With IAM, Apotek 1 strengthens security and efficiency

Apotek 1, Norway's largest pharmacy chain with over 450 locations and 5,000 employees, faced complex challenges with access management. The need to centralize access rights, ensure eIDAS-compliant prescription signing, and automate identity processes became crucial. Through collaboration with Cloudworks, a centralized IAM solution was implemented, meeting the demands for both security and efficiency.

Norway's leading pharmacy chain

Apotek 1 is the largest pharmacy chain in Norway, with more than 450 locations spread across the country and over 5,000 dedicated employees. The chain offers a large range of medications, health products, and advisory services to both individuals and the healthcare sector. With an emphasis on personal service, guidance, and accessibility, Apotek 1 is a leading player in health in Norway.

From local to centralized control

For many years, Apotek 1 managed access control and authentication through a decentralized model, where each pharmacy handled it independently. This approach was both time-consuming and inefficient, making it difficult to ensure consistent administration across the organization.

Meanwhile, the demands for data security and compliance became more stringent, creating a need to modernize the system to meet regulatory requirements while also simplifying employees' workdays.

The transition from the previous pharmacy system, FarmaPro, to the new system, Alfa, marked the start of a comprehensive digital transformation. The goal was to centralize access management, implement secure authentication methods, and create a solution that combines efficiency and security.

Pharmacy technician

A needs analysis helps identify the right IAM solution

To ensure that the new solution met all the diverse needs of the organization, Apotek 1 reached out to Cloudworks.

Cloudworks recommended conducting a thorough needs analysis. The analysis was to uncover the requirements and preferences of pharmacists, inventory management, and support functions.

The needs analysis laid the foundation for finding the right solution for Identity and Access Management (IAM), which could centralize the administration of roles and permissions, simplify employees' workdays, and simultaneously meet the strict requirements for data security and GDPR compliance.

Read more about Cloudworks' needs analysis for Apotek 1 here!

A comprehensive and secure IAM solution with NetIQ

A specific challenge identified during the needs analysis was the requirement to support scenarios where two individuals can be logged into the same computer simultaneously. This is crucial in a pharmacy context, where a pharmacist must quickly approve medication prepared by a pharmacy technician without disrupting other user sessions.

To ensure the solution could manage this, Cloudworks conducted a Proof of Concept in close collaboration with Apotek 1.

Following a thorough analysis, NetIQ by OpenText was chosen as the provider for the new IAM solution. NetIQ was chosen for its ability to create a cohesive and user-friendly experience for employees while meeting the organization's high standards for security and efficiency.

As Christian Fjeldaas, IAM architect from Apotek 1, points out, the goal was to ensure that the new solution combined user-friendliness and security:

Our new pharmacy solution comprises multiple applications, which should be perceived by employees as a unified system. To achieve this, we have implemented Single Sign-On (SSO), allowing users to log in just once and then access all necessary systems.

FIDO2 security keys for easy authentication

For the authentication part, several options were tested during the Proof of Concept, including fingerprint and mobile apps. The choice landed on FIDO2 security keys, which are both user-friendly and meet the high standards for data security. Access Perscription

As Dagfinn Herum, IAM architect at Cloudworks, explains:

FIDO2 security keys provided us with the perfect balance between user-friendliness and data security. It was also crucial to ensure compliance with GDPR and eIDAS regulations, which the solution fully meets.

The solution is tailored to the pharmacy's needs, enabling pharmacists to quickly and securely approve prescriptions through eIDAS-compliant signing. Previously, the process required manual handling and could create bottlenecks, but with the new technology, prescriptions can now be approved without disrupting other user sessions. This eliminates the need to log other employees out of the system, saves time, and ensures a smooth workflow during a busy workday.

What are eIDAS and FIDO2?

eIDAS (Electronic Identification, Authentication and Trust Services) is an EU regulation that establishes a unified framework for digital identification and trust services. It ensures that electronic transactions can be conducted securely and seamlessly across member states.

FIDO2 is a modern security technology that uses advanced encryption to enable password-free authentication. With a FIDO2 key, users can log in easily and securely without the need for traditional passwords.

Automatic access management based on HR data

A crucial aspect of the solution is its integration with Apotek 1’s HR system. Employee roles and permissions are now automatically assigned based on their employment status, ensuring accurate and reliable data. All of this is managed from the centralized IAM solution.

As Neelam Kaur, the IAM team coordinator at Apotek 1, points out:

Our goal was for all employees to begin their first day of work without any issues. When you are employed at Apotek 1, you should be able to log in and immediately access the systems and permissions necessary to perform your job.

The automated access ensures a smooth and streamlined experience. If an employee changes roles or leaves, access rights can be updated quickly and accurately.

Additionally, location-aware login has been implemented, meaning employees only access data relevant to the pharmacy they log in from. This enhances security and minimizes the risk of errors.

Time-limited access enables a flexible and secure operation

With the new centralized solution, it is possible to grant time-limited access to other locations or applications. Neelam Kaur emphasizes its significant impact on the daily operations of the pharmacy chain.

We utilize time-restricted roles, allowing us to temporarily assign employees to other pharmacies or grant support access to specific systems for a limited duration. This approach makes the solution both flexible and secure.

Integrating access management with data from the HR system has been key to ensuring efficient, flexible, and secure operations across the entire Apotek 1 organization.

An IAM solution for the future

The project was brought to life through close collaboration between Apotek 1, Cloudworks, and external partners like Habberstad and GenLan. The implementation required extensive coordination and strong integration within the organization. Today, Apotek 1 benefits from a solution that ensures both high security and an efficient daily operation. Neelam Kaur enthusiastically shares:

We have excellent control over our users throughout their entire lifecycle. Additionally, we notice that many other parts of the organization benefit from the solution. Numerous new projects and existing applications also wish to connect to the IAM solution.

The centralized IAM solution has already made a noticeable impact. Employees can quickly access the systems they need, while customers can rest assured that their data is being handled securely and professionally.

However, for Neelam Kaur, the solution is not yet fully developed:

Even though the solution is already a great success, we view it as a dynamic part of our organization. It will continue to evolve and grow with us as our needs change.