The IBM® Security Access Manager for Enterprise Single Sign-On with Context Management provides single sign-on services to all Clinical Context Object Workgroup and non-Clinical Context Object Workgroup applications.
Carefx uses a model that allows all user logons to go through the IBM Security Access Manager for Enterprise Single Sign-On. When a user logs on, the IBM Security Access Manager for Enterprise Single Sign-On executes a Carefx synchronization process called FccSync that can integrate effectively with FCC. When FCC is alerted about a logon, it calls IBM Security Access Manager for Enterprise Single Sign-On through the SSO API to obtain the name of the current user. FCC then sets the user name into the CCOW context.
FCC does not use a command-line argument containing the user name, which is not secure. Instead, FCC calls into the IBM Security Access Manager for Enterprise Single Sign-On to extract the user name.
When a user logs off, IBM Security Access Manager for Enterprise Single Sign-On executes the same Carefx synchronization process, or FccSync, to notify FCC that the user logged off. The FCC then calls the IBM Security Access Manager for Enterprise Single Sign-On, which sets a null user name to FCC, indicating that there is no currently logged on user.
AccessAgent uses the user logon and logoff scripts to launch the Carefx synchronization process. Logon and logoff scripts can be defined per user through AccessAdmin. For an enterprise deployment, the logon and logoff scripts are included in the policy template. The scripts are included so that all users are enabled with Carefx automatically after sign up.