
Multi-Factor Authentication
Security as non-negotiable. Access as seamless.
Mandatory MFA and Okta SSO protect every login. Enterprise identity integration (SAML, OAuth, Active Directory) is rolling out per organization as identity-provider support expands. Session management with cryptographic precision.
How Sirona is Different
Non-negotiable authentication for every user
No exceptions, no fallbacks. Every user authenticates with a second factor — authenticator app, SMS/phone, or hardware security key. The weakest link in your practice is fixed at the perimeter.
Authentication & authorization infrastructure
Zero-trust architecture with cryptographic session management, fine-grained role-based access control, and real-time audit logging.
Okta MFA
Authenticator app, SMS, and hardware security key support. Flexible, enforced, no opt-outs.
ExploreEnterprise IdP Integration
SAML, OAuth 2.0, and Active Directory support, rolling out per organization for large health systems.
ExploreSession Management
8-12 hour timeouts with 60-second warnings before auto-logout. Django Authtools backend with AWS Secrets Manager rotation.
ExploreRole-Based Access Control
Fine-grained RBAC per user role — radiologist, admin, QA. Principle of least privilege enforced.
ExploreAudit Logging
All authentication events logged to Datadog. WHO, WHAT, WHEN, WHY. Real-time threat detection.
ExploreBuilt for how radiologists actually work
MFA Implementation
Authenticator app, SMS, hardware keys — all required
An authenticator app as the primary method, with SMS and hardware security key (FIDO2) fallbacks. No password-only access. No local usernames stored. Time-synchronized TOTP or push-based verification.
Authenticator app (TOTP, push-based) mandatory for all users
SMS backup for emergency access without hardware
FIDO2 hardware security key support for enhanced security
No local password files — all auth via the identity service
Biometric unlock on authenticator apps (iOS/Android)
SSO & Session Management
Single login powers your entire workflow
One Okta login. Automatic session creation with cryptographically secure tokens. Smart timeouts with user-friendly pre-logout warnings. Backend powered by Django Authtools extending Cognito.
Single sign-on via Okta (no password entry per-application)
Sessions maintained 8-12 hours with smart timeout
60-second logout warning before automatic session termination
JWT tokens with short TTL rotated via AWS Secrets Manager
Django Authtools backend managing session state and revocation
Cross-site session validation with SameSite cookie enforcement
Compliance & Audit
HIPAA, security, and audit — full transparency
Every authentication event is logged. HIPAA BAA in place, backed by an active security-and-compliance program and a regulated, design-controlled SDLC. Credential rotation every 90 days. AES-256 encryption at rest, TLS 1.2+ in transit.
Active SOC 2 program with full MFA coverage
HIPAA compliance with cryptographic controls
Regulated, design-controlled SDLC across authentication infrastructure
All auth events streamed to Datadog in real time
AWS Secrets Manager credential rotation every 90 days
AES-256 at rest, TLS 1.2+ in transit
Enterprise Identity
Fit into your existing identity infrastructure
Okta SSO secures every login today, with enterprise IdP integration (SAML, OAuth 2.0, Active Directory) rolling out per organization as we expand identity-provider support — no credential migration, with group-based access syncing from your source of truth.
SAML 2.0 and OAuth 2.0 enterprise connectors
Active Directory federation — zero credential migration
User provisioning and de-provisioning as IdP rollout lands
Group-based role assignment from IdP
SCIM identity lifecycle support on the rollout roadmap
0
password files stored locally (all via Okta)
10-attempt
lockout threshold per account
Audited
under Sirona's active security-and-compliance program
90-day
credential rotation via AWS Secrets Manager
FAQs
Is MFA truly mandatory, or can users opt out?
How does Okta integrate with our existing Active Directory?
What happens to my passwords under Sirona MFA?
What session timeouts should we configure?
How is Sirona's MFA infrastructure audited for compliance?
Can users use hardware security keys instead of authenticator apps?