External Authentication - Securing PHI and Client-sensitive Information
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-16-2012 12:39 PM
I'm posting this is the Healthcare forum, as well.
I'm curious to know if other health care-related companies have implemented two-factor authentication for external users in order to protect PHI and other client-sensitive information. As currently designed, HTTPS and and a VPN provide encrypted communications, but if a user ID and password are compromised, there's no secondary challenge to the authentication process.
IP access controls are another option, and we could redirect external users from the ServiceNow login page to a two-factor authentication portal, first.
I'm curious to learn how other companies in this space have managed this.
- Labels:
-
Orchestration (ITOM)
-
Service Mapping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-09-2012 10:08 AM
Hello William,
thanks for the swift (and detailed) response, it looks like a very clever way to deal with the problem. Is there any chance you can give me some more details regarding the ASP.Net command and how you were running it (from where)?
Thanks again,
Dave.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-09-2012 10:23 AM
Dave,
All I did was use Direct Web Services (http://wiki.servicenow.com/index.php?title=Direct_Web_Services) to let a VB.Net (not ASP.Net - sorry if that typo caused confusion!) command-line program insert a record into a ServiceNow table; we added a custom table for the purpose (u_automation) and tied the Business Rule we want to run to Inserts on that custom table. The Wiki has good documentation on how to do that (for Visual Basic, but translating to C# is not terribly difficult if you prefer that language) at the link below:
http://wiki.servicenow.com/index.php?title=Microsoft_.NET_Web_Services_Client_Examples#insert
Once I'd built the command-line application, I just added a Scheduled Task for it in the Windows Task Scheduler. In our instance, because we don't have SAML 2.0 authentication available via ADFS yet, we had to store the credentials for the account locally where the command-line application could use them. However, if you have ADFS and SAML 2.0 paired to provide the equivalent of Integrated Windows Authentication to your ServiceNow instance, you might be able to just set up the Scheduled Task to run with the necessary Windows credentials instead of having to pass an explicit username and password with the call to the web service.