When your Carerix is enabled on the new Identity & Access Management platform of Carerix a couple of access related settings have a new place to be configured: The Identity Access Menu. The Menu can be found in the maintenance section of Carerix and is only available for system administrators.
IAM Settings tab
The IAM settings tab contains multiple settings that influence human access to the database through the regular Carerix Graphical User Interface (GUI). The settings extend or lower the security of the database and the data it contains.
Session Time Out
Every time one logs in to Carerix a 'session' is started. Carerix recognizes the user based on his username and password and applies its user role permissions. Once you actively log out using the log out button in the top right user menu, the session will be terminated. However, when you close the browsers tab or just leave your device without actively logging out from Carerix the session remains active. To make sure that sessions are terminated eventually, the session time out is here. The value for session time out indicates the amount of time a session can be left inactive. After this time the session will be closed and the user needs to re-login to continue in Carerix. Default value is 40 minutes.
Masteruser Access
Masteruser is being used by Carerix Support. It enables our support heroes to quickly access your system and impersonate users to typically see if a problem as noticed is reproducible. This typially helps in determining the issue and reduces the time to resolution dramatically. Masteruser access is being logged in the system so it is clear what Carerix employee used the Masteruser to access your database. As Carerix works following the privacy & security by design principles, we find it important that customers actively consent with this kind of access. Therefore during implementation of the system you are actively asked to allow Carerix to use the Masteruser by configuring this setting to YES. If - at any point in time - you feel you want to revoke this permission, the setting can be switched back to NO. Easy as you are.
Multi Factor Authentication
How Multifactor Authentication works from a user perspective is explained in this article. By default MFA is 'Optional' which means users can configure it individually always but are not required to. From a security perspective it can be desirable to have all users forced to use MFA. Set this setting to 'Required' and all users will be asked to set up MFA during their next login attempt.
Identity Providers Tab
If you want to use user federation services or a Single Sign On setup, on this tab it is where it all starts. With Carerix it is possible to connect with a wide range of identity providers. We provide relatively easy ways to connect with Microsoft Azure, Google and SAML/ADFS. With the OpenID option it is possible to connect other identity providers like OKTA as well.
To setup an Identity provider go to the Identity Providers tab in the Identity Access menu and use the 'Add Provider' button and exchange the required information between Carerix and your Identity Provider:
Once configured your additional sign in option(s) are added to the login screen and can be used by your users:
Please note that the setup of an IDP requires an actual IDP on your side and its specific configurations strongly determine the proper functioning of it in combination with Carerix. Each type of IDP had its own particularities which need to be taken into account.
For a specified set up guide per IDP option, please refer to the following dedicated help articles:
OpenID (instruction not available yet)