Practice Fusion Resolves Authentication and Identity Management Pain with Single Sign-On

At a glance

As the leading, cloud-based electronic health records (EHR) platform in the U.S., Practice Fusion is dedicated to making technological advances in Health IT. With a mission of connecting doctors, patients, and data to drive better health and save lives, they facilitate over five million patient visits a month with more than 600 connected partners.

Challenge

SSO Required for Authentication
While Practice Fusion was deploying a customer community platform, the IT team ran into a challenge. They needed a way to separate the authentication of employees from EHR users. The only way to accomplish this was through single sign-on (SSO).

Password Management Burden
Practice Fusion experienced the usual challenges faced by a growing company, onboarding new employees who need application access and adding access to additional applications for expanded company functions. The IT team spent significant time helping employees manage their multiple passwords, and carried the burden of account management across dozens of different applications.

John Hluboky, Senior Vice President of Technical Operations at Practice Fusion, explains, “Employees were experiencing pain from having multiple passwords to maintain. And knowing that there was a risk of shadow IT services that former employees retained access to, that made searching for an identity management vendor a very easy conversation to have.”

Solution

After evaluating several vendors, Practice Fusion chose OneLogin to meet their SSO and password management needs. Hluboky recalls, “We were a small, rapidly growing company, as was OneLogin. It was really a way for us to continue forging that path together.” IT has since expanded its identity and access management (IAM) footprint to multi-factor authentication (MFA), SAML integration with multiple apps, and user provisioning with OneLogin.

Support and Partnership with OneLogin
One of the main reasons Practice Fusion selected OneLogin is the level of support and partnership they felt that they could only get from OneLogin.

This proved true when the core app for which Practice Fusion needed SSO required custom development work. Hluboky says, “OneLogin really jumped to the fore and helped us in those early days to get that app deployed, and we've been a loyal customer and partner ever since. It's been a great platform for us, and we now have integrations with dozens of apps.”

SAML Integration for Secure App Access
SAML-enabled applications provide secure application access. Practice Fusion leverages OneLogin SAML integrations to access a number of key apps, such as G Suite (Google Apps), Bonusly, Namely, and Slack. Hluboky shares that his users “can only access those applications through the OneLogin portal. For Namely, we are now using SAML for authentication via OneLogin. It was easy to configure and is working beautifully for us.” From a security standpoint, SAML significantly decreases Practice Fusion’s vulnerability to attacks and minimizes risk to the phishing attack vector for SAML-enabled applications.

Automated Provisioning
Not only has Practice Fusion been able to minimize exposure and security risk with SSO, but also through automated provisioning and role-based access.

“Integrating a new application with an Active Directory security group and having that automatically provisioned is a huge time saver for our IT team, and it makes our security team more at ease as well,” explains Hluboky.

Practice Fusion recently rolled out G Suite to its users, leveraging OneLogin for both SAML authentication and provisioning users from the on-premise Active Directory through OneLogin to its Google directory.

Enhanced Security for AWS
With Amazon Web Services (AWS), OneLogin adds a layer of security and makes sign-on, user access, and MFA much easier for Practice Fusion. Hluboky explains, “We have different AWS environments, and different integrations in terms of IAM roles with AWS that is facilitated through the OneLogin portal. So today the only way that we allow our engineers, our administrators, and others to access our AWS consoles is through OneLogin—which has benefited us from an overall security implementation standpoint.”

“OneLogin synchronizes users in real-time, which provides us with an essential kill switch for protecting data,” says Hluboky. “We have been very happy with our AWS integration on OneLogin due to the streamlined role mapping and MFA integration. The addition of a secure multi-account login strengthens access security.”

Results

Hluboky sums it up: “If I were to describe OneLogin in a word, it would be simplicity. The end user experience is simple, with pain-free access to the apps needed, and from the admin side, we can roll out integrations quickly and neatly.” As an illustration of the simplicity of OneLogin, Hluboky says he “can delegate responsibilities to administer the application and be assured they're not going to grant excessive access or access to secure information to the wrong folks.”

Fast and Secure App Rollout
Configuring automated provisioning is a huge time saver for Practice Fusion. For example, they wanted to deploy and enable provisioning for Slack, but expected it would take days and require significant manpower. Hluboky shares, “The provisioning capabilities between OneLogin and Slack are fantastic. It really helps define role-based access control, user provisioning, and deprovisioning. We did a trial inside the company with about 75 people and end-to-end it took just three hours to grant access to the Slack account, provision, enable, and fully set up our users through OneLogin.

“Our CTO, who originally requested the Slack deployment, was absolutely blown away. He couldn't believe how quickly the IT team was able to respond to this request on so broad a scale, and to have it be secure and fully integrated and single sign-on. It's a great story in terms of technology enabling us to provide better service.”

Self-Service Password Reset Relieves Help Desk
Practice Fusion also uses OneLogin’s self-service password reset functionality, which has improved help desk efficiency. “Honestly, you have to just keep reminding people that it's there,” says Hluboky. “We’ve saved a great deal of time, dramatically reducing the number of requests we used to get.”

Satisfaction for Both IT and Users
Practice Fusion has seen benefits beyond the quantitative gains in efficiency. “I have had a number of people tell me how much they appreciated having simple password management and not having to manage multiple accounts,” says Hluboky. He adds that it is very satisfying as an IT member to know “you're providing a service that is useful to the entire organization,” and can help manage what is always a frustrating and challenging experience for users.

Secure All Your Apps, Users, and Devices