NHS CIS2 Care Identity Authentication
Verify the identity of healthcare workers in England, such as NHS staff, using the NHS Care Identity Service 2 (CIS2). CIS2 uses the OpenID Connect (OIDC) standard to provide single sign-on across local and national digital services using smartcards or modern alternatives.
Overview
Use this integration to access NHS Care Identity Service 2 (NHS CIS2) - the national service for verifying the identity of healthcare workers in England, such as NHS staff, when they access national clinical information systems. You can also get basic profile information about these end users.
You can authenticate the healthcare workers using:
- a CIS smartcard - with or without the Credential Management Application
- an iPad
- a Windows 10 tablet
- a security key
For further details, see Ways to authenticate using NHS Care Identity Service 2.
Who can use this integration
This integration can only be used where there is a legal basis to do so. Make sure you have a valid use case and Check if NHS CIS2 fits your needs before you go too far with your development.
You must do this before you can go live (see 'Onboarding' below).
Status
This integration is in production.
Service level
This integration is a platinum service, meaning:
- it is operational and supported 24 hours a day, 365 days a year
- it has an availability of 99.9% in supported hours
For more details, see service levels.
Technology
This integration uses OpenID Connect 1.0 (OIDC) authentication standard which is a simple identity layer on top of the OAuth 2.0 protocol.
OIDC uses a combination of an API and user interface integration.
For more details, see NHS Care Identity Service 2 guidance for developers.
Network access
This integration is available on the internet and, indirectly, on the Health and Social Care Network (HSCN).
To strongly authenticated a healthcare worker using an NHS smartcard, you need an HSCN connection.
For more details see Network access for APIs.
Environments and testing
For detailed guidance on NHS CIS2 environments and testing, see the NHS Care Identity Service 2 path to live process.
Onboarding
You need to get your software approved by NHS CIS2 Authentication before it can go live with this integration. We call this onboarding. The onboarding process can sometimes be quite long, so it’s worth planning well ahead.
For onboarding with NHS CIS2, follow the guidance available at:
Interactions
The Care Identity Authentication uses OIDC's most commonly used Authorization Code Flow which is designed for use with web applications.
It has the following endpoints:
- Token
- UserInfo
- authorize endpoint
- .well-known endpoint
- jwks endpoint
For further details, see Authorization Code Flow or contact us.
Last edited: 10 July 2024 10:13 am