NHS Identity Agent

NHS Identity Agent is installed on every Windows device in a hospital, GP surgery, or other organisation where a where a smartcard is being used to authenticate into Spine services. It is one of a suite of essential, installable components that reside on the smartcard user's device.

The purpose of NHS Identity Agent is to: 

• communicate to Smartcard readers to verify that the current user has a valid smartcard and knows their passcode
• obtain an access token that can be used by applications on the users’ behalf to access Spine services
• present a Role Selection Menu so that the user can choose which of their associated roles should be used in their current activities

The NHS Identity Agent is required when using a smartcard with CIS1 or CIS2 Authentication. 

Below, you’ll find all relevant versions and release notes for the NHS Identity Agent that we recommend and support.

NHS Identity Agent v2.4.6.0 - recommended 

Download NHS Identity Agent v2.4.6.0.

Downloaded file:

• SHA1 - 42877989004B4E36B39E277F9115C0EB7AD9DA70 
• MD5 - 3B2E8127FF85440214EE4610A2E40656 

Program executable:

• .exe Name - IdentityAgent.exe 
• SHA1 - cb7126bf0230c6b76b34dd9a06fa156983b5906b 
• MD5 - b1c5094eff2ea0d1ab525dd97d472183

NHS Identity Agent v2.4.5.0 - supported

Download NHS Identity Agent v2.4.5.0.

Downloaded file:

• SHA1 - 8F94796B9D1D321A25991CA2922AB79BF0DC2997 
• MD5 - 08BEE9D6CF4809F9A2CE78B740F8C5CD 

Program executable:

• .exe Name - IdentityAgent.exe 
• SHA1 - a41574fd88b77b254cf6f94c8610c5ab813cc17b 
• MD5 - 66cc62d66dd3b1b281b924f47bcd379a 

Installation instructions 

1. Download the installer

• Go to the Download NHS Identity Agent section. 

• Download the installer file. 

2. Run the installer

• Navigate to the location where the installer file was downloaded. 

• Double-click the installer file to start the installation process. 

3. Follow the on-screen instructions

• The installer will open a setup wizard. 

• Follow the prompts, which typically include agreeing to the terms and conditions, choosing the installation directory, and, if applicable, selecting additional features or components to install. 

4. Complete the installation

• Once you've made your selections, click the Install button to begin the installation. 

• Wait for the installation process to complete. This may take a few minutes depending on the application size and your system's performance. 

5. Launch the application

• After the installation is complete, you can find the application in the Start Menu or on your desktop. 

• Click on the application icon to open and start using it.

Silent installation

The NHS identity Agent supports silent installation using standard deployment tools that recognise .msi packages. Alternatively, you can use the following command line for script-based installation: 

%SystemRoot%\System32\msiexec.exe /i "NHS-England-Identity-Agent-2.4.6.0.msi" /qn 

Installation location

Software will be installed in: 

• C:\Program Files (x86)\HSCIC\Identity Agent 

Uninstall via Control Panel

1. Open the Control Panel

• Press the Windows key + S and type Control Panel. 

• Select Control Panel from the search results. 

2. Navigate to Programs and Features

• In the Control Panel, click on Programs. 

• Click on Programs and Features. 

3. Uninstall the application

• Scroll through the list of installed programs to find the version of NHS Identity Agent you want to uninstall. 

• Select the application from the list. 

• Click on Uninstall at the top of the list. 

• Follow the prompts to complete the uninstallation process. 

Uninstall via Settings

1. Find the application to uninstall

• Press the Windows key + I to open Settings. 

• Go to Apps > Installed apps.

• Scroll through the list of installed applications to find the version of NHS Identity Agent you want to uninstall. 

• Alternatively, you can use the search bar to quickly locate the application. 

2. Uninstall the application

• Click on the application. 

• Click on Uninstall and follow the prompts to complete the uninstallation process. 

Uninstall using Command Prompt 

1. Open Command Prompt as administrator

• Press the Windows key + R on your keyboard.
• In the Run dialog box, type “cmd” into the field and then press Ctrl + Shift + Enter. This will open Command Prompt with administrative privileges.

2. Use WMIC to uninstall

• Type the following command to list all installed applications: wmic product get name

• Find the name of the application you want to uninstall. 

• Type the following command to uninstall the application (replace your application name with the actual name of the application: wmic product where "name='your application name'" call uninstall

Additional files and folders to remove, if present

Delete these directories (if present):

• C:\Program Files\Gemalto\GAC

• C:\Program Files (x86)\Gemalto\GAC

Delete these files (if present):

• C:\Program Files\java\installed version of jre\lib\ext\TicketAPDLL.dll

• C:\Program Files (x86)\java\installed version of jre\lib\ext\TicketAPDLL.dll

To complete uninstallation

When you have finished the steps above you should reboot your machine.

Launch the program 

Once the Identity Agent has been installed, an icon will appear in the Start Menu under Programs > NHS Identity Agent. On Windows 10 and 11 devices, an icon will also be available in the Apps screen. 

NHS Identity Agent does not automatically start after installation but will automatically start on a subsequent user login or machine restart. 

System tray notifications  

The Identity Agent uses the System Tray notification area to pop-up information regarding status changes and other notifications for the application. If no notifications are provided, this may be resolved by opening Control Panel and selecting ‘Notification Area Icons’ and changing the drop-down for NHS England Identity Agent  “Show icons and notifications”.   

In Windows, open Settings (the cog icon), System, Notifications and Actions and turn the toggle to On for NHS England Identity Agent 

Close the program 

An icon will be visible in the system tray when NHS Identity Agent is running. The program can be closed by right clicking on this icon and selecting Close. Right clicking and selecting Status will show the currently installed version. 

Log path 

NHS Identity Agent log can be found under the path: 

C:\Users\{username}\AppData\Local\HSCIC\Identity Agent\Default.log

Note: if you have a log file with the name 'default0', this is an archived log that has exceeded the line threshold.

Silent installation

NHS Identity Agent supports a silent installation using standard deployment toolsets that recognise .msi packages, or if installing via a script the following command line can be used:

%SystemRoot%\System32\msiexec.exe /i "xxxxxx" /qn

Registry changes

A number of registry changes may be needed, which must be adjusted for each organisation or template. On a new Identity Agent installation, there will be no registry entries created in the registry locations described further down in this document. The user will need to manually create the sub trees in the registry before first use. 

Our simple-to-use IA Registry Editor Tool can be used to quickly update registry setting to switch between environments. Please note, this tool requires Admin rights to update the registry. 

Download the IA Registry Editor Tool.

Note

These applications are hosted on the DIR downloads page. To access this site, you must have a secure NHS HSCN Connection. If for example, you are using a personal laptop, or not connected via VPN when working from home, this will be the reason you see a blank page or page not found error.

Read guidance on IA configuration and registry settings.

If you have any problems with your installation, go to our guidance on troubleshooting NHS Identity Agent.

How to set up a smartcard user workstation

How to set up a Registration Authority workstation