Manage non-smartcard authenticators as a Registration Authority
Guidance for Registration Authorities on issuing and removing alternative authenticator options in Care Identity Management.
Registration Authorities now have more options to enable health and care professionals to access national clinical information systems. It's no longer mandatory to have a physical smartcard and an HSCN connection.
Secure user authentication over the public internet
Secure user authentication to national clinical information systems is now available over the public internet using:
- Windows Hello
- security keys, including YubiKeys
- iPads
- Microsoft Authenticator
- NHSmail
You can manage each of these in Care Identity Management.
Registering alternative authentication is simple:
- assigning positions formed from role-based access codes to a user's profile hasn't changed
- any updates to a user's profile will be applied across all authenticators registered to them
- new authenticators can be issued remotely and don't have certificate expiry dates
iPads
The NHS CIS2 iPad app enables users to authenticate using their fingerprint.
It is a great option in environments that require ultimate mobility without the need for a smartcard or reader.
Windows Hello
Windows Hello requires no installation of software, certificate renewal or even hardware to carry around.
Users provide their biometrics (face/fingerprint) or a PIN to authenticate.
Security keys
Security keys are typically small physical USB devices that are a simpler alternative to smartcards.
They require no installation of software or certificate renewal and are small and convenient enough to be attached to a set of keys or a lanyard.
Microsoft Authenticator
Microsoft Authenticator allows users to authenticate by providing their username and password, and a 6 digit code from the Microsoft Authenticator app on their phone.
NHSmail
Users with an existing NHSmail account can connect it to their Care Identity profile to use as an authenticator.
Self-registration of non-smartcard authenticators
Users are able to register their own non-smartcard authenticators on their Care Identity profile. Read guidance on how a user can self-register their:
Last edited: 21 January 2025 9:25 am