Common Challenges with User Management
Many medical organizations and operational teams face challenges with user authentication and access management. It's a burden for the users, and administrative overhead for IT teams.
These include, but are not limited to, the following:
- Password fatigue: Users need to remember multiple passwords for different services, leading to weak or reused passwords.
- Security risks: Without a centralized authentication process, enforcing strong password policies, multi-factor authentication, and security compliance can be inconsistent across systems.
- User management: IT teams struggle with provisioning and deprovisioning accounts manually, which can lead to errors and inefficiencies.
- Helpdesk overload: Frequent password resets and login issues increase the workload on support teams, leading to delays and higher operational costs.
Introducing Single Sign-On (SSO) from Checkit
Single Sign-On (SSO) addresses these issues by allowing users to authenticate once and gain access to multiple applications or services, and will be available for our Medical Monitoring (CAM+, Tutela) platform and soon for the Commercial Monitoring (CAM/CWM) platform. With SSO:
- Convenience: Users only need to remember one set of credentials.
- Security: Stronger, centralized security policies can be applied across all systems, such as multi-factor authentication (MFA) and password complexity rules.
- Efficient user management: IT teams can centrally control user access and ensure compliance, reducing the risk of unauthorized access.
- Reduced support load: With fewer login issues and forgotten passwords, helpdesk requests decrease, improving overall efficiency.
How It Works
Checkit implements SSO using Amazon AWS Cognito, integrating with various Identity Providers (IdPs) to provide centralized authentication for customers. Supported Identity Providers include:
- SAML 2.0 compliant IDPs: For example, Microsoft Active Directory or Shibboleth.
- OpenID compatible IDPs: Such as OpenID Connect, Salesforce, and PingID.
- Google Cloud OAuth.
The sign-on process works by authenticating users and providing access based on managed credentials. This workflow ensures a smooth process for end users and easier management for administrators.
Benefits of Single Sign-On (SSO)
The advantages of implementing SSO into your organization span beyond just simplifying the user experience. Below are a variety of benefits SSO offers, ranging from security to overhead.
- Improved User Experience: Users only need to log in once to access multiple applications, reducing the need to remember multiple passwords and minimizing login frustration.
- Increased Security: Centralized authentication allows for the enforcement of stronger security policies, such as multi-factor authentication (MFA) and password complexity requirements, ensuring consistent protection across all connected systems.
- Reduced IT Overhead: By consolidating authentication into one system, IT teams can manage user accounts more efficiently, decreasing the time and effort needed for password resets and access management.
- Lower Support Overhead: With fewer login issues, helpdesk support demand decreases on both sides, allowing support teams to focus on other important tasks while reducing operational costs.
- Enhanced Compliance: SSO helps organizations maintain compliance with security and privacy regulations by centralizing and simplifying the implementation of access controls and monitoring.
- Streamlined User Management: Centralized access control makes it easier to provision, deprovision, and manage user permissions across all integrated applications, ensuring that only authorized users have access to the necessary resources.
Sign-on Process for End Users
1. User accesses Checkit’s login page and clicks on the “Sign in via SSO” option.
2. The user enters their email address on the Checkit website.
3. Checkit identifies the customer’s Identity Provider (IDP) based on the email domain.
4. The user is redirected to the login page provided by the customer’s IDP.
5. The user enters their login credentials, such as password and multi-factor authentication.
6. The customer’s IDP approves the login request.
7.Checkit grants the user access by looking up their rights and permissions in the Checkit system.
Steps to Get Started
1. Customer provides necessary details: SAML Metadata URL
2. Checkit configures the User Pool: Checkit sets up a User Pool in AWS Cognito for access management within Checkit’s Medical Monitoring (CAM+/Tutela) platform.
3. Checkit shares configuration details: This includes the Identifier (Entity ID), Reply URL (Assertion Consumer Service URL), and custom attribute mappings.
4. Customer manages the User Pool: The customer now manages user access to Checkit through the User Pool.
[NEW UPDATE on November 7, 2024] Implementation of Single Sign-On is largely self-service. Customers will have access to a Sandbox area to test and configure their SSO implementation.
Next Steps
If you believe Single Sign-On would enhance your organization’s security and user experience, please contact your Account Manager, reach out to Checkit’s Customer Success team for further assistance, request a demo or email help@checkit.net. Thanks!