SystmOne single sign-on

A professional with a PKB account can access a patient’s PKB record directly from SystmOne, without signing-in each time, by using this single sign-on functionality.

To set this up, a URL is created in SystmOne by someone with a team coordinator account in PKB and then that URL will be available for all professionals in the practice to use.

Each professional will have their own unique credentials which they can enter the first time they use the functionality in order to set-up their connection.

After that, a professional will not need to sign-in to PKB again when accessing it from SystmOne.

This page has the following sections:

  1. Coordinator and organisations administrator instructions
  2. Professional instructions
  3. Common questions

How do I set-up single sign-on for my practice?

A URL only needs to be set-up once. Once it’s been published all users that it has been published for will be able to find the URL.

The URL is not tied to the team that generated it, it can be used in any practice that it has been published for.

These are the steps to set up the URL:

1. Generate URL credentials in PKB

  1. Log in to PKB as a coordinator or an organisation administrator.
  2. Click on the ‘Connected Systems’ tab
  3. Click on the ‘Set-up SystmOne single sign-on URL’ button.

4. You will land on a page showing the credentials needed to configure single sign-on in SystmOne.

5. You will need to use these credentials when setting up the URL in SystmOne so keep the PKB tab open.

2. Create the single sign on URL in SystmOne

1. In SystmOne, open the URL configuration tool by navigating to: Setup > Users & Policy > URL & Program Maintenance.

2. Select 'New URL' .

3. When asked if you want to create a URL or program, choose URL.

4. Enter a name: Patients Know Best.

5. Enter a description: 'Patients Know Best single sign-on'.

3. Add fields to the URL

  1. Delete the first text field that is created automatically “https:\\”
  2. Click ‘Add Field’ and select a ‘Text’ field. Copy and paste your single sign on ‘URL prefix' from PKB.
  3. Click ‘Add Field’ and select a Text field. Add this text: &content=
  4. Click ‘Add Field’ and select a ‘Text’ field. Add this text: username=
  5. Click 'Add Field' and select ‘Username’.
  6. Click 'Add Field' and select a ‘Text’ field. Add this text: &nhsnumber=
  7. Click 'Add Field' and select ‘Patient NHS number’ and select ‘without spaces’.
  8. Click 'Add Field' and select a ‘Text’ field. Add this text: &timestamp=
  9. Click 'Add Field' and select ‘Timestamp’. A format pop-up will appear. Don’t change the ’Format’ dropdown and for ‘Timezone’ choose ‘UTC’.
  10. Click ‘Add Field’ and select a ‘Text’ field. Add this text: &password=
  11. Click 'Add Field' and select ‘Password’.

4. Make sure the URL is secure

  1. Choose a browser. Default Browser won’t work.
  2. Tick the 'Private browsing mode' checkbox
  3. Tick the ‘Encrypt parameters’ checkbox.
  4. Copy and paste the ‘Key’ from PKB into the ‘Key’ field in SystmOne.
  5. Copy and paste the ‘IV’ from PKB into the ‘IV’ field in SystmOne.
  6. Don’t tick ‘Encrypted’ for the first two URL fields: the URL prefix, '&content='
  7. Do tick ‘Encrypted’ for each of the remaining eight fields.
  8. Click ‘Ok’ to finish.

5. Publish the URL

  1. Find 'Patients Know Best' in the list of 'Available URLs & Programs' and select it.
  2. Right-click on the URL and select 'Publish URL'.
  3. Select the publish option you want and click 'Ok'. ‘Publish locally’ will publish for your practice only.

6. Add the URL to the SystmOne toolbar

  1. The PKB URL needs to be added to your practice so that it’s available to all professionals at the practice.
  2. Even if the URL was not published by your practice, your practice needs to add it to the toolbar as it will not be there automatically.

How do I set-up single sign-on as a professional?

As a professional you can access your patients in PKB from SystmOne by generating unique credentials for single sign-on from your PKB account.

These are the steps to generate your credentials and start to use single sign-on to PKB.

1. Generate single sign on credentials in PKB

  1. If you do not have a PKB account, your team coordinator will be able to invite you to register.
  2. Log in to PKB from your web browser. Make sure you log in to the team that you want to set-up single sign-on for.
  3. Go to ‘My account’ at the top of the screen.

