Knowledge base » Release notes - EpiDirectory » 2022/05/04 EpiSoft Release Notes (EpiDirectory Authentication platform Upgrade)
2022/05/04 EpiSoft Release Notes (EpiDirectory Authentication platform Upgrade)
Please contact help@episoft.com.au if you would like new LOGIN features activated in your system, or if you have any other questions.
With the increasing rise of cyber attacks and as a mandatory prerequisite for ePrescribing on cloud platform, EpiSoft has enhanced our user authentication platform, EpiDirectory, to mitigate the risk of a user’s compromised credentials impacting EpiSoft customers in any way. These options will cover 2 Factor authentication and also SAML.
EpiDirectory Upgrade - general changes and navigation
EpiSoft regular users will not notice any changes to the way you login - this will still be via a My Communities page and link to your organisation. However system administrators managing user accounts and other organisation details will notice a change to navigation in the EpiDirectory platform.
These changes are:
Changes to the layout of the new user page to position all the mandatory fields at the top of the page near each other
Changes to the navigation where sub-menu items (such as user community roles) are available either by a tab (called Security) OR by clicking the Security icon at the end of the user list.
Link to the sites management list either via a tab under the organisation or by clicking the Manage Sites icon at the end of the Organisation record
The functionality within the pages is otherwise the same as previous version.
New user registration and password reset
Changes have been made to new user registration and password reset.
The user is no longer issued a temporary password that shows visible on screen to system administrators - rather they will receive a unique link to complete their new user registration or password reset.
IMPORTANT - for added security, it is important to note that these email links now only last for 24 hours so please get your users to action new user registration or password reset emails promptly.
If your user fails to action this link within 24 hours of it being sent, you will need to go to the user page again and either click the button Resend Registration Email or Reset Password whichever is applicable.
For end users resetting their own password, this will be same as previous steps where users will be asked their user name folllowed by their challenge questions and answers.
2-Factor Authentication
2-Factor Authentication (2FA) is now available as a login option for all EpiSoft organisations, including epi-me, eAdmissions and EpiSoft system users. It is for staff login and does not affect patients using the epi-me portals.
All organisations (except organisations that wish to implement SAML authentication instead) are encouraged to adopt this additional user authentication measure for added security.
Each organisation can choose to have 2FA enabled or not. The 2nd factor will be remembered for that user for that device and that browser for 30 days and then will ask you to enter the validator code again. Your users can tick 'remember me' so they don't have to be prompted for second factor at every login.
The user will be asked for the 2nd factor (code from app) again if:
1) they use a different device to access EpiSoft
2) 30 days have elapsed since their last 2FA check
3) they clear their browser cookies
4) they use a different browser (that is switch from Edge to Chrome)
Please ensure your users are aware they should never select 'remember be' on a shared computer or other device or a that is not secure / unique to them.
Before any organisation can implement 2FA, your organisation will need to confirm an implementation plan, and relay this plan to all end-users well ahead of implementation. All organisations must have the available support to assist your end-users in re-authenticating their EpiSoft accounts to ensure business continuity.
In preparation for switching on 2FA, please ensure you have completed the following checklist
All your users are using a modern supported browser (Chrome, Edge, Firefox) - We do not guarantee this function will work on IE11 (for which we are in the process of withdrawing support)
All your users have a Smartphone
All your users have downloaded an Authenticator App of your organisation's choosing (eg Google Authenticator, Microsoft Authenticator etc)
If you are planning on implementing 2 factor authentication, please let us know via help@episoft.com.au so that we can schedule an implementation plan with you. We will need to stagger the roll out across different customers in order to provide dedicated assistance to you and your end users as it will be a login change to your end users.
Once you have completed the checklist and we have jointly agreed a date for implementation, we will switch this function on for you.
Once the functionality is enabled for your organisation or community, all existing users will be prompted at their next login to scan the QR code to obtain a validator code to their authenticator app.
All new EpiSoft users will be sent a Registration email (from mp-reply@episoft.com.au) that contains a their Username, plus a link to finalise their password and 2FA credentials.
Once the link from the email has been clicked, users will confirm their password, as well as their two security questions and answered which are essential when retrieving forgotten passwords.
Users will then be displayed the page below, where they will be required to complete the final step of the 2FA process.
The QR code scan should take you to your Authenticator App to complete the setup. However if it does not automatically do this, open your Authenticator App, there should be a little PLUS + sign in the bottom right. If you click this you will get option to scan the QR code from within the app.
If you have multiple login accounts to EpiSoft, you may need to do this. You can store 2 factor validator codes for all your different user names in the same app.
What to do if you get a new phone
If you get a new phone after implementing 2 factor, once the Authenticator app is installed on their new device, you will need contact your local EpiSoft administrator (not EpiSoft) who can reset your account to 'not configured for 2FA' to be resent the QR code.
System administrators - before removing a 2FA configured account by editing the user and hitting the button, please use the challenge questions and answers to verify the end user identity if you are not familiar with the end user.
Please ensure you follow the app instruction steps to remove the login token from your old phone.
SAML
SAML, or Security Assertion Markup Language, is a different means of accessing EpiSoft that allows your hosptial to share your staff's hospital network login credentials with EpiSoft. The user's and their roles will still be required to be setup in EpiSoft as per normal, although we are looking to also share roles details as well in the future. Once logged into the hosptial network, users will be able to access EpiSoft without needing to re-enter their login details.
SAML users will access EpiDirectory via a dedicated URL to their organisation.
SAML access is only available to the Epi-Me customers that are in separate communities and is not currently available to EpiSoft main platform customers. Implementation of SAML is subject to a separate project plan and test cycle per epi-me customer. We would be happy to provide a quote for your move to SAML upon request.
