Skip to main content

Manage non-smartcard authenticators as a Registration Authority

Guidance for Registration Authorities on registering and deregistering alternative authenticator options in Care Identity Management.

Page contents

Registration Authorities now have more options to enable health and care professionals to access national clinical information systems. It's no longer mandatory to have a physical smartcard and an HSCN connection.

Secure user authentication over the public internet

Secure user authentication to national clinical information systems is now available over the public internet using:

  • Windows Hello for Business
  • security keys, including YubiKeys
  • iPads
  • Microsoft Authenticator

You can manage each of these in Care Identity Management.

Registering alternative authentication is simple:

  • assigning positions formed from role-based access codes to a user's profile hasn't changed
  • any updates to a user's profile will be applied across all authenticators registered to them
  • new authenticators can be issued remotely and don't have certificate expiry dates

iPads

The NHS CIS2 iPad app enables users to authenticate using their fingerprint.

It is a great option in environments that require ultimate mobility without the need for a smartcard or reader.

Register or deregister an iPad

Managing iPads

If a user already has an iPad, they can also register it on their own Care Identity profile to use as an authenticator.

Windows Hello for Business

Windows Hello for Business requires no installation of software, certificate renewal or even hardware to carry around.

Users provide their biometrics (face/fingerprint) or a PIN to authenticate.

Register or deregister a Windows Hello for Business device

Windows Hello for Business

Security keys

Security keys are typically small physical USB devices that are a simpler alternative to smartcards.

They require no installation of software or certificate renewal and are small and convenient enough to be attached to a set of keys or a lanyard.

Register or deregister a security key

Security Keys

Microsoft Authenticator

Microsoft Authenticator allows users to authenticate by providing their username and password, and a 6 digit code from the Microsoft Authenticator app on their phone.

Note: this option is in pilot and is only available to specific, invited organisations.

Register or deregister a Microsoft Authenticator device

Microsoft Authenticator

Last edited: 28 December 2023 2:36 pm