Today: enhanced security for accessing OnBoard

Today: enhanced security for accessing OnBoard

As part of the continuous enhancement of OnBoard, the Board is implementing a NYS-required security measure to protect the personal information and accounts of OnBoard users. This is similar to verification methods (e.g., text messaging) that users are probably already utilizing with applications such as online banking and secure email systems.

Beginning this evening, March 21, 2024, the Board will require the use of multifactor authentication (MFA) for accessing OnBoard. MFA is an authentication method that requires users to provide additional verification information beyond a username and password to gain access to a resource such as an online account. 

When accessing OnBoard via the Medical Portal, you will be automatically navigated to the MFA setup page. MFA authentication can be established using four methods: Okta verification app, Google Authenticator app, SMS (i.e., text message) authentication, and voice call authentication. 

The Board suggests setting up allfour authentication methods during your initial setup. If you do not wish to set up all four methods, we strongly encourage you set up a minimum of two methods, one being Okta Verify or Google Authenticator and one being SMS authentication or voice call authentication. This ensures that you will be able to access your account in the event that a phone number changes, a phone becomes lost or inaccessible, you are attempting to access from a new location, etc. After your initial setup, you can choose any of your set MFA methods to authenticate your account. 

MFA Screenshot

Okta Verify and Google Authenticator

These authentication methods use a mobile app to verify your account. You will only need to download these applications once during the initial setup. 

SMS Authentication and Voice Call Authentication

The SMS or voice call authentication method utilizes a text message or an automated voice call to send a code for you to enter, verifying your account. It is strongly suggested that you use a cell phone number for SMS authentication and a separate office, home, or mobile phone for voice call authentication. This will ensure you are able to use MFA for either method, if one device is not available. 

Upon selecting “Remember My Device" during login, you will only receive the MFA prompt once every seven days, rather than every time you sign in.  

If any authentication method needs to be changed or added after your initial MFA setup, you can do so by accessing your account at, using the same credentials you use for the Medical Portal.  


Utilizing MFA can provide the following benefits: 

  • Helps minimize risks such as account takeover attacks, compromised personal data, and subsequent credential stuffing attacks. 
  • Keeps confidential data secure. 
  • Aids organizations in meeting stringent data privacy regulations.

More information

For MFA instructions, please visit the multifactor authentication webpage

For full OnBoard details, please visit the OnBoard webpage on the Board’s website.

Need help? Please visit OnBoard support.

OnBoard Icon