© 2024 IQVIA - All Rights Reserved

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Summary

Every ClinSpark instance contains a unique user account type called ‘Superadmin’, which is reserved for and used exclusively by Foundry Health team members. This account type exists as a mechanism to help Foundry Health configure, manage, and support ClinSpark instances based on ongoing customer needs.

Superadmin accounts inherit all available Role Actions and all configured Roles in a given environment, and, can access every area of ClinSpark. Additionally, these accounts are given access to specific features which are intended only for Foundry Health. This is due to the implications these features/configurations have across an instance. An incorrectly configured system setting or lab interface (for example) could have undesired impact to trial conduct and system stability.

This article outlines some of the key areas Superadmin users have access to.

Administration Components

Support

Superadmin users have access to the Administration > Support component, which allows the Foundry Health team access to a specific set of dashboard components that allow for review of instance usage overview for billing purposes, and, access internal server log statements.

This menu item is only visible to Superadmin users. Any system configurations with ‘support’ type classification appear in the Support area.

Sites

Superadmin users are able to create ‘site’ entities, for customers who operate ClinSpark under an early-phase model where volunteer database and recruitment features are enabled.

For customers who use ClinSpark under later-phase multi-site configurations, where ‘Volunteers’ features are disabled, non Superadmin users have the ability to create sites.

Additionally, for a given site, certain configuration settings are exclusive to Superadmin users which include the following:

  • Defining Mobile App Display Name/URL

  • Verified Clinical Trials (VCT) transform script definition

  • Ability to add new lab interfaces

  • For a given lab interface, the ability to modify:

    • Order Requisition Template

    • Order Transform Script

    • Result Transform Script

    • Mock Result Transform Script

    • Order Confirmation Transform Script

General Settings

There are several settings in the Administration > General Settings component that are only visible to Superadmin users.

Advanced System Setup

The Advanced System Setup area allows Foundry Health to enable/disable full system features for customer use. This is an important configuration task that takes place when environments are put in place for customers.

Additionally, this area establishes system-wide configurations covering the following:

  • Time Color Configurations, which show standard / warning / urgent color schemes visible within Data Collection and Samples Processing workflows

  • Advanced Lab Settings, which are established for site lab interfaces

  • ECG Review settings, which are established for influencing advanced ECG features and workflows

  • Billing settings, which are put in place per customer contract agreements

Organization Basics

Within Organization Basics area, only Superadmin users are allowed to establish and modify the ‘Org URL’, which is a setting used by many of the features across ClinSpark.

Barcodes

Within Barcodes only Superadmin can modify the visible settings. This is due to the implications these padding, delimter, and prefix settings have across a variety of ClinSpark features that leverage barcodes, as well as site lab interface workflows. Typically these settings are established for customers during onboarding phases.

For Label Merge Tags, only Superadmin can add new Merge Tags and modify a given tag transform script.

Communications

The Communications area contains features supporting SendGrid and password reset.

Within Recruitment Email the ‘Set Webhooks’ action item, which sets specific webhooks via the Sendgrid API, is reserved for Superadmin. Additionally, only Superadmin can establish the Google Recaptcha Keys, which are used for both SendGrid and password reset functions.

The Correspondence Template Merge Tags are accessible to qualified ClinSpark users with access to the General Settings component. However, only Superadmin have the ability to add new Merge Tags into a given environment, and, modify their Transform Script.

Volunteer Settings

The Volunteer Settings area contains several configurations which are exclusive to Superadmin.

Ability to establish the system Volunteer Monitoring URL. This is typically the URL established for SparkPlug configurations and features supporting ‘Monitoring’ style devices and workflows. When this URL is not defined, certain ‘Monitoring’ device configurations and workflows available within CRF Design, Data Collection, and Volunteer components are disabled. More details about this are located in this help article.

Ability to archive ‘Volunteer Data Collection Connectivity’ settings, which includes Concomitant Medications (Screening), Demographics, Medical History, and Substance Use. These influence certain user interface options in the Volunteer component (and a given volunteer profile), and the Volunteer Connectivity forms available for study use.

For each Interface Parameter, only Superadmin users can modify the following:

  • Data Type

  • Code List Name

  • Code List Options

Only Superadmin users can add, modify, and view Volunteer Races.

System Settings

Certain features exposed in the Administration > System Settings component are for Superadmin users, specifically access to configuration fields that govern view and data logic for reports, dashboard components, and volunteer search functions.

Standard ClinSpark Administrators (non Superadmin) do have access to some parts of the configurations, such as the ability to define Role/Role Action/Study restrictions, visibility into script MD5 checksums (hashes), and audit trails.

