NHS Smartcard Connect

Version 3.x of NHS Credential Management includes a new authentication client, Smartcard Connect, which is designed to allow smartcards to be used with the CIS2 authentication service.

It also includes all the previous functionality of older versions of NHS Credential Management, specifically the functionality that allows Spine applications to work without requiring Java applets. This allows them to be used in modern browsers such as Edge, Chrome and Firefox instead of Internet Explorer or Edge in IE compatibility mode. 

NHS Credential Management with Smartcard Connect is no longer installed alongside the legacy NHS Identity Agent. Users of Internet Explorer and Edge in IE compatibility mode will no longer be able to use Java applets to talk to the legacy Identity Agent as they used to in the past. 

What is Smartcard Connect?

With Smartcard Connect:

• you’ll no longer need to keep your smartcard inserted all the time
• when you access an application or resource, you’ll be prompted to insert your smartcard and enter your passcode
• once authenticated, you can remove your card until the next time you need access

Previously, our legacy Identity Agent required your smartcard to stay inserted in your machine to maintain the session allowing access to Spine and third-party applications. With our new authentication client, you only need your smartcard at the point of access, making things simpler, faster, and more flexible.

Important considerations

Smartcard Connect:

• works with Oberthur (series 8) smartcards, Idemia series 9 smartcards and will work with series 10 smartcards when they become available
• does not work with any of the legacy Gemalto smartcards (series 4, 5 and 6)
• only allows access to Spine applications that have been rewritten to use Open ID Connect and integrate with CIS2
• should not be installed on a machine until all Spine applications used on that machine are compatible with the CIS2 method of authentication

Operating systems

NHS Credential Management requires a Windows operating system from the list stated below (other operating systems may work but are not warranted).

The following operating systems are warranted for use:

• Windows 10 (x64) – excluding Windows 10 (x64) – IOT
• Windows 11

Download the latest Warranted Environment Specification (WES).

Other components

Environments

This version of NHS Credential Management with Smartcard Connect supports CMS (Card Management Services) operations in other environments such as Citrix/VDI/Terminal Services.

It also supports the use of EPS (Electronic Prescription Signing) via DSS (Digital Signing Service) only.

Browser compatibility

Below is the list of supported browsers for NHS Credential Management:

• Chrome
• Edge

NHS Credential Management does NOT work with Internet Explorer or Edge in IE compatibility mode. Anyone wishing to continue using Internet Explorer must continue using Java applets, the legacy Identity Agent and previous versions of NHS Credential Management (for applications that run in browsers other than IE). 

NHS Credential Management does NOT work with the old pre Chromium versions of Edge. The new version of Edge based on the Chromium engine released after 15 Jan 2020 is supported.

NHS Credential Management should work with most other modern browsers, although these have undergone less testing and so are not officially supported.

Download NHS Credential Management v3.10.9.0.

Downloaded file 

• SHA1 - 9418FD3D706F559492D650ED7EC191115B0DADAA 
• MD5 - 88267DB1E6C183A3EF597A85EACF5236 

Program Executables 

Smartcard Connect 

• .exe Name - NHSD.IdentityAgent.exe 
• SHA1 - 999BD5F04663BC270C1EF81BE981525F850732CA 
• MD5 - 54F71DC4C7531EE0828EC473FD2AEBE5 

NHS Credential Management 

• .exe Name - NHSHub.UI.exe 
• SHA1 - 6752FB8E64DFD4A798866AD6BD384B029C8849B2 
• MD5 - 83BDC104E8B84996D6CF564A010009D0 

1. Download the Installer: 

• Visit the download section. 

• Download the installer file. 

2. Run the installer: 

• Navigate to the location where the installer file was downloaded. 

• Double-click the installer file to start the installation process. 

3. Follow the on-screen instructions: 

• The installer will open a setup wizard. 

• Follow the prompts, which typically include agreeing to the terms and conditions, choosing the installation directory and, if applicable, selecting additional features or components to install. 

4. Complete the installation

• Once you've made your selections, click the Install button to begin the installation. 

• Wait for the installation process to complete. This may take a few minutes depending on the application size and your system's performance. 

