Harry,
Just so you know, here is what we have done:
All PCs and users are on our WMH windows domain.
What we would like Meditech to do is actually prompt for a username and
password (and not just assume the person logged into windows should be in
Meditech without further verification).
We accomplished this in test by setting up a new domain ONLY for Meditech User
authentication called MTUAD. We are using a Novell product to synchronize users
from our primary directory service to both the production windows domain, and
the new Meditech-only domain.
Now whenever any user logs on anywhere, they are prompted for their username
and password. They enter their ONLY username and password and are authenticated
to Meditech.
It works, but we have to now run an additional windows domain - which is
obviously not ideal.
Please let me know if you come across any other Meditech customers doing
anything with windows or SSO integration.
-Tom Hoffman
570-251-6504
_____
From: Rianto, Harry [mailto:[EMAIL PROTECTED]
To: Hoffman Tom [mailto:[EMAIL PROTECTED]
Sent: Wed, 06 Dec 2006 09:33:13 -0500
Subject: RE: MT SSO
Thank you for your reply Tom.
Almost same here, the response I got is from vendor not facility. I am
wondering why the lack of implementation for this good feature.
We might want to test this in our test environment and see how it goes.
Thanks again for the reply.
Harry.
-----Original Message-----
From: Hoffman Tom [mailto:[EMAIL PROTECTED]
Sent: Monday, December 04, 2006 3:58 PM
To: Rianto, Harry
Subject: MT SSO
Harry,
I noticed your post. I sent the one below a week or so ago and got no response.
Please let me know what you find out. I would like to write a request to
Meditech for them to make the SSO capability work better and I would like to
approach them with the opinon of more than one hospital.
Please see below and let me know your thoughts.
Thanks,
-Tom Hoffman
Manager of Information Services
Wayne Memorial Hospital
Honesdale, PA
570-251-6504
--------------------------------------------------------------------------------
From: Rianto, Harry <[EMAIL PROTECTED]> To: [EMAIL PROTECTED],
[email protected]
Subject: [MEDITECH-L] Meditech Single Signon
Date: 12/01/2006 04:02 PM
Anyone in their facility using Meditech own single signon that integrate
with network login? Any disadvantage?
Thanks,
Harry Rianto
Bluewaterhealth
From: Hoffman Tom <[EMAIL PROTECTED]>
To: [email protected]
Date: 11/27/2006 03:38 PM
Subject: CS NT Authentication as Single Sign On
Wayne Memorial Hospital will be going live on Meditech CS 5.54 SR2 July, 2007.
We would like for our users not to have a separate password for Meditech from
the one that gets them on the network, mail, internet, etc.
Meditech will use the “NT” (Windows Domain) credentials based on how a user is
logged into the PC, but this is done without prompting the user which is a
security problem.
Meditech does have the option to use a “PIN,” however, this is really just
another thing for the users to remember (which is going the wrong direction).
Now they would have to remember three things rather than just a username and
password.
Meditech has what it calls a “shared workstation” capability. A user (usually a
generic user) must be logged onto a domain but that login must not match the
login credentials used to authenticate to Meditech. When a user starts
Meditech, an “NT” login prompt appears and a user can enter their own username
and password as it exists on a second domain.
****WMH would like Meditech to prompt for the domain credentials regardless of
how the PC is logged in.****
As a work-around, WMH is exploring using a tool which would replicate all of
our users’ usernames and passwords into a new domain that would be used as the
Meditech authentication domain.
We would prefer not to have to support two domains; however, we see this as the
only way for us to require users to remember only a single username and
password under the constraints of Meditech.
We are very interested in what experience other Meditech users have with NT
Authentication and specifically, we would like to write a MIX Request where as
many hospitals as possible would agree that they too would like the system to
act in the same way with regard to authentication.
Again, this is what we would like:
****When Meditech is started, it should prompt for the user’s Domain username
and password. ****
This should be done regardless of how the PC or user is or is not already
authenticated.
Detailed Notes on Functionality:
1) If a user presses Esc, then a user could enter a (non domain) Meditech
username and password. This would enable the “old” login method to be used for
exceptions like Meditech employees’ access to the system.
2) For exceptions like background job clients we would not want to loose the
current functionality, so ideally, there would be a way based on username or
device to allow the current automatic NT login method (with no prompt for
username and password).
Please reply to Tom Hoffman [EMAIL PROTECTED]
Manager of Information Services
Wayne Memorial Hospital
Honesdale, PA
570-251-6504
======================================
All messages should be posted in plain text.
HTML will be converted to attachments.
The meditech-l web site is MTUsers.com
______________________________________
meditech-l mailing list
[email protected]
http://mtusers.com/mailman/listinfo/meditech-l
