SOLUTIONS AT-A-GLANCE

 

The organization federates internal, SaaS (Software as a Service) and custom applications.

 

Single sign on (SSO) securely handles 30,000 users at peak.

 

Integrating production code into the infrastructure took just one day.

 

Support calls for a busy application are reduced significantly.

Sykehuspartner HF CREATES VIBRANT EMPLOYEE PORTALS

 

THE OBJECTIVE

As one of Norway’s four regional healthcare organizations, South-East Regional Health Authority (Helse Sør-Øst RHF) strives to ensure all citizens achieve access to healthcare services that are safe and professionally sound. Nearly 80,000 employees work toward this mission, including about 30,000 who use the service’s HR portal monthly and 17,500 nurses who use the Resource Planning Portal every week..


The organization was in need of a way to provide simple and secure logon to these and other vital employee applications. It also needed to reduce the number of helpdesk requests related to user logon. In addition, the organization wanted to increase security by removing the need for users to enter passwords for each app, as well as increase productivity and reduce complexity by reducing the need to replicate user and password information across the application portfolio.

 

THE CHALLENGE

South-East Regional Health Authority’s Trusts were without an SSO solution, and the IT organization - Sykehuspartner - had to find one that would remove the need to establish two-way Active Directory domain trust relationships. The IT team recognized that proprietary protocols such as Kerberos, are not a standard that works across organizational borders. It also had to add the capability to exchange identity information across organizational boundaries in a standard, agile and flexible manner. Additionally, the solution needed to support access to multiple internal and external web apps, and be scalable to support future growth, new use cases, services and projects. Implementation of a regional PKI for strengthening authentication is an important complementary initiative to the Federation infrastructure already established. The main challenge with PKI has been to loosely couple the PKI infrastructures at the IdP (Identity Provider) and SP (Service Provider) ends where multiple organizations are involved.

 

THE SOLUTION

Sykehuspartner installed PingFederate, a full-featured federation server that provides secure single sign-on and provisioning for enterprise customers, partners, and employees. PingFederate was installed on four domains and is operating in either IdP or SP mode, dependent on the use case. The system uses Quest Identity Manager as the Identity Management suite and Microsoft Active Directory as the Directory Service.


Planning of the installation took a few months due to solution design, data center service delivery times, and security risk and vulnerability assessments, while the installation of test and production environments went very quickly, in a number of days. Integrating the ready-for-production code of the e-learning service into the federation infrastructure took just one day, which Enterprise Architect Jon Gupta called “a positive surprise.

 

THE RESULTS

PingFederate has simplified access to a number of IT services supporting web SSO to external cloud services, such as HR/payroll, and web SSO to regional services, such as the e-learning service and Healthcare Personnel Resource Planning service. As a result of introducing SSO, the organization has seen a significant reduction in the number of support calls to its planning portal. PingFederate has also been implemented on nearly a dozen other apps, including Regional ERP (Oracle EBS), HP Service Manager, Microsoft Office 365 and the custom Birth registration service (for reporting births to Norwegian authorities). The organization is considering implementation for additional apps, including web SSO to external national services such as Research and Quality Assurance Services.

more stories you'll love

  • Find out how Ping Identity worked with Everence to restore belief in SSO and seamless access.

  • Find out how Ping helped the University of Hull replace their legacy systems to deliver a superior experience.

  • Ping helps Intuit secure standards-based approach to authorization, authentication, provisioning and directory services with the ability to automate new applications.

  • Box chooses Ping Identity single sign-on for its cloud-based content management and collaboration solutions.

IF YOU LIKE WHAT WE DID FOR SOUTH-EAST REGIONAL HEALTH AUTHORITY, LET'S TALK ABOUT WHAT WE CAN DO FOR YOU.