Frequently Asked Questions
- REDCap at the University of Melbourne
- REDCap accounts
- REDCap and MFA (Multi-Factor Authentication)
- International REDCap MFA Access
- Project and Data Management in REDCap
REDCap at The University of Melbourne
- What does REDCap cost?
REDCap is free to use, but our license requires it only be used for non-commercial, University of Melbourne associated research.
- Can you help me set up a REDCap project for my study, and if so is there a cost?
The University does not directly provide such a service; however, there are introductory and intermediate training workshops that will teach you the relevant skills to do this yourself. The workshops are administered by MISCH and run approximately every 3 months. You can find details of upcoming sessions and book a place on the MISCH training and resources page.
- Will REDCap still be here in N years?
Yes, REDCap is a stable and long term commitment made by the University.
- How secure is the University's REDCap instance?
REDCap is housed on University-owned infrastructure located in Melbourne, Australia, and access to the underlying systems is restricted to central services and the admin team. Our setup has passed a cybersecurity review and is actively monitored and maintained.
The developers of the REDCap software also discuss the system's security in their technical overview.
- Do I need to register for REDCap and if so, why?
Yes, you need to request a REDCap account separate to your University Single Sign-On (SSO) login. REDCap is not currently connected to the SSO system, in part because we need to allow for external collaborators (i.e. people without a University login) to access the system. University users can be granted full-access accounts, and external collaborators can be granted limited-access accounts.
- How do I get a REDCap account?
You will need to submit an account request via our web form; once your account has been created you can login via https://redcap.unimelb.edu.au/.
- What's the difference between a full-access and a limited-access account?
- Full-access account. You must be a University of Melbourne staff member, student, or honorary to be eligible for this type of account, with a valid University of Melbourne email address. Full-access accounts have the ability to create new REDCap projects and remain active indefinitely, unless you choose to nominate an access expiry date. Your University supervisor or head of department is required to sign off on your account request.
- Limited-access account. External collaborators - researchers working at other institutions - are eligible for this type of account. Limited-access accounts cannot create or copy REDCap projects and must have an access expiry date set no later than three years from the date of application. An existing full-access user must be nominated as the sponsor, and they will need to sign off on the application before it will be actioned.
- I have a University REDCap account, but when I try to login it says my access has been suspended; what should I do?
If you have a limited-access account and your access expiry date has been reached, you will need to have your sponsor submit a reactivation request from their sponsor dashboard (accessible from the My Projects page when they first login to REDCap).
Alternately, if you haven't logged in to REDCap for a period of one year or more, then your access will have auto-suspended. Please contact the REDCap support team at firstname.lastname@example.org for assistance.
- I have an existing REDCap account at another institution; can I use it to login to the University instance?
No, each REDCap instance is entirely separate and a login for e.g. the Royal Melbourne Hospital instance will not work in the University instance, or vice versa. You will need to apply for a separate University account as above.
- Is there a way to login to REDCap without an internet connection?
No, you cannot login to REDCap without an internet connection. However, there is a mobile app that you can download on your Apple or Android phone or tablet that can be used to collect data in areas without internet access. When you later return to an area with internet, the data collected on the mobile device can be uploaded to the main REDCap server.
- I think my REDCap account may have been compromised. What should I do?
If you encounter suspicious activity on your University REDCap account, please immediately contact the REDCap support team at email@example.com for assistance.
REDCap and MFA (Multi-Factor Authorisation)
- Why is MFA required to access REDCap?
As per a recent Cybersecurity review, the standard University practice is to provide two-factor authentication access to systems, including REDCap. This will help protect the sensitive and potentially identifying participant information that is stored in the REDCap system.
- What methods of two-factor authentication do you support?
Currently, the only method of authentication supported is via use of either the Google or Microsoft authenticator apps, which can be installed on your Apple or Android mobile phone or other mobile device.
- How do I install an authenticator app?
You can download either the Google or Microsoft authenticator apps by opening one of the following links on your mobile device:
- How do I register my REDCap account in the authenticator app?
See our REDCap MFA enrolment how-to guide.
- When will I be prompted to verify my identity using MFA?
REDCap will ask you to enter your MFA code in the following scenarios:
- Whenever you log in from a new computer;
- Whenever you log in from a country that is different to the country of your last login;
- Otherwise, once every seven days (if you have checked the "Don't prompt me with two-step login on this computer for 7 days" option; otherwise it will ask every time you login).
- How do I verify my identity using the authenticator app?
When prompted by REDCap, open the app on your mobile device. You may have multiple logins for various applications registered in it; if so, scroll until you find the one titled e.g. REDCap: firstname.lastname@example.org. Enter the 6-digit code beneath this title into the prompt field on your computer.
Remember, the access code will refresh every 30 seconds, and your app will give you a graphical indication of the time remaining until the next refresh occurs. If a refresh occurs while you are part-way through typing in your code, you will need to delete the existing digits and type in the new code instead.
- What are the minimum requirements for installing either the Google or Microsoft Authenticator app on my device?
Your device must be running one of the following operating systems:
- Google Authenticator
Android v4.4 or later (Android), or iOS v13.0 or later (iPhone)
- Microsoft Authenticator
Android v8.0 or later (Android), or iOS v14.0 or later (iPhone)
- Google Authenticator
- What do I do if I don't have a mobile device, I'm not permitted to have my mobile with me, or my mobile device doesn't meet the minimum requirements?
Please contact the REDCap support team at email@example.com for assistance.
- Can I use the Google or Microsoft Authenticator app on more than one device?
Yes. Both authenticator apps can be installed on multiple devices.
- Do I need to keep the authenticator app on my mobile device once I have enrolled for MFA?
Yes, as you will need to open the app and type in the verification code each time REDCap prompts you to do so.
