Access to an HIN-protected site - HIN AGW User Manual 0.9.8

2.3 Access to an HIN-protected site

Figure 1: How the AGW operates

Users within the organisation can access a HIN-protected application directly from any browser without any mediation using AGW components. The HIN data centre uses the external IP of the query to determine whether this is from an organisation connected to the AGW. To authenticate the user, a query is sent to the organisation's own AGW via the user's browser. This is done using the URL transferred to HIN by the AGW during registration (see 0). The AGW identifies the registered active directory user and transfers him to the HIN data centre. HIN operates a central database that contains the link between the active directory login and the HIN identity. When a request is received from an active directory login that is stored in the database, the HIN identity is retrieved and reused. Single sign-on is thus complete.