Back to Announcements

Franklin-Jones Release – Content Summary

Announcements, Release Notes Habiba Tabasum

The NHSmail Portal release is named in honour of Elizabeth Franklin-Jones Children’s Senior Sister, Children’s Emergency Department, East and North Hertfordshire NHS Trust, who was awarded an MBE in the Queen’s Birthday Honours (2021) for her services to Nursing and Mental Health Services.

Please find below a summary of the main content of the  Franklin-Jones release which was deployed on the 6th July 2023. To view the full release notes for this release please see the PDF file at the end of this summary.

 BAU Functionality 

  • 76300 – Disable MFA on conversion from User account to Application account

This PBI provides the ability for Primary Local Administrators and Local Administrators of an organisation to convert a user account to an application account. Upon conversion, MFA will be disabled automatically, preventing two-factor authentication being present when authenticating with an application account to reduce any interruption when being used as a service account.

    • The following guidance can be followed to find a PLA/LA of an organisation. If an organisation does not have a Primary Local Administrators or Local Administrators, then the guidance also includes how to appoint one. Finding a Local Administrator – NHSmail Support
    • National Administration Service (NAS) organisations will be required to raise a service request with the NAS Helpdesk to action the request.
  • 76313 – Enable MFA on conversion from Application account to User account

This PBI provides the ability for Primary Local Administrators and Local Administrators of an organisation to convert an application account to a user account. Upon conversion, MFA will be automatically re-enabled. This will prompt the user for MFA registration the next time they login.

    • The following guidance can be followed to find a PLA/LA of an organisation. If an organisation does not have a Primary Local Administrators or Local Administrators, then the guidance also includes how to appoint one Finding a Local Administrator – NHSmail Support
    • National Administration Service (NAS) organisations will be required to raise a service request with the NAS Helpdesk to action the request.
  • 76900- New dialog box on the ‘Disable Azure MFA button’

This PBI is introducing a new dialog box which has been added to the ‘Disable Azure MFA’ button. Once the button is clicked, a new warning dialog box will appear providing further details to the admin, alongside the below buttons:

Disable: This will close the dialog box, returning the admin back to the user edit page with MFA being disabled in the background.

Cancel: This button will close the dialog box, returning the admin back to the user edit page. MFA will not be disabled if the cancel button is clicked.

Portal Projects Functionality

  • 75370- VN162: NHSmail Password Reset Email Change

As part of this PBI, the Email template content has been updated for Reset Password workflow and welcome email.

  • 75126- VN162: Update Portal Carousel to include new Self-Service Password Reset banner

As part of this PBI, a new slide has been added to the carousel to include the following: “Introducing User Account Secret”. This item on the carousel will be presented in the 8th slide.

  • 70167- VN162: Modification of the AUP workflow to remove the security questions and answers

As part of this PBI, the Security Question and Answers page has been removed; Introducing the New Feature “User Account Secret” which will be available while accepting the AUP for new users in Portal.

Account secret tab is a new page, and  will allow the user to enter an account secret with the below rules:

    • One single word with a minimum of 8 characters and no maximum enforced.
    • Only letters with no numbers or special characters.
    • It cannot contain user’s name, surname, or organisation name.
    • Not case sensitive.
    • NHSmail Portal will hold history of secrets and will not allow to re-use the last 5.
  • 70166- VN162: Modification of the Authentication User method to use a client secret

As part of this PBI, if a user has an account secret set or has resecured their account then:

    • Primary Local Administrator, Local Administrators or Helpdesk agents will be presented with 3 characters from the user’s account secret which is set.
    • Upon selecting submit, the answers are validated against the account secret.
    • If successful, a success message is displayed and audit entry for the same will be present.
    • If failed, a failure message will be displayed.

If the user has not resecured their account/has no account secret set, then:

    • Primary Local Administrator or Local Administrators will be presented with a portal page showing 2 of the user’s security questions and will be asked to input 2 characters and 1 character respectively.
    • Upon submission the inputs are validated against the security answers.
    • If successful, a success message is displayed and audit entry for the same will be present.
    • If failed, a failure message will be displayed.
    • If wrong characters are entered 3 times, then the authenticate functionality will be disabled for 1 hour.
  • 73751- VN162: Creation of an Admin workflow to resecure an account

As part of this PBI, a new button ‘Resecure account’ is added to the User details page. When a user forgets their account secret, they can contact their Local helpdesk and get their account resecured by this option.

An  Primary Local Administrator or Local Administrators can resecure the account of the user. When the resecure account button is clicked, the below actions will need to be performed:

    • The users AUP status will be reset to 0 in DB.
    • User will be added to the no AUP group in active directory.
    • The page will redirect to ‘Reset password’ page and the user’s password will be reset which will need to be communicated to the user verbally by the admin.
    • The account secret which has been set for this user will be set to expired in the Portal DB.
    • Resecure button will be disabled until the user accepts the AUP again.

When the user logs in with the new password:

    • User will be presented with AUP acceptance page.
    • User shall be prompted to set an account secret.

More information can be found in the following support article: https://support.nhs.net/knowledge-base/resecure-an-account/

  • 70168- VN162: Modification of the My Profile page to remove security questions and answers

As part of this PBI, the ‘Security questions and answers’ tab has been removed from My Profile page of the user if the user has resecured their account or has set the account secret. Only ‘My profile’ and ‘Self-service’ tabs will be displayed.

    • Both the ‘My profile’ and ‘Self-service’ tabs will have same existing functionality.
    • Change password button will be available and has the same existing functionality.

If the user has not resecured their account/has no account secret set then, the user will be able to see ‘Security questions and answers’ tab in My profile page. All the 3 tabs will be displayed in this case.

    • All the 3 tabs will have same existing functionality.
    • User will be able to reset security questions and answers.
    • Change password button will be available and has the same existing functionality.

If a user has forgotten their ‘Security questions and answers’, their account will have to be    resecured using the new functionality (PBI 73751).

To view the full release note please refer to the PDF file.

back to top