|
| 1 | +--- |
| 2 | +title: When logins become dead ends, and how to avoid them |
| 3 | +description: |
| 4 | +date: 2025-12-19 |
| 5 | +--- |
| 6 | + |
| 7 | +Lost or difficult logins stop staff being able to use the data they need. How might we prevent this? |
| 8 | + |
| 9 | +## The reality of viewing data |
| 10 | + |
| 11 | +Breast screening data is rightly kept secure behind logins. In theory, lots of data is already available, mostly in the form of raw numbers. But during our research we heard again and again from staff who were unable to access various systems and platforms due to login issues. |
| 12 | + |
| 13 | +They told us that: |
| 14 | + |
| 15 | +- logging in to one data platform had been so challenging they had now given up |
| 16 | +- infrequently used logins are easily lost, and some of the data they need is only published annually, six monthly or quarterly |
| 17 | +- they search through emails trying to find access details |
| 18 | +- they ask colleagues to print out data they should be able to access for themselves |
| 19 | +- authorisation expires between logins, requiring the process to be repeated |
| 20 | +- busy environments, juggling multiple tasks, with multiple systems open and lots of interruptions means access needs to be simple |
| 21 | +- they had applied for access to a data product or platform and never heard back |
| 22 | + |
| 23 | +We also heard from long standing breast screening programme leaders: |
| 24 | + |
| 25 | +> If they have to log in, we’ve lost them |
| 26 | +> -- Breast screening data expert |
| 27 | +
|
| 28 | +> Even those with access enabled have trouble finding the URL. When they do find it the interface appears buggy and tells them they don't have access. They had to learn what to ignore on the way in |
| 29 | +> -- Former screening director |
| 30 | +
|
| 31 | +> BSIS is great at giving information back to users but it’s too hard to access so most haven't explored it. |
| 32 | +> -- Former screening director |
| 33 | +
|
| 34 | +## Learning from the past |
| 35 | + |
| 36 | +Part of our work in creating a new generation of data tools has to be to ensure that the people who need data can access it with as little friction as possible. |
| 37 | + |
| 38 | +Work has been done to improve login issues across the NHS, with smart cards and other methods, but what might this mean for our data users? |
| 39 | + |
| 40 | +We are currently looking at how to replace Breast Screening Information System (BSIS) reports with new products in the Federated Data Platform (FDP) so we looked at access to this platform for various users. |
| 41 | + |
| 42 | +## Making access easier |
| 43 | + |
| 44 | +There are two main categories when it comes to accessing the platform: |
| 45 | + |
| 46 | +1. Users with nhs.net email addresses |
| 47 | +2. Users with nhs.uk or other email addresses |
| 48 | + |
| 49 | +Mapping the four main FDP access journeys was enough to show us that we needed to find ways to reduce the steps users take. |
| 50 | + |
| 51 | +The longest journey looked like this: |
| 52 | + |
| 53 | + |
| 54 | + |
| 55 | +It would only be this complex for a small minority of users, but still that was too many for our liking. |
| 56 | + |
| 57 | +## Reducing steps for our users |
| 58 | + |
| 59 | +By working with the helpful NHS FDP team at [Arden and GEM](https://www.ardengemcsu.nhs.uk) who will set up our users in the background, we were able to cut the following stages that would have affected all our future users. |
| 60 | + |
| 61 | + |
| 62 | + |
| 63 | +## Access for people with an nhs.net email |
| 64 | + |
| 65 | +That means that for users with an nhs.net email address, if they are already logged into email or another service in their browser, they will be instantly logged in to FDP data products with no further steps as shown below. |
| 66 | + |
| 67 | + |
| 68 | + |
| 69 | +If they aren’t already logged in, they will have to authenticate using an app like Microsoft Authenticator, which is standard in the NHS and therefore a familiar process to most staff. |
| 70 | + |
| 71 | + |
| 72 | + |
| 73 | +## Access for people with an nhs.uk or other approved email address |
| 74 | + |
| 75 | +The simplest journey for people with this type of email address looks very similar to the second journey above. The difference is that they will be authenticating themselves via a system in the background called Okta and Microsoft Authenticator, and will need to enter a specific Okta password. |
| 76 | + |
| 77 | + |
| 78 | + |
| 79 | +## Okta setup |
| 80 | + |
| 81 | +This last journey is for users who do not yet have Okta set up (Okta is a technology used to securely identify users for access to systems). They may also need to download and set up Microsoft Authenticator. Both processes are already well supported by NHS IT in the form of clear instructions and help desk assistance, and we will ask breast screening data users to complete these steps before their first login. This is partly so that the setup is not confused with login and it will be clear which journey is one-off and which will be required for each login. |
| 82 | + |
| 83 | +All subsequent logins will only require authentication with a sign-in code, which is about as easy as it gets to access secure systems today. |
| 84 | + |
| 85 | + |
| 86 | + |
| 87 | +## What’s next |
| 88 | + |
| 89 | +We will: |
| 90 | + |
| 91 | +- test with a selection of staff with different email addresses in different Trusts to see if they have the easy experience we expect |
| 92 | +- make any adjustments needed based on what we observe |
| 93 | +- write up easy to understand guidance specific to breast screening users with the goal of ensuring a smooth login in, first and every time |
0 commit comments