Versions Compared

Old Version 2

changes.mady.by.user Toma Holtzer

Saved on

compared with

New Version 3

changes.mady.by.user Alex Quail

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Newly created users will have no roles assigned. A user must be assigned at least one role to be able to log into ClinSpark.

  • Users can be restricted to 0 or more studies and sites. By default, users can interact with any study and site in the system unless defined otherwise on their account.

  • User management complies features comply with CFR 21 Part 11 guidelines:

    • Sessions timeout at configurable interval

    • Passwords and accounts can be configured for expiration

    • Failed logins are logged, user can be locked out after configurable number of failures and alerts are sent when failures threshold is reached

    • Lockout duration is configurable

    • Passwords are not stored in the database, but rather a salted hash is stored

...

  • Password Minimum Length

  • Password Expire Days (number of days until user forced to change password)

  • Alphanumeric passwords (passwords must contain digits and letters)

  • Special character passwords (must contain one or more: !#"$%&'()*+,-./:;<=>?@[]^_`{|}~)

...

  • )

  • Prevent re-use of previous account passwords (configurable system setting)

Password reuse

The system allows organizations to optionally enforce a strict password re-use policy through a controlled system setting. This setting helps follow a security best practice to mitigate vulnerabilities that are caused by password reuse. If this setting is not used, the default behavior is that users may not re-use their immediate past password. However, they may re-use use older passwords.

If the setting value is 1 or greater, ClinSpark will check prior account passwords against this configuration and prevent use of a password, if it was within the defined value.

View file
nameCleanShot 2023-02-16 at 09.05.44

This setting is a non-configurable, system enforced setting for all accountsenforced in workflows where a user resets their own password; either through their user profile, self-service password reset workflows, or a forced password reset during authentication (login) workflows.

For security purposes, this system setting is not enforced when an administrative user resets the password of another user account, through the Administration > Users component. This is to ensure that administrative users are not informed of or exposed to any prior passwords that may have been in use with a user account.

Password Managers

Password managers offer greater security and convenience for the use of passwords to access online services. Greater Strong security is achieved principally through the capability of most password manager applications to generate unique, long, complex, easily changed passwords for all online accounts and the secure encrypted storage of those passwords either through a local or cloud-based vault.Foundry Health is generally in .

We recognize and support of the use of password managers for users who are accessing ClinSpark on their own personal computing device. However, they password managers may not be appropriate for use in all scenarios, such as a shared bedside data collection computer.

Users should discuss the use of password managers with their system administrators what their to understand if organization IS/IT policies are governing their use.

Password Reset Workflows

Since ClinSpark 1.5, password Password reset workflows are intended to be ‘self serve’ for customersusers. When user accounts are configured with an e-mail address, the password reset workflow is most commonly supported through that process.

However, there may be times when an administrative user needs to manually reset a password for a given user. To accomplish this, within the ‘Update User’ workflow, the two password fields must be supplied with a temporary password.

...

On save, users will see a message in ClinSpark that the password was updated, and, the ‘Password Expiration Date’ was automatically also updated. This is by design, as ClinSpark is establishing this value to ensure that the next login attempt for that user forces them to update their password.

...

Once the user logs in a user re-authenticates and updates their password, the expiration date will then change to whatever is established based upon system configuration.

...

Self-service password reset helps ensure that legitimate users have a quick and secure way to get back into their ClinSpark account without having to wait for the lockout period to end or get in touch with a system administrator.

Audit events

Many actions related to user account management and access are audited. The following outlines all audit events.

  • When saving a new user, ClinSpark logs a Save audit type

  • When a user information update initiated by an administrator or user occurs, ClinSpark logs an Update audit type

  • When an administrator unlocks a given user, ClinSpark logs an Unlock audit type

  • When a user successfully authenticates, ClinSpark logs a Login audit type

  • When a user selects ‘log out’ feature from user menu, ClinSpark logs a Logout audit type

  • When a user fails to authenticate with correct password, this will produce a Login fail audit type

  • When a user changes their password or administrator changes user password, ClinSpark logs a Password Reset audit type

  • When a user attempts an action that they are not authorized for (accessing a URL a user’s role does not support), ClinSpark logs an Unauthorized User Action audit type

  • When adding a study to a user in order to restrict the user, ClinSpark logs an Add Study audit type; notes section will contain study name

  • When removing a study from a user in order to remove the user’s study restriction, ClinSpark logs a Remove Study audit type; notes section will contain study name

  • When adding a role to a given user, ClinSpark logs an Add Role audit type. The ‘notes’ section will contain the role description.

  • When removing a role from a given user, ClinSpark logs a Remove Role audit type. The ‘notes’ section will contain the role description.

  • When adding a study specific role, ClinSpark logs a Add Study Role audit type. The ‘notes’ will indicate which study and role was impacted.

  • When removing a study specific role, ClinSpark logs a Remove Study Role audit type. The ‘notes’ will indicate which study and role was impacted.

  • When adding a site, ClinSpark logs an Add Site audit type. The ‘notes’ section will contain the site name.

  • When removing a site, ClinSpark logs a Remove Site audit type. The ‘notes’ section will contain the site name.

  • When applying an eSignature, ClinSpark logs an eSignature audit type. The ‘notes’ section will contain the area where the eSignature was applied.

  • When an eSignature attempt fails, ClinSpark logs an eSignature Fail audit type. The ‘notes’ section will contain details aboutthe failure.

...

Audit types

A list of all the Audit types are in the drop down and are generated through various Audit Events.

...