Simplifying Logins: The Power of Identity Federation within Healthcare

Managing Multiple Patients and Passwords

“Too many patients, too many windows, too many passwords.” As the phone rang in the background of our Teams call, a social worker colleague made this comment off-hand trying to log in to an app to look something up, and the moment crystallized for me the pressures of the modern healthcare environment. Our front-line colleagues have a higher patient load than ever, with myriad web-based point solutions to coordinate patient care, all of which require their own secure passwords. Layer on top of that the complexity requirements that all of these apps impose to keep data secure, and we end up with a frustrating mess. So what can we do about it? Identity Federation enables single sign on, lightening the burden of remembering passwords.

What is Identity Federation?

Identity Federation, also referred to as single sign on, is the act of directly connecting an application to a customer’s main identity system. In order to set it up, a vendor application exchanges information with the customer’s identity management system to identify themselves to each other. This ensures that both systems can verify that requests for sign on are legitimate.

Once set up, when a user attempts to log in, the vendor application will ask the customer’s identity management system whether the user is allowed to log in. The identity management system will then follow its normal flow to authenticate the user and allow sign-on. It may ask the user to enter their password, or respond to a multi-factor authentication request, but most likely the user has already authenticated themselves on that computer by logging in to it. With a positive response from the identity management system, the vendor app logs the user in, no separate password required.

Too Many Passwords Leads to Bad Behaviors

We know our end users are juggling tens of different applications on a daily basis. When each of them requires their own password, that needs a capital letter, a lowercase letter, a number, and a symbol, remembering which password goes to what application can become an impossible task. People will lighten the cognitive load associated with remembering passwords by any means necessary, including:

• Re-using the same password
• Writing down passwords on a post-it note, stuck to the computer monitor
• Including easy-to-guess words or phrases in the password
• Changing passwords by adding a number on the end (I’m guilty of this one)
• Some or all of the above in combination

How Does Identity Federation Help?

We’ve talked about how users will reduce the mental load of remembering passwords by any means necessary. What if we reduced the number of passwords that a user has to remember to one? This is the promised land of identity federation. When a user only has to remember the password they use to log in to their computer, that password can be stronger. Single sign on reduces cognitive load, allowing end users to concentrate on the things that truly matter. From a security perspective, identity federation provides a multitude of benefits:

• User passwords are only stored in one identity manager. This reduces the number of opportunities for a password breach.
• All security policies that are in force on the core identity manager immediately apply to downstream vendor apps. Need to enforce password complexity policy? Done. Vendor doesn’t support MFA on their end? No worries, just use yours.
• User provisioning and de-provisioning are handled in the core identity manager. This means not having to manually revoke access to tens of vendor apps when someone leaves the company.
• Managing roles within vendor apps with the use of access groups within the identity manager allows security teams to grant access on a more granular basis. This makes it easier to ensure that users have the least access necessary to do their jobs.

Identity Federation with Roundtrip

Ready to talk identity federation with Roundtrip? We can connect to your identity manager in the industry standards of SAML and OIDC. In addition, we offer direct integrations to Microsoft Entra ID (formerly Active Directory), Okta, Auth0, Google, and Ping Federate. We’ve got a handy implementation guide here.