...
Security Policies in OnePacs define policies with regard to user account access settings such as passwords and session management. Security policies are configurable in OnePacs by navigating to Admin -> Security Policies.
Default Security Policy
The default security policy is the policy that is selected by default for new users of the radiology group (excluding facility users). There must be a single default security policy for your group.
...
Each facility in OnePacs designates a security policy.
The facility's security policy defines the minimal security policy for it's users that log into OnePacs.
...
Users of the radiology group may be assigned a security policy explicitly by an administrator when the account is created.
Facility Users
Facility users (ie users of type "Facility User" or "Facility Manager") are assigned a security policy dynamically on login. The security policy is based on the facilities the user has access to. The most stringent security policy based on the security policy ordering defined above is selected.
...
A security policy may set 2-factor authentication as either mandatory or optional.
If it is set to mandatory, users will be required to setup two factor authentication during their next login. It is also possible to indicate whether or not users are allowed to have "trusted devices" for 2FA. If users are allowed to have "trusted devices", upon successful login with 2FA the users may elect to bypass 2FA for a period of time of 7 days.
User Access Whitelists
...
Account registration requires a unique email address. This allows OnePacs to verify the account holder's identity when a password reset is requested.