This site provides:
- NHS Digital IA v220.127.116.11
- all supporting components, including middleware
- release documentation
The Identity Agent is an installable component that resides on every device that acts as a point of access to Spine systems. That is, every Windows desktop in a hospital, GP surgery, or other organisation where a clinical role is performed.
NHS Digital Identity Agent v2 (IA v2) is a new version of this software. Along with other improvements, it has been designed to provide more secure and convenient ways of working with identity access than previous versions, through the introduction of two new modes: ‘Session Lock Persistence’, and ‘Mobility’.
Session Lock Persistence
If a user removes their Smartcard in order to temporarily leave their workstation, they are able to ‘lock’ their Spine session. On re-insertion of their Smartcard, the user is able to re-authenticate and continue their Spine session, with no loss of state.
This mode is targeted at ‘desktop’ usage.
This mode enables users of mobile devices running a Windows OS to authenticate, remove their Smartcard from the device for secure storage (lanyard etc.), and then continue working as normal. For the purposes of maintaining identity security, a number of timers trigger in this mode, ensuring the user is periodically required to re-authenticate.
This mode is targeted at ‘tablet’ usage.
By default (without any specific configuration), IA v2 will operate in ‘Normal’ mode. This is a legacy mode of operation, whereby removing a Smartcard automatically and immediately terminates the Spine session. This ensures the broadest possible compatibility with any third-party applications.
Other benefits include:
- An improved role selection form – more configurable, and now including Org Code.
- More compatibility than previous Identity Agents, including support for; Windows 7 / 8.1, both 32 and 64-bit, and Windows 10 64-bit; Java v7 / v8; All series of Smartcards (including the latest Series 8).
- Faster to authenticate than HSCIC IA v1.
- A number of security enhancements.
- IA v2 now supports those employing ‘fast-user-switching’ and ‘follow-me-session’ ways of working.
Fast-user-switching is the method of using multiple Windows accounts and discrete respective Spine sessions on a single workstation.
Follow-me-sessions describe the method of connecting / disconnecting to ‘remote’ or VDI (Virtual Desktop Infrastructure) sessions, from different workstations, whilst maintaining a single Spine session.
IA v2 is likely to be compatible with third-party application(s)
System suppliers have been formally invited to integration test IA v2 against their software, and in the vast majority of cases they have reported that this has been successful. However prior to installation of IA v2 please confirm its compatibility status against your particular suite of third-party applications, with their suppliers.
Registry changes and configuration
With a default installation, IA v2 will:
- authenticate into Live
- be in ‘Normal’ mode
- not launch any web browser applications on login
- close down all browser sessions on logging out
In order to activate the following features, there is a small amount of registry modification required:
- ‘Session Lock Persistence’
- ‘Mobility’ mode
- Automatic launch of specific Spine web applications on login
- Automatic closure of specific (or no) web browsers on logout
IA v2 works with the middleware (Gemalto) already in use with BT IAs and HSCIC IA v1
However please note that if uninstalling a BT Identity Agent, this will also remove the Gemalto middleware, and so the middleware will require re-installing in addition to the installation of IA v2 (the two components are not part of the same installation package).
To clarify, IA v2 does not require Oberthur middleware (unless as per IA v1, the user is performing CMS functions through the CIS application on Oberthur Smartcards).
Find support or provide feedback for NHS Digital IA v2
NHS Digital IA V2’s ‘Known Issues’ are listed in the Release Notes, and a ‘Troubleshooting Guide’ is available in the Administrators Guide.
A forum exists on NHS Networks for further information, feedback and questions: https://www.networks.nhs.uk/nhs-networks/identity-agent
There is also now also an Identity Agent team on Slack, where you can join and post queries and minor support issues: https://identityagent.slack.com
Formal support calls however should be placed as normal with the National Service Desk by calling 0300 303 5678.
Alternatively, send an email to firstname.lastname@example.org, and we’ll get back to you.