NHS Single Sign On: User adoption challenges

By December 12, 2019NHS, Technology
password struggle

In the second of our NHS Single Sign On challenges series, Marc Poulaud, CTO at Isosec, discusses the key challenges for users when accessing their multiple systems in the NHS. 

In my previous article, we covered the challenges around infrastructure when implementing a Single Sign On solution. In this article, I’ll take a look at the challenges that users face and how we can solve them, including:

  1. Smartcard challenges
  2. Multiple device access
  3. Password Reset problems


The Smartcard challenge

Most NHS Trusts are still heavily dependant on physical smartcards for system authentication. Unsafe workaround tactics such as lost or stolen cards, cards left in readers (sometimes cut in half to evade detection by IG) or passwords left around machines not only create a headache for users, they’re a huge risk to information and safety and access.

And even if Trusts are using Single Sign On solutions already, many aren’t really ‘true’ Single Sign On solutions – often users still have to tap smartcards twice or don’t have access to every single system in one tap, such as the NHS Spine. Using smartcards combined with remembering passwords and then having to authenticate to a variety of clinical systems and the NHS Spine is a lot for users to do in one action, not to mention time consuming and inefficient.

We’ve looked to solve these issues for Trusts by combining our powerful Identity Agent with our Virtual Smartcard technology – the first and only virtual smartcard solution for the NHS – which has enabled true Single Sign On for NHS system users.

Virtual Smartcard virtualises the physical NHS smartcard into the cloud. This means users can access their clinical workspace and applications using a more convenient form of authentication like a One Time Passcode, a QR code, a HR issued card or a biometric.

When combined with Virtual Smartcard, SSO automatically authenticates the user to the NHS Spine. This is powerful, as it gives the user the simple and quick experience of logging on once, all without the need for a physical card at all.


On the move – challenges for mobile users and multi-device access

For NHS staff who are constantly on the move, such as consultants or A&E staff, getting access to information from one machine to another, let alone from another department, can be a big challenge. When users move location or device and want to pick up where they left off, they often have to reboot systems and login to those that aren’t available on their VDI. All the while they’re wasting valuable time trying to gain access to the information that they need to provide safe, effective and timely patient care.

Having an SSO solution that simply allows users to pick up where they left off saves time and improves the whole experience for system users, allowing them to focus on the task in hand rather than frustrating user experiences that disrupt their work. Virtual Smartcard allows this to happen.

Virtual Smartcard also reduces the challenges around locked cards with a self-service approach that allows users to unlock their own Virtual Smartcard and reset the passcode. Each reset saves approximately 30 minutes of clinical time and can be done whenever, wherever. This eliminates the issue of a physical smartcard password reset where they where users often have to travel across a Trust site, or sometimes even to a different site altogether again wasting time that could be better spent on patient care. For mobile users this could mean having to travel back to base more often than necessary for a visit to IT to unlock their card.


Password Problems

All this tech is great, but I’m locked out of my account and can’t Single Sign On to anything!

Another issue that slows users down is when they are locked out of one of their accounts. Ordinarily, they would phone the IT helpdesk to ask for a password reset. This not only presents an additional burden and cost to the organisation, but also introduces security risks through being unable to properly authenticate the user over the phone; plus the fact that the helpdesk staff will know the new password. This is where Password Reset Self Service provides a very useful addition to SSO by enabling a user to unlock their own accounts. It can also be used to authenticate a user who calls the helpdesk against the set of registered questions and answers used as part of the Password Reset Self Service.

Our SSO technology is constantly evolving to make sure we tackle these system challenges that our customers, Trusts and users alike, are facing. Future developments will include FIDO2 key authentication, and the ability to use Isosec’s Authenticator app to authenticate using a QR code, one time passcode and push notification which will help users with all of the topics we’ve covered here by providing more options for secure authentication to suit their preferences and needs.


If these challenges sound familiar to you and you would like more information on NHS Single Sign On from Isosec please get in touch so we can help to address them and make access and authentication for the NHS easier with innovative solutions.

Harry Robinson

Author Harry Robinson

More posts by Harry Robinson