Hi everyone,
We're in the process of launching a new Electronic Health Record (EHR) system for a medical facility. This EHR will be hosted in the vendor's cloud, and we have a site-to-site VPN established to connect to their environment. The vendor has requested to integrate user authentication through our on-premises Active Directory using LDAPS. They currently don't support SAML, but it's something they plan to implement in the next six to eight months.
I'm aware that this setup extends our identity boundary to a third party, and I have a couple of concerns:
- Is it safe to let vendor applications authenticate directly against our on-prem AD via LDAPS?
- What crucial security controls should we have in place for this setup?
- Since users will be entering their credentials into the vendor's web app using LDAPS, how can we be sure that credentials aren't being logged, cached, or stored on their servers?
- If the vendor's app were compromised, what risks could that pose to our AD?
I'd really appreciate any advice or suggestions you might have!
2 Answers
Regarding your concern about credentials being logged when users enter them into the vendor’s web app, I can't think of any specific technical controls to ensure safety. I'd recommend raising this issue with the Governance, Risk, and Compliance (GRC) team so it can go onto the risk register. Having a VP or higher sign off on this might be your best bet.
I work in healthcare, and using LDAPS is actually pretty standard. I've integrated different systems before, like Pyxis med cabinets, using LDAPS. It's not uncommon to see vendors doing this.
The vendor claims that their app only relays authentication requests through an encrypted channel and doesn't store passwords. I'm also wondering if it's acceptable for their app to communicate directly with our LDAP AD server.