If there’s one topic that has repeatedly come up in my conversations with customers in the recent months, it’s authentication. Many people wonder how they can get only their users onto a website and not anyone else, without putting barriers in their way.

As far as I can tell, the "holy grail" of web architecture from a CCG standpoint could currently be summarised with the following three requirements:

• We don’t want to host our intranet and neither does our CSU, so please host it for us on your environment.
• Most of our intranet access is from users within N3. If they’re within N3 we don’t want to make it difficult for them to access the site, just let them in (but we do need to know who they are).
• Sometimes our users want to access the intranet from outside N3, for instance when they are making house calls. When that happens, we’d like them to be asked to fill out a username and password. Please make their password the same as their network password: most GPs aren’t very good at remembering different passwords.

On the face of it this is a relatively simple set of needs, but you’d be amazed how difficult it is to satisfy them. There are many technological and IG (information governance) reasons for this, but the bottom line is that this solution can be achieved and we are working with several CCGs and CSUs currently to get working systems in place.

The solutions we’re looking at come in several flavours, some involving variations on Windows Integrated Authentication (WIA). There are also newer options based on ADFS2 and federated logins via WAAD and dirSync.

What makes it difficult for us in providing this is that we can’t do it alone. We need the correct client architecture and hardware in place and a willingness from the customer’s IT provider to cooperate. In addition we need the customer’s IG department to be happy with compliance. We have expertise in the software side and can provide consultancy for assisting in achieving IG compliance, but we can’t do it all. It has to be a team effort.

If you’re interested in working with us to implement one of these, get in touch. Alternatively let us know your experiences with working with these systems.