- How do I transfer my MFA settings when I get a new mobile device?
You will need simultaneous access to a computer and your new mobile device. Follow these steps:
- On your computer, log in to REDCap (entering the verification code from your old mobile device if prompted).
- In the top right corner, click the Profile icon.
- Under the Login-related options heading, click "Setup Google Authenticator or Microsoft Authenticator for two-step login." A QR code and some instructions will be displayed.
- On your new mobile device, install either the Google or the Microsoft authenticator app and open it.
- Click the "+" button and pick the "Scan a QR code" option, and then scan the code displayed by REDCap on your computer.
- Your REDCap account should now be registered in the app.
- On your old mobile device, delete the REDCap entry in the authenticator app.
- What happens if I delete my authenticator app?
You will need to reinstall it and register your REDCap account in it again! If you are currently logged in to REDCap, or if you are currently within the 7-day authentication window, you can follow the instructions immediately above to re-register your REDCap account in the authenticator app.
If you would need to enter your 6-digit code in order to login, instead please contact the REDCap support team at firstname.lastname@example.org for assistance.
- What do I do if my verification code isn't working?
The most common reason verification codes fail is where this is a mismatch of the time and date settings on your mobile device and your actual location. If you've double-checked these settings and the problem persists, please contact the REDCap support team at email@example.com.
- Can I get a temporary (or permanent) exclusion from MFA?
Multi-factor authentication is mandated by University policy as a requirement to access REDCap. However, in sufficiently urgent situations, you may be granted a temporary exclusion. To request such an exclusion, please contact the REDCap admin team at firstname.lastname@example.org, being sure to specify why it is needed and for how long it is required.
- I don't want to download the Google or Microsoft Authenticator apps on my mobile device because...
... I am concerned about my privacy:
- Both apps have passed both the respective app store vetting processes and also the University's own security assessment;
- The University has no access to the app on your phone, and cannot view any of the data on your phone, other apps installed, monitor calls, or track your location;
- No personal information is stored by either app, and they only require permission to use your device's camera in order to scan the QR code that registers the relevant account;
- Both apps can operate offline via the rolling 6-digit code that updates every 30 seconds;
- Both apps do NOT require that you link them to a particular phone number.
- The University encourages all staff and students to use their personal mobile device to verify their identity;
- Providing a university-issued device to each user is not possible due to the high cost;
- The security provided by MFA greatly enhances the protection of not just University information but also your personal information;
- The use of MFA is a requirement for ongoing access to university services.
- Both apps use minimal resources on your smartphone, and you only need to open one when prompted by REDCap.
International REDCap MFA Access
- I will be travelling overseas soon. What should I do before I leave?
As long as you have already registered your REDCap account in Google or Microsoft authenticator, you don't need to do anything. Be sure to take your mobile device with you as you will be prompted to verify your identity when you login while overseas.
- Can I use either Google or Microsoft authenticator without international data/roaming data?
Yes, you can use either app even when you have no data on your mobile device.
- Do I need a SIM card with mobile data?
No, you can use either app even when you have no data on your mobile device.
- I am an external collaborator who works outside of Australia. Can I enrol in MFA from overseas?
Yes, simply follow the normal enrolment process and scan the QR code on your mobile device when prompted.
- I am in China/another location that blocks access to the app store. What should I do?
Due to the restrictions on mobile services in China, you won't be able to download and install either Authenticator app from the Google Play store.
Please contact the REDCap support team at email@example.com for assistance.
Project and Data Management in REDCap
- Can I create multiple projects using one REDCap account?
Yes, as long as you have a full-access account (see here). In fact, we strongly encourage each user to use a single University REDCap account and create new projects in it as required, rather than requesting a new account be created for each project.
- How do I gain access to other people's projects?
By default, you can’t see any projects other than those you create yourself. However, the owner or maintainer of another project can choose to give you access to their project via the User Rights screen.
- Is my research data automatically backed up?
The REDCap database is backed up regularly, but because the backup is a whole-of-server image there isn’t a way to extract just the relevant portion out of it in the event you accidentally delete or corrupt your project. As such it is your responsibility to regularly back up your data and store it on a secure research drive.
- I don't have a backup and some of my research data was deleted, what can I do!?
As an option of last resort, you can export some or all of the record created/updated/deleted entries from your project's audit log, and reconstruct your data based on this. This has to be done manually, so the time you will need scales linearly with the amount of data lost.
See our Recovering Deleted or Overwritten Record Data how-to guide for comprehensive instructions on how to do this.
- I made a change to my project structure and some of my data is corrupted or missing, what happened?
REDCap projects start off in development mode, where can you make changes freely even if they would result in data corruption or deletion - for example, changing a multiple-choice question to a free-text-answer one. The expectation is that you are only working with test or dummy data while your project is in this mode.
When you are ready to start collecting real research data, you must move your project to production mode, which can be done via a button at the bottom of the Project Setup screen. Once you do this, REDCap enables several safeties, and whenever you would make a change that might corrupt or delete data, the change is sent through to the REDCap support team to review. The support team will get in touch if they have any concerns about your proposed changes.
Almost all instances of lost or corrupted data originate from projects that were not moved to production mode - don't let it happen to you!
- I created a new form in the Online Designer, but I can't see it anywhere else - where has it gone?
When you add a new form to a production mode project, by default it is hidden from all users (including you!) This is a security measure so that there is no possibility for users to access the data stored on the new form when they shouldn't be allowed to.
To make the form visible to the appropriate users, you will need to go the User Rights screen and update each user's permissions. The new form's Data Viewing Rights will be set to "No Access (Hidden)" and its Data Export Rights to "No Access".
If you don't have the required privileges to edit the project's User Rights, you will need to get in touch with the project owner or maintainer and ask that they make the relevant permission changes on your behalf.