A Single, Common User Identity: The Door to an Optimized User Experience Investigators involved in clinical trials will tell you how important single sign-on would be to them. Speaking with investigational sites involved in multiple trials, they explain how operating multiple technology solutions in each study, and running multiple studies, means they need to maintain many different username and password combinations. This becomes impossible to manage without writing them down somewhere, which raises questions about the practicality of this approach in maintaining security and access control. Single sign-on is something the industry has viewed as a golden nugget and technology vendors are rising to the challenge. This article considers a step beyond simply enabling user access, to establishing a shared common user identity across applications, and importantly the potential this has to create a new and optimized way to present technology to those conducting clinical trials. Approaches to Achieve Single Sign-On There are a number of approaches that technologists are utilizing to achieve the desired property of a single set of user credentials. While important and solving one customer problem, that’s not our final endpoint as single sign-on is a potential enabler of other user benefits that may be of even greater value. The solution we choose to achieve single sign-on may limit or enable some of the greater downstream benefits. Briefly, there are a number of broad approaches, three of which are described below. Synchronized Sign-On In this approach the goal is to ensure users have only one set of credentials. Each application holds these independently, and the user will be prompted to enter the credentials when entering each application (figure 1a). This configuration also requires a robust synchronization of accounts between the applications to ensure all the logon information stays the same. Whilst meeting the requirement for a single set of credentials, users will need to operate logon steps each time they move between applications within their workflow. This limits the potential for workflow continuity and convergence of applications, as described later. Federated Identity Management This approach enables a shared session between two identity management systems (IdMS), usually employed for achieving single sign-on between third parties (figure 1b). The user logs in to a defined controlling system and once accepted they can access defined third-party applications as the second identity management system will trust the authentication achieved in the first. Examples of this include providing single sign-on to a third-party hosted application when sponsor users login to their own server systems. Whilst achieving single sign-on, the second (trusting) system does not hold the credentials of the user and so their access to the third-party systems is completely controlled by first. This can be an important vulnerability if the reliability of the controlling identity management cannot be assured. If unavailable, users will be unable to access other systems it federates with. Shared Session with a Single Authentication Step and Single, Common Identity Establishing a single common user identity across a suite of products requires the re-engineering of each individual product to reference a single and common identity management system (IdMS) and store, as opposed to independent and discrete identity management approaches across a number of applications. After an initial sign-on, the user will not be prompted to login when opening additional applications so long as a session timeout has not been reached (figure 1c). When working with multiple applications in combination, the identity management system will control the shared session and apply timeouts across all applications based upon activity in at least one. This provides huge potential for additional workflow optimization, as described briefly below. Potential for Workflow ­Benefits Having a common identity and a shared logon session makes it easy to move between applications without interrupting workflow. Moreover, it facilitates the presentation of functionality in new ways that truly optimize the workflow of the user, for example through product convergence. Product convergence is the ability to blur the boundaries between products and present functionality in a way that matches the workflow rather than accentuates the current discrete product vertical silos. A powerful practical example of this is the convergence between EDC and RTSM (Randomization and Trial Supply Management (IVR/IWR)) applications. Additional objects (e.g. RTSM action palette) and forms developed into the EDC application enable the user to access and operate functionality that normally resides in an RTSM system directly through the EDC interface. While the individual applications still exist discretely behind the scenes, the user is able to operate an intuitive workflow remaining entirely within one product interface. In this example, the site user is able to perform all patient management activities through the most appropriate product interface — enabling randomization, dispensing, emergency pack replacement and dispensing log review from within EDC — the main patient-management application used by the site personnel. A common identity management application opens the door to development and presentation of further product convergence and new composite applications, infusing functionality from more than one previously independent clinical trial technology application. The aim of these is to simplify the life of the key technology users — across sites, sponsors and CROs — as they continue to use multiple technology solutions in combination to operate and manage their clinical trials’ programs. Expert Bill Byrom, Senior Director of Product ­Strategy, Perceptive Informatics. Perceptive Informatics is an eClinical ­solutions provider that helps customers ­accelerate the drug development process through innovation. For more information, visit perceptive.com.

Download PDF