Skip to main content
Ways to authenticate using NHS Care Identity Service 2

Guidance and information on the different ways you can authenticate using NHS Care Identity Service 2 (NHS CIS2), including the devices you can use.

Introduction

NHS CIS2 offers a single integration process for multiple authentication mechanisms. You can find out more information on the ways to authenticate with NHS CIS2 on this page. For information relating to authenticating in a Path-To-Live environment, please see NHS CIS2 Path to Live process.


Care Identity Service (CIS) smartcard authentication

With the Credential Management Application

We have developed the ability to enable current smartcards users to access internet facing services. Smartcards and access control are secure measures by which clinical and personal information is accessed by only those that have a valid reason to do so. In the future users will be able to use smartcards without a HSCN (N3) connection.

Essentials Benefits

NHS smartcard

Secure authentication to new internet facing services, for example the Summary Care Record application (SCRa) private beta

Permissions/roles sourced and checked

No change to your current Smartcard or card reader

Software (Identity agent and the Credential Management Application)

 

A modern internet browser, for example Chrome, Edge and Firefox

 
Connection to the Health and Social Care Network (HSCN)*, previously known as N3.  

*Within our future roadmap, there is an opportunity for development of authentication with smartcard outside of HSCN.

Without the Credential Management Application

In situations where the NHS CIS2 hub cannot be installed, we have developed an interim enhancement which allows smartcard authentication to OIDC applications without using the NHS CIS2 hub.

Essentials Benefits
NHS Smartcard Secure authentication to new internet facing services, for example the Summary Care Record application (SCRa) private beta
Role based access assigned Role based access assigned
NHS CIS2 agent Approved method of authentication where there are delays installing the Credential Management Application

Chrome Smartcard plugin for Google Chrome or Microsoft Edge v79 or above.

Java 8 or Active X for IE11

Single solution for any organisation whose applications are not connected via the Credential Management Application – smartcards can be used to access existing smartcard applications as well as new OIDC applications
  Applications can migrate to OIDC whilst users are still on old technology
  Integrates with the existing smartcard solution

 

The NHS CIS2 authentication service will use information sent by the browser to determine the most appropriate authentication mechanism. It will use either the Chrome Smartcard plugin, an ActiveX Control or a Java applet to access the smartcard software and authenticate the user.

Due to Internet Explorer not using the same high level of identity security protocols, we do not encourage using it as part of NHS CIS2 solutions.


iPad authentication

We have designed and developed a secure biometric authentication system for users who have an individually assigned iPad.

This solution enables access to the Summary Care Record application (SCRa) private beta. This can be useful for direct patient care and being able to reference medication and potential conditions whilst mobile.

Essentials Benefits

Apple iPad allocated to a single person (generation 5 and above)

Quick access whilst mobile

iOS version 11 and above

Able to use internet to access services

Organisational Mobile Device Management (MDM) Facility

Secure authentication to relevant patient records without a smartcard

Access to Registration Authority (RA) function

 

Windows 10 tablet authentication

Windows 10 tablets utilise the FIDO2 protocol to authenticate to online services.

Essentials Benefits

Approved Windows 10 devices

Quick access whilst mobile

Access to Registration Authority (RA) function

Able to use internet to access services

Organisational Mobile Device Management (MDM) Facility

Secure authentication to relevant patient record without a smartcard

Permissions/roles sourced and checked

 

Security keys authentication

A hardware security key is a small physical device that looks like a USB thumb drive and connects to devices via a USB port (some can connect with NFC). This new solution will allow a user to register an individual security key to enable them to authenticate with NHS CIS2.

Essentials Benefits
Approved device with operating systems Windows 8.1 and Windows 10

Quick access whilst mobile

Access to Registration Authority (RA) function

Able to use internet to access services

Each individual user must have their own security key No additional software is needed as it uses open standards
Approved security key Secure authentication to patient records without the need for a smartcard
  Users can share devices with their own individual security key

Further information

Last edited: 5 October 2021 8:28 am