OSCAR Pro Authentication (Pro Auth)
We are excited to announce that the OSCAR PRO login screen has been revamped to support the latest and most secure standards in identity and authentication.
Say goodbye to the legacy OSCAR ‘pin’ code and say hello to a more secure authentication experience with support for Adaptive Multi-Factor Authentication (MFA) and software interoperability via FHIR.
Not sure which Login method your clinic is using?
The image below displays the OSCAR Pro Auth Login (left) and the OSCAR Classic login (right) side by side:
- help@oscarprodesk.ca
- 1-866-935-5367
Why Pro Authentication (Pro Auth)?
Aside from critical security improvements and introduction of Multi Factor Authentication (MFA), the Pro Auth module is crucial in facilitating existing and future Interoperability between OSCAR Pro and other medical software via the FHIR standard.
Fast Interoperability Health Resource (FHIR) is a widely used standard for healthcare interoperability globally; allowing various medical software to communicate and share data between applications in a seamless and secure way.
The Pro Auth module allows clinics to take advantage of applications developed for the OSCAR Pro FHIR API in order to seamlessly interact with in-house and 3rd party applications directly from OSCAR Pro.
We firmly believe that we are only at the start of an exciting journey towards improvements in the tools and technologies used by practitioners and clinics. We are excited to be creating an open ecosystem of digital health tools for practitioners with apps.health, and allowing practitioners to extend their EMR with additional capabilities.
For a list of existing and future integrations, please see visit the Apps.Health portal.
What is Multi Factor Authentication (MFA)?
Multi Factor Authentication (MFA) is used to confirm a user's identity by using 2 or more methods of verification. Although OSCAR has always had the password and "pin", this did count as MFA since each method has to be a different category: something you know (e.g. password), something you have (e.g. cell phone), or something you are (e.g. fingerprint).
A common MFA method you might already be used to is entering a password, followed by receiving a text message code to enter in and confirm your identity!
Enabling MFA for your account can significantly increase the protection and security of your account. The following options are currently available as secondary authentication methods:
| Okta Verify | Use a push notification sent to the mobile app |
| Security Key or Biometric Authenticator |
Use a security key (USB or bluetooth) or a biometric authenticator (Windows Hello, Touch ID, etc.) |
| Google Authenticator | Enter single-use code from the mobile app |
| SMS Authentication | Enter a single-use code sent to your mobile number |
Summary of Changes:
Clinics can now enable Adaptive MFA if desired:
- Users with Administrative access Administrative in OSCAR can Enable or Disable MFA as desired
- Once MFA is enabled, each user will be asked to utilize a secondary method of Authentication after entering their username and password. If a method is not setup, the user will be guided through a user-friendly process to set it up secondary authentication for the first time
A new Administration section to manage Pro Auth related functions, where Admin users can:
- Enable/Disable MFA.
- Unlock accounts after 5 incorrect login attempts.
- Reset 2FA selection for specific user.
Pro Authentication is loaded with numerous security features 'under the hood' to reduce risk of unauthorized access, including:
- Geolocation blocking based on Network zones to restrict access attempts from undesired location.
- Adaptive security mechanism based on users login behaviour and authentication patterns.
- Replacement of OSCAR's outdated password encryption mechanism with leading industry standard encryptions.
Visiting Login page redirects to schedule, if user is already logged in:
- Visiting the login page OSCAR Classic login displays the login fields despite user already being logged in. This creates a false sense that a user is not logged in, despite an authenticated session existing in the background.
- In OSCAR Pro Auth, visiting the login page redirects user to the schedule automatically if they are already logged in.
- Users must use Log Out to ensure they are fully logged out of OSCAR.