With the increasing rise of cyber attacks and as a mandatory prerequisite for ePrescribing on cloud platform, EpiSoft has enhanced our user authentication platform, EpiDirectory, to mitigate the risk of a user’s compromised credentials impacting EpiSoft customers in any way. These options will cover 2 Factor authentication and also SAML.
EpiDirectory Upgrade - general changes and navigation
EpiSoft regular users will not notice any changes to the way you login - this will still be via a My Communities page and link to your organisation. However system administrators managing user accounts and other organisation details will notice a change to navigation in the EpiDirectory platform.
These changes are:
Changes to the layout of the new user page to position all the mandatory fields at the top of the page near each other
Changes to the navigation where sub-menu items (such as user community roles) are available either by a tab (called Security) OR by clicking the Security icon at the end of the user list.
Link to the sites management list either via a tab under the organisation or by clicking the Manage Sites icon at the end of the Organisation record
The functionality within the pages is otherwise the same as previous version.
New user registration and password reset
Changes have been made to new user registration and password reset.
The user is no longer issued a temporary password that shows visible on screen to system administrators - rather they will receive a unique link to complete their new user registration or password reset.
IMPORTANT - for added security, it is important to note that these email links now only last for 24 hours so please get your users to action new user registration or password reset emails promptly.
If your user fails to action this link within 24 hours of it being sent, you will need to go to the user page again and either click the button Resend Registration Email or Reset Password whichever is applicable.
For end users resetting their own password, this will be same as previous steps where users will be asked their user name folllowed by their challenge questions and answers.
2-Factor Authentication
2-Factor Authentication (2FA) is now available as a login option for all EpiSoft organisations, including epi-me, eAdmissions and EpiSoft system users. It is for staff login and does not affect patients using the epi-me portals.
All organisations (except organisations that wish to implement SAML authentication instead) are encouraged to adopt this additional user authentication measure for added security.
Each organisation can choose to have 2FA enabled or not. The 2nd factor will be remembered for that user for that device and that browser for 30 days and then will ask you to enter the validator code again. Your users can tick 'remember me' so they don't have to be prompted for second factor at every login.
The user will be asked for the 2nd factor (code from app) again if:
1) they use a different device to access EpiSoft
2) 30 days have elapsed since their last 2FA check
3) they clear their browser cookies
4) they use a different browser (that is switch from Edge to Chrome)
Please ensure your users are aware they should never select 'remember be' on a shared computer or other device or a that is not secure / unique to them.
Before any organisation can implement 2FA, your organisation will need to confirm an implementation plan, and relay this plan to all end-users well ahead of implementation. All organisations must have the available support to assist your end-users in re-authenticating their EpiSoft accounts to ensure business continuity.
In preparation for switching on 2FA, please ensure you have completed the following checklist
All your users are using a modern supported browser (Chrome, Edge, Firefox) - We do not guarantee this function will work on IE11 (for which we are in the process of withdrawing support)
All your users have a Smartphone
All your users have downloaded an Authenticator App of your organisation's choosing (eg Google Authenticator, Microsoft Authenticator etc)
If you are planning on implementing 2 factor authentication, please let us know via help@episoft.com.au so that we can schedule an implementation plan with you. We will need to stagger the roll out across different customers in order to provide dedicated assistance to you and your end users as it will be a login change to your end users.
Once you have completed the checklist and we have jointly agreed a date for implementation, we will switch this function on for you.
Once the functionality is enabled for your organisation or community, all existing users will be prompted at their next login to scan the QR code to obtain a validator code to their authenticator app.
All new EpiSoft users will be sent a Registration email (from mp-reply@episoft.com.au) that contains a their Username, plus a link to finalise their password and 2FA credentials.
Once the link from the email has been clicked, users will confirm their password, as well as their two security questions and answered which are essential when retrieving forgotten passwords.
Users will then be displayed the page below, where they will be required to complete the final step of the 2FA process.
The QR code scan should take you to your Authenticator App to complete the setup. However if it does not automatically do this, open your Authenticator App, there should be a little PLUS + sign in the bottom right. If you click this you will get option to scan the QR code from within the app.
If you have multiple login accounts to EpiSoft, you may need to do this. You can store 2 factor validator codes for all your different user names in the same app.
What to do if you get a new phone
If you get a new phone after implementing 2 factor, once the Authenticator app is installed on their new device, you will need contact your local EpiSoft administrator (not EpiSoft) who can reset your account to 'not configured for 2FA' to be resent the QR code.
System administrators - before removing a 2FA configured account by editing the user and hitting the button, please use the challenge questions and answers to verify the end user identity if you are not familiar with the end user.
Please ensure you follow the app instruction steps to remove the login token from your old phone.
SAML
SAML, or Security Assertion Markup Language, is a different means of accessing EpiSoft that allows your hosptial to share your staff's hospital network login credentials with EpiSoft. The user's and their roles will still be required to be setup in EpiSoft as per normal, although we are looking to also share roles details as well in the future. Once logged into the hosptial network, users will be able to access EpiSoft without needing to re-enter their login details.
SAML users will access EpiDirectory via a dedicated URL to their organisation.
SAML access is only available to the Epi-Me customers that are in separate communities and is not currently available to EpiSoft main platform customers. Implementation of SAML is subject to a separate project plan and test cycle per epi-me customer. We would be happy to provide a quote for your move to SAML upon request.
| Tags |
|---|
| Files | |||
|---|---|---|---|
| 2022-05-03_15-01-10.jpg | |||
| authapp.jpg | |||
