Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Contact Us
  • Home
  • CDMS
  • Castor CDMS Manual
  • Introduction and getting started

Using Single Sign-On (SSO) in CDMS

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • CDMS
    Castor CDMS Manual Castor CDMS Calculations Manual Frequently Asked Questions Articles for Data Managers Castor CDMS Compliance Release Documents
  • eConsent
    Castor eConsent Manual Castor eConsent Compliance Release Documents
  • SMS
    Castor SMS Manual Castor SMS Compliance Release Documents
  • Castor Connect
    Castor Connect Compliance Release Documents Castor Connect Manual Castor Connect - Participant Quick Start Guide
  • Helpdesk
    News Other Resources Castor products knowledge resources
  • Status page
  • Completing a Study
+ More

Table of Contents

SSO for users Logging in to Castor CDMS Log in using Castor CDMS credentials Log in using SSO Inviting users to a study Using the API SSO for institutes Supported protocols SAML SSO flows Enforcing SSO Implications Exceptions

SSO for users

Logging in to Castor CDMS

When your institution requires SSO, you will be unable to log in with the Castor CDMS credentials you previously set. Instead, after entering your email address on the login page, you will be redirected to your institution's Identity Provider (IdP) to log in.
 

Log in using Castor CDMS credentials

You will be prompted to enter your Castor CDMS password if your institution does not enforce SSO or has exempted your account from using SSO. You can read more about logging in to Castor CDMS on this helpdesk page.

 

Log in using SSO

You will be redirected to your organization's IdP (for example, Azure AD) if your institution enforces SSO.

 

Inviting users to a study

The process of inviting users to a study is the same for SSO users and non-SSO users. More information about inviting users can be found on this page.

 

Using the API

For security reasons, we require SSO users to login to Castor CDMS using their Identity Provider on a regular basis. After 7 days of inactivity, you must log in again through the user interface before you can generate a new OAuth token.

 

If you have not logged in to the system for more than 7 days, the /oauth/token endpoint will return the following error: “For security reasons, we require SSO users to login to Castor CDMS using their Identity Provider on a regular basis. You have not accessed the system in 7 days. Before making any API calls, please log in via the user interface.”

 

It is possible to make an exception to SSO enforcement on a user account level. Please contact the department or person responsible for managing Castor CDMS in your institute to do so.

 

 


 

SSO for institutes

SSO allows users to access multiple web applications using a single set of login credentials. By providing a single point of authentication and authorization, SSO enables your institution or site to gain centralized control over user access and management. This can help you gain a better handle on the compliance, security, and data governance of their research data. Furthermore, SSO can improve the user experience by allowing researchers, staff, and other users to log in to Castor CDMS using their existing institutional credentials rather than remembering and managing multiple sets of login information.

 

Supported protocols

Castor supports the SAML and OIDC protocols for SSO authentication. We only onboard new customers on the OIDC protocol.

 

SAML SSO flows

For customers using SAML-based SSO, both the Service Provider (SP) and Identity Provider (IdP) initiated flows are supported.
 

Enforcing SSO

As an institution, you can enforce the use of SSO for your email domain (for example, hospital.com). Your email domain will be associated with an IdP (for example, Azure AD), which can be used to log in to the application.

 

Implications

Enforcing SSO has a number of implications. Users with your email domain:

  • … will be redirected to an IdP in order to authenticate themselves or will directly use the IdP to get access to Castor CDMS. 
    • They will use the login page and credentials from their IdP.
  • … cannot log in using their Castor CDMS credentials anymore.
    • Instead, they will be redirected, as described above.
  • … cannot use Castor CDMS’ 2 Factor Authentication (2FA) anymore.
    • Instead, they will use the 2FA of the IdP, if applicable.
  • … must log in using the IdP every 7 days in order to maintain access to the API.
    • SSO cannot be used to manage API credentials. To maintain access to the API, we require users to log in every 7 days for security reasons. It is not possible to generate a new OAuth token after 7 days of inactivity, and users must first log in using the IdP to regain access.

 

Exceptions 

It is possible to make exceptions to the SSO enforcement on a user account level.  Such an exception enables the user to log in using their Castor CDMS credentials instead. Exceptions can be made for:

  • Regular users (i.e., user accounts that use a shared email box and cannot login through SSO) 
  • System users (i.e., user accounts that are not used by an ‘actual’ user, but used for API integrations)

To make such an exception, contact a member of the customer success team. Please include the email address of the user account in your request, as well as a description of whether this concerns a regular user or a system user.

edc cdms sso identity management access management single sign-on

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Serious Adverse Events (SAE) EDC/CDMS
  • Manage your account settings in CDMS
ISO 27001
FDA - 21 CFR part 11
ICH GCP compliant
HIPAA compliant
CDISC
ISO 9001
gdpr compliant

Products & Industries

  • Electronic Data Capture (EDC)
  • ePRO
  • eConsent
  • Decentralized Clinical Trials (DCT)
  • Clinical Data Management
  • Medical Device & Diagnostics
  • Biotech & Pharma
  • CROs
  • Academic Research

Resources

  • Thought Leadership
  • Blog
  • Castor Academy
  • Knowledge Base

 

Company

  • About Us
  • Careers
  • News
  • Contact Support
  • Contact Us

Legal & Compliance

  • Terms of Use
  • Privacy & Cookie Statement
  • Responsible Disclosure Policy
  • Good Clinical Practice (GCP)
  • ISO Compliance Certificates
  • GDPR & HIPAA Compliance
  • Security Statement

© 2022, Castor. All Rights Reserved.

Follow us on social media


Knowledge Base Software powered by Helpjuice

Definition by Author

0
0
Expand