A detailed overview of each setting exclusive to Superadmin:

  • General:

    • Ability to view and download ‘scripts’ & ‘settings values’

    • Ability to change report names

    • Ability to view synchronization statuses

    • Ability to add new system settings

    • Ability to manage Org images (background images visible on login screen)

    • Note: a regular ClinSpark Administrator can access audit trail on all visible settings

  • Dashboard components; only Superadmin can access:

    • View Script

    • Data Script

    • Data Script Template

    • Type

    • Configuration Import (action)

  • Global settings; only Superadmin can:

    • Add new or Edit existing settings

    • Set ‘visibility’ flag (hide/show from non-Superadmin)

    • Note: The “RecruitmentApiHandler” system setting in ClinSpark can only be configured / updated by Superadmin

  • Reports; only Superadmin can access:

    • View Script

    • Data Script

    • Data Script Template

    • Icon

    • Configuration Import (action)

  • Volunteer Search Functions: only Superadmin can add or edit

Volunteers > Configure

Within the Volunteers > Configure area, there are certain configurations exclusive to Superadmin users.

For Correspondence Templates, only Superadmin users can modify the HTML Header Text.

For Recruitment Questions, only Superadmin users can modify the Question Code.

For Volunteer Questions, only Superadmin users can modify question Answer Patterns.

Study > Data

Superadmin users have access to a support feature in Study > Data, for each form/timepoint. This ‘Move’ action item is available in order to perform audited actions in the user interface in order to resolve service requests.

Devices > Configure

For most customers, nearly all of the device integration capabilities for a given ClinSpark instance are established and maintained by Superadmin users. Additionally, when a given device is ‘archived’ from system use, it’s not visible to non-Superadmin users.

For a given Device Integration profile, Superadmin users have the ability to do the following:

  • Add new device integrations, and archive existing

  • Modify device type, Manufacturer, ‘Direct’ setting, Monitoring Type, and Model

  • Add new device parameters, and archive existing

  • Modify device parameters including ‘Enrollment’ setting, Monitoring Source, Captured Date Time, and Data Type

  • Add and modify device settings

Common Questions / Answers

Over time we have received questions from customers about these types of accounts, their use, and governance. The following hopes to address some of the common questions.

Who can create & manage Superadmin accounts?

Only a Superadmin type account can create or manage other Superadmin accounts. Since Foundry Health staff are the only users who are given Superadmin accounts, these actions are carried out by a member of the Foundry Health team.

Customers are unable to create Superadmin accounts.

When are Superadmin accounts created and/or deactivated?

Foundry Health team engineers and support staff are granted Superadmin accounts in applicable customer environments to support onboarding, training, and support efforts. Foundry Health team members are only given access to customer ClinSpark environments once they have received the proper level of training necessary to perform actions applicable to their role.

If someone with a Superadmin account leaves the Foundry Health team, or no longer requires access to an environment, their access is revoked within the time interval specified in SOPs, and their account set to an archived status.

Can a standard account be promoted to Superadmin?

Yes, but only by a Foundry Health team member who is also a Superadmin.

By the same process, a Superadmin account can also be downgraded to a standard account. This can only be done by another Superadmin.

How are Superadmin accounts secured? Do they use SSO?

Superadmin accounts must meet the same complexity password requirements as all other standard ClinSpark accounts. These are customer-specified authentication requirements based on the configurations established via the General Settings component.

Superadmin accounts are not impacted by customer SSO configurations, and for now, do not use SSO Identity Providers to log into ClinSpark instances. Foundry Health team members log into ClinSpark instances with username/password credentials via standard login screen workflows. Superadmin accounts in ClinSpark production environments with release 1.5 or higher have 2FA enabled.

How can we see Superadmin accounts in our environment?

In current releases, Superadmin accounts are not visible to standard users when viewing the Administration > Users component. Additionally, Superadmin accounts are also suppressed from the user export in this component, if a non-Superadmin creates the report. If a Superadmin creates the export, all accounts are visible.

Upon request, Foundry Health may be able to provide other ‘exports’ or means to see Superadmin accounts in a given environment. Customers who wish to discuss this should open a service desk ticket. Future enhancements in later releases are likely to improve the visibility of Superadmin accounts to certain user types.

Is there a way to see what actions a Superadmin has taken?

Superadmin accounts are like standard accounts, in that these accounts have audit trails and all actions taken are audited and visible in applicable audit trails. Nothing exempts a Superadmin from having their actions audited in ClinSpark.

If necessary to review Superadmin actions outside of user interface controls, it may be possible for Foundry Health to assist customers to build a query to access a read-replica database to report on actions a given Superadmin user has taken. Questions or interest in this topic should be raised via the service desk.

  • No labels