A user can securely access a repository using a single sign-on authentication with User links. User links are an example of secure links. User links enable institutions to designate applications as trusted for user authentication and to implement multiple methods of authentication (e.g. passwords, biometrics, etc.).
The context identity subjects defined for User-Link-enabled applications are User subjects. User subjects are secure subjects designated with authenticated data sets. The context data identifier item for the User subject is the user's sign-on name to an application. Because a user's sign-on name is unlikely to be universally unique, different applications in a context system may identify a single user with different User subject identifier items. Therefore, application-specific suffixes differentiate each item. The User subject is not dependent on any other subject.
When an application sets the user context, the context manager instructs an optional user-mapping agent to map the application-specific logon names for additional logon names known to the agent. The mapping agent uses the application suffix for each of the mapped items to inform the application that the mapped logon name is valid.
Any User-Link-enabled application can be configured to sign on to a context session on a clinical desktop. The implementation-specific configuration of a context manager designates specific applications to perform the logon task. In this situation, the context manager allows only the designated applications to complete context change transactions that change the user subject. The one exception to this rule is that any User-Link-enabled application is allowed to set the user subject to empty to facilitate a user's log-off from all User-linked applications from any User-Link-enabled application. As a result, any User-Link-enabled applications not designated to authenticate users on a particular device should not allow the user to sign onto the application or set the User subject. To sign onto a linked but non-designated application the user must log on to a designated application first. To log onto a non-designated application, a user has to break the link with the common context.
Products | Support | Feedback: The CCOW Authentication Repository | Introduction | Help Version 19.0.2017.3.23
Medical Web Viewer .NET