Multi-factor authentication on the systems that touch PHI is one of the highest-leverage technical safeguards you can have. MFA Review surfaces, in one place, who has it on and who doesn't — across the apps your team actually uses.
What MFA Review checks
When you connect Google Workspace or Microsoft 365, Accountable reads MFA enrollment status for every user. It cross-references that against your vendor inventory, so you can see not just who has MFA enabled, but who's missing it on a system that matters.
Why this matters more than 'do you have an MFA policy'
Setting it up
Connect your identity provider
Under
Settings → Integrations, connect Google Workspace or Microsoft 365. Accountable uses read-only API access — it can see enrollment status but can't change it.Open MFA Review
Under People & Training in the left sidebar. You'll see a roster of every employee and their MFA enrollment status.
Acting on gaps
- Send enrollment reminders — Notify affected employees with instructions for the specific app. You can do this individually or ask Compliance Copilot to "send MFA enrollment reminders to everyone who's not enrolled."
- Document exceptions — For the rare service that truly can't support MFA, log the exception so it shows up in your compliance documentation.
- Ignore/unignore — Mark specific MFA statuses to ignore if they're not relevant (e.g., a service account).
Ongoing monitoring
Accountable runs MFA checks periodically and Compliance Copilot can run a fresh check on demand. You'll be alerted if your overall MFA coverage drops.