4. Go to the ‘Generate credentials’ tab.

5. Click on the button that says ‘Generate SystmOne credentials’.

6. You will land on a page showing your unique credentials.

7. You will need to use these credentials in SystmOne so keep the PKB tab open during set-up.

2. Set-up single sign-on in SystmOne

  1. Your team coordinator needs to set up the URL for your practice before you can use single sign-on to log onto PKB from SystmOne.
  2. Once set up, each practice needs to add this to the SystmOne toolbar.
  3. Go to a patient's record.
  4. Click on the PKB URL icon on your toolbar.
  5. You will be asked for your username.
  6. Copy and paste the username you generated from PKB.
  7. Select ‘Store this value for next time’.
  8. Click ‘Ok’.
  9. Another pop-up will appear and you will be asked to enter your password.
  10. Copy and paste the password you generated from PKB.
  11. Select ‘Store this value for next time’.
  12. Click ‘Ok’.

How do I use single sign-on to access PKB?

  1. Go to a patient’s record.
  2. When in the patient’s record, click on the PKB icon in the toolbar.
  3. PKB will launch in a new window with the patient in context.

Common questions

URL set-up


1. Can I amend the PKB URL in SystmOne?

We don’t recommend amending the PKB URL in SystmOne unless it was set-up incorrectly. If you amend the URL it will be changed for every practice it was published for.

If the URL is amended, professionals won’t need to generate new credentials again but the URL won’t work if the fields don’t match what is expected.


2. Can I delete the PKB URL in SystmOne?

If you delete the PKB URL in SystmOne it will be deleted for all practices where it is published. Professionals will need to generate new credentials if the URL is published again.


3. Why do I need to use private browsing when setting up the URL?

Using private browsing is essential because it prevents PKB URLs from appearing in your browser history. This gives additional security to the single sign-on functionality.


4. What happens if I, or another coordinator in my organisation, clicks on the ‘Set-up SystmOne single sign-on URL’ button after I have set-up the URL?

Clicking on the button again won't invalidate an existing URL that you have set up.


Professional single sign-on set-up


1. What happens if I generate new credentials for a team in PKB after setting up my single sign-on connection?

If a professional generates new credentials for a team in PKB, the existing credentials will stop working. You will need to update your credentials in SystmOne.

You can only have one set of active credentials for a PKB team at a time. Generating credentials for PKB team won't invalidate the credentials you generated for other PKB teams.


2. How do I change my credentials in SystmOne?

If you need to change your credentials in SystmOne:

  1. Select User>User Preferences from the Main Menu.
  2. Select the ‘URLs & Programs’ node from the Clinical tree. This shows the stored user names, passwords and account numbers that have been entered via the URLS & Programs functionality.
  3. Find the PKB URL.
  4. Edit/delete the username and password.


3. I am a professional on multiple PKB teams, can I switch teams when I access a patient using single sign-on?

At the moment you can only access one team using single sign-on. You will need to choose the team you want to set up single sign-on for and generate credentials for that team in PKB. This is done by making sure that you generate credentials when logged into the right team in PKB.

If you have multiple roles in SystmOne, you can connect those roles to different teams in PKB by generating credentials for the corresponding team in PKB and adding those in SystmOne when prompted.

If you want to connect multiple roles in SystmOne to one team in PKB, then you'll need to generate credentials for that team in PKB and then use those same credentials in each SystmOne role.


Using single sign-on from PKB


1. Can I access patients without NHS numbers from SystmOne?

No, single sign-on only works for patients with NHS numbers in SystmOne.


2. Why is the patient banner different when using single sign-on?

The patient banner is shown on the top right of the screen.

Our wide patient banner is not compatible with using PKB via single sign-on. We will support this in the future.


3. Is there anything else I can’t do when using single sign-on, as opposed to logging in via my browser?

The following are not possible when accessing a patient using single sign-on:

  1. Viewing the timeline. This functionality is not currently supported but will be in the future.
  2. Switching team. The team selector is not accessible when logged in using single sign-on. We will add this functionality in the future.
  3. Accepting invitations. If you are invited to a new PKB team then you will need to click on the link from your email and log in to PKB to be able to accept the invitation.