Hi,
based on Care Identity Service authenticators - NHS England Digital shared devices are supported. What options are available when using an Android device which is organization owned and shared amongst users?
I’ve understood Passkeys and Microsoft Authenticator cannot be used on a shared device, only on a personal device. Windows Hello, CIS2 iPad app and Smartcards (without a separate reader) cannot technically be used on Android. Would only Security key and NHS Connect work for Android and shared device? Are the further instructions/information besides the following Smartcards and authenticators - NHS England Digital link?
For AAL3 level authenticators, the only real option currently is a security key. However we have an android passkey app in private beta (reach out to the identity team to enrol) - however this would require a personal or non-shared device as the key is device bound.
For AAL2 authenticators, the options are the TOTP (MS Authenticator) or NHS.net connect options - both do still require a separate (possibly personal) device for MFA. Similarly (synced) passkeys would work, but require a separate login on the device to link the passkey to an account. Depending on how users use the shared devices (for example some are “reset” on assignment and a user logs in during their “ownership”) this may work as they can be linked to the account when in use.
We are doing work on shared devices going forward
Thank you John for the reply.
So in short how I understand this at the moment: With Android and iOS devices the usage of shared device would need the user to carry their AAL2 identity on a different Android or iOS device and then pass that to the Trust owned shared work device. Passkeys could work if there’s an easy process to load passkey on device when user starts use of the devices and are reset after use ends.
For AAL3 as you said would require a personal security key for each staff member to be carried with them to use as authentication for the shared device.
Any high level estimates on schedules for shared device related changes that NHS England is working on at the moment?