Schumacher Uses SSO To Cure Login Woes

Schumacher Group, a healthcare staffing and management firm, recently updated a custom portal it built back in 2008 for several thousand independently-contracted emergency room physicians and primary caregivers working in emergency departments. The updates, which include cloud-based applications and software as a service (SaaS), are designed to make it easier for the caregivers to collaborate, provide care and communicate with Schumacher. Equally important: top-notch security mechanisms that are in line with Schumacher's goal of keeping the portal easy-to-use.

"Our portal is designed as an intranet and extranet that aggregates a bunch of information geared at improving the way we deliver healthcare to three million patients," says Doug Menefee, CIO of Schumacher Group, which provides its services to 155 hospitals in 22 states. Last January, Schumacher upgraded its portal to include Google Apps, a collection of hosted e-mail and office productivity tools. "We are bringing up e-mail and collaboration tools for the 2500 physicians we work with on a day-to-day basis, and we needed security to be a component of the custom portal that we designed. But our mantra is we want to be a user-friendly business and we didn't want to have multiple user names and passwords."

Menefee and his IT team went looking for a single sign-on (SSO) system that would fit well as a component within the portal, work with the Google Apps as well as other SaaS-based services such as Workday (a human resources application) and Salesforce, as well as accomplish the company's security and privacy requirements. The company decided on Symplified's SinglePoint, a SaaS-based SSO service that offers pre-built integrations with a long list of SaaS applications, including Google Apps, Salesforce, Workday and others. Symplified supports SSO standards including SAML and can also build integrations for SaaS sites that haven't embraced the standard.

Symplified's SSO service proxies all connections to SaaS applications. An enterprise can configure its DNS servers to route traffic for SaaS apps through Symplified's service. Subsequently, all traffic between the user and the application flows through Symplified's service. By acting as a proxy, Symplified can log all user activity, providing detailed audit trails of user behavior. Symplified worked with Schumacher to help integrate its SSO service with the portal, and SinglePoint is linked to Schumacher's Salesforce application, which is used as the data store for cross-checking and authenticating each contracted caregiver, explains Jonti McLaren, president of Symplified.

Now, when a contracted caregiver accesses Schumacher's portal and enters his or her login ID and password, "SinglePoint looks in the Salesforce data store, checks to see if a user is valid, cross-checks the user's password and then allows them to have access to secure information on the portal and to the various services," says Menefee. SinglePoint lets the users log into the portal once and get direct access to their Google Apps and Workday accounts, while only being presented with the data and content they are authorized to see. All the user names and passwords are securely passed through Symplified's service, and the service doesn't store these credentials in its system."SinglePoint enhances our security model, and we can have stronger authentication because of the ease-of-use and because caregivers you only have to authenticate one time," adds Menefee. If a caregiver does not renew his or her contract with Schumacher, the user's profile and authentication information is removed from SalesForce, and SinglePoint automatically will recognize that deactivation.

Because Symplified's SinglePoint service runs as a proxy, there could be concerns that it might introduce latency when users are logging into the system. But Menefee says he and his team haven't noticed any latency-related issues. "The amount of time it takes to go from one system to another is acceptable and is about the same amount of time it would take to type in your user name and password. But once you are authenticated and working, there's no issue."

McLaren says the SinglePoint SSO service was designed to scale, and can handle more than 1 million transactions a day. "A lot of thought went into the development. We wanted it to be super fast and super lightweight." Now that Schumacher is using SinglePoint for its contracted caregivers, it plans to extend the SSO service to its internal employees.