the clinical network areas will utilize two-factor authentication in the near future.

Will I need to remember another password?

No, the Imprivata Confirm ID product does not require a password

Will I need to answer another set of security questions?

No, there are no security questions.

How do I enroll/sign-up if I’m not already enrolled?

Install the Confirm ID application on your phone from your Appstore. If you have received a two-factor authentication notification email you can follow the links to the instructions to sign up. You can use a work computer you are logged into or your home computer for RDP enrollment. Any Cisco VPN enrollments will need to be done ouside of the network. For more details see the two-factor authentication enrollment guide for your specific remote access technology.

Is there a guide specific to my remote access method?

Yes, the guides are available on this site in the How-To Guides section.

Do I need to install anything on my computer?

No, access will continue as it is right now. We are only adding the two-factor authentication sequence at login.

Do I need to install anything on my phone?

Yes, if you have a smartphone you will need the Confirm ID app which is available for Apple and Android. The App is free.

What if I lose my phone or forget it and don’t have it to do the second authentication?

Call the Helpdesk (510)437-4503 or 44503 to get a temporary emergency replacement code.

What if my phone is lost or replaced?

Call the Helpdesk (510)437-4503 or 44503 so that they can remove the old phone from your account.
Your account will be configured to accept the enrollment of a new device.

What if I don’t have a smartphone?

A smartphone is the fastest and easiest way to use two-factor authentication but you can also use any cell phone that can receive text messages. Certain functions like EPCS only support the use of smartphones because of DEA regulations.

Do I have to enroll multiple times if I use multiple technologies that require two-factor authenticaton (i.e. RDP, VPN, EPCS)?

No, you will only need to enroll one time. The enrollment will apply to all technologies within AHS that require two-factor authentication.