Hi,
based on Care Identity Service authenticators - NHS England Digital shared devices are supported. What options are available when using an Android device which is organization owned and shared amongst users?
I’ve understood Passkeys and Microsoft Authenticator cannot be used on a shared device, only on a personal device. Windows Hello, CIS2 iPad app and Smartcards (without a separate reader) cannot technically be used on Android. Would only Security key and NHS Connect work for Android and shared device? Are the further instructions/information besides the following Smartcards and authenticators - NHS England Digital link?
For AAL3 level authenticators, the only real option currently is a security key. However we have an android passkey app in private beta (reach out to the identity team to enrol) - however this would require a personal or non-shared device as the key is device bound.
For AAL2 authenticators, the options are the TOTP (MS Authenticator) or NHS.net connect options - both do still require a separate (possibly personal) device for MFA. Similarly (synced) passkeys would work, but require a separate login on the device to link the passkey to an account. Depending on how users use the shared devices (for example some are “reset” on assignment and a user logs in during their “ownership”) this may work as they can be linked to the account when in use.
We are doing work on shared devices going forward