With about 700 employees, 250 consultants, and a small IT team, Blackrock Health's Hermitage Clinic embraced a cloud-first strategy a few years back. The hospital is currently on a digital transformation journey, both clinical and organizational wide. “Cloud first allows our IT department to call upon the expertise and knowledge of cloud providers to enable our workforce,” explains Wilhelm Pettersson, Head of Digital Change at Blackrock Health | Hermitage Clinic.
Leading the way on this journey, Pettersson introduced the broader organization to cloud-based applications when his team brought on Salesforce to power the service desk. However, he quickly realized people needed a way to easily access the cloud-based application to encourage adoption.
Blackrock Health | Hermitage Clinic was using Active Directory Federation Services (ADFS) internally, but users working remotely had to VPN into their applications. To complicate matters, people would regularly contact the IT team for assistance when they struggled to recall their passwords.
“We wanted to make sure everyone had a good user experience as we shifted to a full-fledged cloud-first strategy,” says Pettersson.
OneLogin underpins our cloud-first strategy, enabling our clinic to operate in a modern way while ensuring a good user experience and the strongest measures of security.
Since The Clinic doesn’t use Office 365, it was not compelled to continue using ADFS. So Pettersson zeroed in on Identity and Access Management solutions. After comparing ADFS to Duo and OneLogin, Hermitage Clinic selected OneLogin Single Sign-On (SSO) and OneLogin Protect due to its functionality, out-of-the-box connectors, usability, and simplicity.
“I was aware that Airbnb uses OneLogin SSO and was inspired, seeing how easy it was to navigate and use. I felt it would provide a good first experience for people logging in,” continues Pettersson.
He also underscored the value of the connectors. “The out-of-box connectors make OneLogin the easiest of the solutions to roll out and ensure continued simplicity as we engage new vendors.”
After enabling SSO for Salesforce and a few applications with a small number of users, the IT team rolled it out for Outlook for web users. “People took well to OneLogin SSO, so we used it to secure access to our web email, and we didn’t have to put that behind a VPN,” Pettersson explains.
Today, staff and physicians access a variety of applications via OneLogin. This includes Outlook Web Access for email, eLearning, VPN, Qlik Sense, Mediclaim, Zoom for meetings + telemedicine, and the expanded Salesforce platform.
By leveraging security standards, like SAML + OpenID, OneLogin SSO enables users to access applications without the need to remember various usernames and passwords for different applications. “This is a huge win for our users. They just click on OneLogin and can access the cloud and some on premise applications. For IT, the win is no less tickets and calls to reset passwords and setups for those applications,” says Pettersson.
Since initially going live with OneLogin, Blackrock Health | Hermitage Clinic had to shift to support a work-from-home model when Covid-19 hit. In addition to enabling Multi-Factor Authentication (MFA) and login to Global Protect VPN via OneLogin, the clinic is seeing an uptick in remote access of key applications. MFA is used when individuals are trying to access an application -- if they are not on the hospital network, when working from home, or when a physician at another hospital is trying to remotely access an application.
As Pettersson explains, “With more users working externally, more people are using OneLogin. Now, when we roll out a new app, MFA is applied so we know only the right people are securely accessing our applications.”
Because the IT team prefers to provide the same experience for non-SAML apps, it often requires new apps to be cloud-based and SAML-enabled. “Even our staff now ask vendors if their applications are in the cloud,” says Pettersson.
Going forward, Pettersson is planning the use of OneLogin for the clinic’s intranet and business intelligence tool from the OneLogin portal. “That means staff members will be served by the OneLogin experience they are used to.”
In addition, the IT Digital Team team is looking at the potential of using OneLogin solutions for patients accessing the new cloud scheduling platform. “We want to look at leveraging the social IDs that patients already used to access that information -- without the need to remember another username and password we create for them for their appointment. But of course, with the need for multi-factor,” he explains.
As Pettersson considers all of the ways he’s continuing to lead Hermitage Clinic on its cloud-first journey, he can see the potential for sister clinics to get on board with OneLogin, “We’re showing how much OneLogin is part of our ecosystem, so Blackrock Clinic and Galway Clinic can see how easy it is to use OneLogin,” he explains.