Notifications
Clear all
Topic starter
25/06/2026 3:11 pm
TL;DR: NHS Scotland adopted a single sign-on and password reset solution to improve access to clinical systems, reduce workflow friction and strengthen data security across its health boards, according to Imprivata. The case is a reminder that human IAM programmes in high-pressure environments must balance usability, compliance and control design at the same time.
NHIMG editorial — based on content published by Imprivata: NHS Scotland SSO and password reset rollout for health workers across Scotland
By the numbers:
- Imprivata serves the access security needs of more than 1,100 customers around the world.
Questions worth separating out
Q: How should healthcare organisations implement single sign-on without disrupting clinical workflows?
A: They should design SSO around the real movement of staff between applications, not around a single login screen.
Q: Why does password reset matter as an identity governance control?
A: Because reset design determines whether users can recover access safely or drift into unsafe workarounds such as password reuse and informal support paths.
Q: What breaks when identity tools ignore frontline work patterns?
A: Controls become slower to use than the work they are meant to protect, so staff route around them.
Practitioner guidance
- Define access around workflow, not just application lists. Map the sequence of systems a clinician or frontline user actually touches in one shift, then design SSO coverage around that path rather than individual application owners.
- Harden password reset as a governed recovery channel. Require traceable recovery steps, stronger verification for account restoration and full logging of reset events.
- Test integration against real directory and endpoint dependencies. Before rollout, confirm the control works with existing Active Directory structures, endpoint constraints and legacy clinical systems.
What's in the full analysis
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- Procurement and rollout context for the NHS Scotland agreement across multiple health boards
- Named product details for Imprivata OneSign and the associated five-year maintenance and support arrangement
- Direct stakeholder commentary on workflow integration, trust and clinical productivity from NHS Scotland and partners
- Background on Northgate Managed Services, Trustmarque and the delivery model behind the deployment
👉 Read Imprivata's article on NHS Scotland's single sign-on and password reset rollout →
NHS Scotland SSO and password reset: what IAM teams should notice?
Explore further
25/06/2026 4:34 pm
Human IAM succeeds when access friction is treated as a security variable, not a user-experience afterthought. NHS Scotland’s objective was not simply to make logins easier. It was to remove delay from the access path without diluting control, which is the right framing for large clinical environments where operational speed and identity assurance are inseparable. For IAM leaders, this is a reminder that workflow drag often drives the very behaviour security teams are trying to prevent.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- Only 5.7% of organisations have full visibility into their service accounts, which shows how weak identity oversight remains once access moves beyond people.
A question worth separating out:
Q: How do organisations know whether SSO is actually improving security?
A: They should look for fewer unmanaged login workarounds, clearer session boundaries, lower help desk recovery volume and better traceability of access events. If SSO only reduces friction but does not improve auditability or reduce bypass behaviour, it is not delivering full identity value.
👉 Read our full editorial: NHS Scotland’s SSO rollout shows how human IAM supports care
