Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added information re: SSO account config

...

User accounts are required to access ClinSpark. To authorize access to certain studies and features, a user account is typically assigned one to many Sites, Studies, and Roles.

  • When creating a new user, the organization’s authentication rules set in Administration > General Settings are inherited by default. Password Can Expire and Session Timeout Minutes can be overridden at the per-user level.

  • Users can be assigned multiple roles and authorization is an aggregate of all the roles. Once assigned, the user will be authorized to perform any function within those roles.

  • Users can be restricted to one or more studies and/or sites, which facilitates controlled access to users internal or external to the customer organization.

The Administration > Users component provides capabilities for locating, exporting and managing users within an organization.

...

  • Newly created users will have no roles assigned. A user must be assigned at least one role to be able to log into ClinSpark.

  • Users can be restricted to 0 or more studies and sites. By default, users can interact with any study and site in the system unless defined otherwise on by their account configuration.

  • User management features comply with are designed to meet CFR 21 Part 11 guidelines:

    • Sessions timeout at configurable interval

    • Passwords and accounts can be configured for expiration

    • Failed logins are logged, login attempts are tracked; user can be locked out after configurable number of failures and alerts are sent when failures threshold is reached

    • Lockout duration is configurable

    • Passwords ‘in plain text’ are not stored in the database, but rather a salted hash is stored

...

  • Password Minimum Length

  • Password Expire Days (number of days until user forced to change password)

  • Alphanumeric passwords (passwords must contain digits and letters)

  • Special character passwords (must contain one or more: !#"$%&'()*+,-./:;<=>?@[]^_`{|}~)

  • Prevent re-use of previous account passwords (configurable system setting)

...

The 2FA e-mail template is controlled by a system configuration and can be modified on request via the service desk, via IQVIA superadmin users.

Disabling SSO

When a ClinSpark instance is configured to use SSO, there are options that become available that can disable SSO authentication enforcement. This is a per-account configuration. Typically, we see customers using SSO to enforce authentication for most of their internal staff users, and setting up ClinSpark accounts for external users (such as sponsors or monitors) that do not enforce SSO authentication.

To learn more SSO setup and configuration, visit this article: Single Sign-on (SSO)

Within the account management screen, users can determine if SSO has been ‘disabled’ on an account.

Image Added

Image Added

When SSO is disabled for a given user account, the user will be allowed to authenticate into ClinSpark using their application username and password.

If SSO however is not disabled, ClinSpark will not allow that user to authenticate.

Image Added

Locked accounts

...