HomeDocumentationLogin & Authentication
Getting Started
🔐

Login & Authentication

Email-first clinic discovery, two-factor authentication, remember device, and password reset.

Last updated 2026-05-15T23:54:42.185064+00:00

Login flow overview

Clinit uses an email-first discovery flow:


Step 1 — Enter your email address

Step 2 — Select your clinic (one email can belong to multiple clinics)

Step 3 — Enter your password

Step 4 — Enter your 2FA code (only if two-factor authentication is enrolled)


Non-enrolled users never see Step 4. The progress bar reflects the actual number of steps remaining.

Remember this device for 30 days

On the password step, tick "Remember this device for 30 days".


Clinit stores a SHA-256 hashed device token server-side in your user record — never in plaintext. On the next login from the same browser, the password and 2FA steps are skipped automatically for 30 days.


To revoke all remembered devices: Settings > Security > Trusted Devices > Revoke All.

Two-factor authentication (2FA)

2FA is optional for doctors and strongly recommended for Clinic Owners and Admins.


Enrolling 2FA:

  1. Go to Settings > Security > Two-Factor Authentication.
  2. Click Enable 2FA.
  3. Scan the QR code with an authenticator app (Google Authenticator, Authy, 1Password).
  4. Enter the 6-digit code to confirm enrollment.

Logging in with 2FA:

After entering your password, enter the current 6-digit code from your authenticator app. Codes rotate every 30 seconds.


Disabling 2FA:

Settings > Security > Two-Factor Authentication > Disable. You must re-enter your password to confirm.

Password reset

  1. On the login screen, click Forgot password?
  2. Enter your email address and clinic slug.
  3. Check your inbox for a reset link — valid for 1 hour.
  4. Click the link and enter a new password (minimum 8 characters, at least one uppercase, one number).
  5. You are redirected to the login screen automatically.

If you do not receive the email within 5 minutes, check your spam folder or contact your clinic admin.

Account lockout

After 5 consecutive failed login attempts, your account is locked for 15 minutes.


The login screen displays the remaining lockout time. After 15 minutes you can try again. If you believe your account was locked by mistake, contact your Clinic Owner to unlock it manually from Settings > Team > [Your Name] > Unlock Account.

← Previous
🔌 Integrations & API
Was this helpful?
Contact support if something isn't clear.