CIS1 Authentication (Spine Security Broker)
Verify the identity of healthcare workers in England, such as NHS staff, using the Spine Security Broker (SSB) component of Care Identity Service (CIS). CIS provides sign-on across local and national digital services using physical and virtual smartcards.
This integration is in production but deprecated. For details, see API status.
Overview
Use this integration to verify the identity of healthcare workers in England, such as NHS staff. It provides a sign-on capability across local and national digital services using physical and virtual smartcards.
This integration is also known as the Spine Security Broker (SSB), and is part of Care Identity Service (CIS).
You can:
- access the Identity Server which serves up SSO Tokens and manages the sessions for users who have been successfully authenticated
- access the Identity Agent on the end user's workstation, which mediates the authentication transaction and serves subsequent user information on demand as part of the application's authorisation process
- access the Client Signing Interface, which provides client-side digital signing functions for the purposes of Content Commitment. This interface primarily uses cryptographic functions that execute on a user’s smart card.
Users can only be authenticated if they are formally registered on the Spine. This includes creating a user profile, stored in the Spine Directory Service (SDS), containing the user’s roles and other information that the Registration Authority or Service deems necessary to make appropriate data access decisions.
This authentication service makes use of smartcards to provide strong authentication for health care workers to control access to national services. It is being replaced by CIS2 Authentication which provides additional authentication methods for scenarios where a smartcard might not be preferred or appropriate.
This integration is described fully in the Spine External Interface Specification (EIS). Part 6 has the overview and part 7 the formal API specifications. These are a set of Word documents that provide system developers - architects, designers and builders - with the necessary information to connect to Spine national services.
Who can use this integration
This integration can only be used where there is a legal basis to do so. Make sure you have a valid use case before you go too far with your development.
You must have made this request before you can go live (see 'Onboarding' below).
Status
This integration is in production but deprecated. For details, see Deprecation notice: CIS1 Authentication.
If you are developing a new integration, we strongly recommend using CIS2 Authentication instead.
If you have any concerns, contact us.
Service level
This integration is a platinum service, meaning:
- it is operational and supported 24 hours a day, 365 days a year
- it has an availability of 99.9% in supported hours
For more details, see service levels.
Technology
This integration includes:
- a SOAP API
- various software components that must be installed on the client device
- user interface elements that are launched by the client-side software components
This integration can only be used on Windows devices and only with a limited set of browsers, as explained in the Warrantied Environments Specification (WES).
Network access
You need an HSCN connection to use this integration. This is because the client-side Identity Agent component requires HSCN to talk to its server-side counterparts.
For a similar integration that is available on the internet, consider CIS2 Authentication.
For more details, see Network access for APIs.
Environments and testing
You can test this integration using our Path to Live environments.
Onboarding
You must get your software onboarded before it can go live.
Contact us before onboarding with this integration. It uses the Common Assurance Process (CAP) which is tailored for each NHS service.
Interactions
For a full list of interactions for this integration, see the Spine External Interface Specification (EIS), specifically:
Last edited: 28 May 2025 2:04 pm