Skip to main content

News

NHS Digital Identity Agent v2 is now on general release and available for download

18 October 2016 - The Identity Agent is an installable component that resides on every device that acts as a point of access to Spine systems. That is, every Windows desktop in a hospital, GP surgery, or other organisation where a clinical role is performed.

Download site

http://nww.hscic.gov.uk/dir/downloads/

This site provides:

  • NHS Digital IA v2.1.2.16
  • all supporting components, including middleware
  • release documentation

Overview

The Identity Agent is an installable component that resides on every device that acts as a point of access to Spine systems. That is, every Windows desktop in a hospital, GP surgery, or other organisation where a clinical role is performed.

NHS Digital Identity Agent v2 (IA v2) is a new version of this software. Along with other improvements, it has been designed to provide more secure and convenient ways of working with identity access than previous versions, through the introduction of two new modes: ‘Session Lock Persistence’, and ‘Mobility’.

Session Lock Persistence

If a user removes their Smartcard in order to temporarily leave their workstation, they are able to ‘lock’ their Spine session. On re-insertion of their Smartcard, the user is able to re-authenticate and continue their Spine session, with no loss of state.

This mode is targeted at ‘desktop’ usage.

Mobility mode

This mode enables users of mobile devices running a Windows OS to authenticate, remove their Smartcard from the device for secure storage (lanyard etc.), and then continue working as normal. For the purposes of maintaining identity security, a number of timers trigger in this mode, ensuring the user is periodically required to re-authenticate.

This mode is targeted at ‘tablet’ usage.

Normal mode

By default (without any specific configuration), IA v2 will operate in ‘Normal’ mode. This is a legacy mode of operation, whereby removing a Smartcard automatically and immediately terminates the Spine session. This ensures the broadest possible compatibility with any third-party applications.

Other benefits include:

  1. An improved role selection form – more configurable, and now including Org Code.
  2. More compatibility than previous Identity Agents, including support for; Windows 7 / 8.1, both 32 and 64-bit, and Windows 10 64-bit; Java v7 / v8; All series of Smartcards (including the latest Series 8).
  3. Faster to authenticate than HSCIC IA v1.
  4. A number of security enhancements.
  5. IA v2 now supports those employing  ‘fast-user-switching’ and ‘follow-me-session’ ways of working.

Fast-user-switching is the method of using multiple Windows accounts and discrete respective Spine sessions on a single workstation.

Follow-me-sessions describe the method of connecting / disconnecting to ‘remote’ or VDI (Virtual Desktop Infrastructure) sessions, from different workstations, whilst maintaining a single Spine session.

Supporting information

IA v2 is likely to be compatible with third-party application(s)

System suppliers have been formally invited to integration test IA v2 against their software, and in the vast majority of cases they have reported that this has been successful. However prior to installation of IA v2 please confirm its compatibility status against your particular suite of third-party applications, with their suppliers.

Registry changes and configuration

With a default installation, IA v2 will:

  • authenticate into Live
  • be in ‘Normal’ mode
  • not launch any web browser applications on login
  • close down all browser sessions on logging out

In order to activate the following features, there is a small amount of registry modification required:

  1. ‘Session Lock Persistence’
  2. ‘Mobility’ mode
  3. Automatic launch of specific Spine web applications on login
  4. Automatic closure of specific (or no) web browsers on logout

IA v2 works with the middleware (Gemalto) already in use with BT IAs and HSCIC IA v1

However please note that if uninstalling a BT Identity Agent, this will also remove the Gemalto middleware, and so the middleware will require re-installing in addition to the installation of IA v2 (the two components are not part of the same installation package).

To clarify, IA v2 does not require Oberthur middleware (unless as per IA v1, the user is performing CMS functions through the CIS application on Oberthur Smartcards).

Find support or provide feedback for NHS Digital IA v2

NHS Digital IA V2’s ‘Known Issues’ are listed in the Release Notes, and a ‘Troubleshooting Guide’ is available in the Administrators Guide.

A forum exists on NHS Networks for further information, feedback and questions: https://www.networks.nhs.uk/nhs-networks/identity-agent

There is also now also an Identity Agent team on Slack, where you can join and post queries and minor support issues: https://identityagent.slack.com

Formal support calls however should be placed as normal with the National Service Desk by calling 0300 303 5678.

Alternatively, send an email to iam@nhs.net, and we’ll get back to you.


Contact us

Media enquiries

Email: media@nhsdigital.nhs.net

Phone: 0300 30 33 888


Last edited: 10 September 2018 3:46 pm