PainChek supports a feature called Quick Sign In (QSI) that allows a user to sign into the PainChek App on an iOS or Android device using a 4 digit PIN, rather than signing in using the full Single Sign On (SSO) process.
It works as follows:
The user signs into the device using SSO. This generates a token that is used in subsequent calls to the API.
The user then elects to use QSI and records a 4-digit PIN on the device.
The next time the user signs in, they click on the profile image and enter the 4-digit PIN. The previously obtained token is used to access the API.
Quick Sign In has two primary advantages over an SSO sign in:
It is faster and simpler for the user.
A user can sign into the device and use PainChek, even when the device is offline.
Quick Sign In, however, has some potential drawbacks:
The user is verified using a 4 Digit PIN. This can be viewed as a reduction in security, but that is mitigated by ensuring the user has performed and initial SSO on the device and also the additional layer of security that a device pass-code provides.
The user can continue to sign into an iOS or Android device using QSI, even though their SSO account may be disabled.
The user signing in with QSI has the role and permissions established when they last signed in using SSO. These may have been updated in the SSO platform in the meantime.
To address issues 2 and 3, we recommend disabling the user in PainChek by calling the PainChek API - see the Enabling and Disabling a User section of Managing Users for more details.
When a user is disabled, any tokens associated with the user are invalidated, meaning the users QSI is effectively disabled. When the user tries to sign in using QSI, PainChek will notify them that their QSI is invalid and they will need to go through the SSO sign in process.
If the user is disabled in the SSO system, they no longer can access PainChek.
If the user is enabled in the SSO system, their PainChek account will be re-enabled and their roles and permissions updated to reflect the SSO platform.