5. Launch the application

• After the installation is complete, you can find NHS Credential Management and Smartcard Connect under NHS in the Start Menu. 

• Click on the application icon to open and start using it. 

Silent installation 

The NHS Credential Management with Smartcard Connect supports silent installation using standard deployment tools that recognise .msi packages. Alternatively, you can use the following command line for script-based installation: 

%SystemRoot%\System32\msiexec.exe /i "NHS.CredentialManagement.Setup-3.10.9.0.msi" /qn

Software will be installed in the following locations: 

• C:\Program Files (x86)\NHS\NHS Credential Management 

• C:\Program Files (x86)\NHS\NHS Port Service 

• C:\Program Files (x86)\NHS\NHS Smartcard Connect

NHS Port Service 

As part of the installation, the NHS Port Service will be installed on a machine and will automatically start. 

This service is required for NHS Credential Management to function correctly and should not be stopped or barred from executing. 

Middleware

Oberthur middleware is a mandatory installation for everyone using series 8 smartcards with this version of NHS Credential Management.

Gemalto middleware is not required, but you should not uninstall it if you already have it.

NHS Identity Agent

You no longer need a separate installation of NHS Identity Agent. Having NHS Identity Agent installed separately may cause this version of NHS Credential Management to fail and we strongly recommend you uninstall all versions of NHS Identity Agent before installing this version of NHS Credential Management.

It is strongly recommended that you uninstall any previous versions of NHS Credential Management and the legacy NHS Identity Agent before beginning any new installation. No other programs are removed as part of this process.

Note: earlier releases of NHS Credential Management (during 2020) had a different name: NHS Identity Hub.

These steps apply to any version of the NHS Identity Agent and NHS Credential Management.

Uninstall via Control Panel

1. Open the Control Panel

• Press the Windows key + S and type Control Panel. 

• Select Control Panel from the search results. 

2. Navigate to Programs and Features

• In the Control Panel, click on Programs. 

• Click on Programs and Features. 

3. Find the application to uninstall

• Scroll through the list of installed programs to find the application you want to uninstall. 

4. Uninstall the application

• Select the application from the list. 

• Click on Uninstall at the top of the list. 

• Follow the prompts to complete the uninstallation process. 

Uninstall via Settings

1. Open Settings

• Press the Windows key + I to open Settings. 

• Go to Apps > Apps & features. 

2. Find the application to uninstall

• Scroll through the list of installed applications to find the one you want to uninstall. 

• Alternatively, you can use the search bar to quickly locate the application. 

3. Uninstall the application

• Click on the application. 

• Click on Uninstall and follow the prompts to complete the uninstallation process. 

Uninstall using Command Prompt

1. Open Command Prompt as administrator

• Press Windows key + X and select Command Prompt (Admin). 

2. Use WMIC to uninstall

• Type the following command to list all installed applications: 

Cmd - wmic product get name

• Find the name of the application you want to uninstall. 

• Type the following command to uninstall the application: 

cmd 

wmic product where "name='Your Application Name'" call uninstall 

(Replace Your Application Name with the actual name of the application.)

Launch 

Once NHS Credential Management with Smartcard Connect has been installed, an icon will be placed in the Programs list under NHS area of the Start Menu.  

NHS Credential Management and NHS Smartcard Connect do not automatically start after installation but will automatically start on a subsequent user login or machine restart. 

Close 

An icon will be visible in the system tray when the applications are running. The programs can be closed by right clicking the chosen icon and selecting Close. Right clicking and selecting Status will show the currently installed version. 

Log paths 

NHS Credential Management logs can be found under the path:

C:\Users\{username}\AppData\Local\NHS\NHS Credential Management

The NHS Port Service logs can be found under the path:

C:\ProgramData\NHS\NHS Port Service

Smartcard Connect logs can be found under the path:

C:\Users\{username}\AppData\Local\NHS\NHS Smartcard Connect

Internet Options settings

To ensure Windows is configured correctly, follow these steps: 

1. Open Control Panel and navigate to: 

   • Internet Options > Security > Local Intranet > Sites 

(You can also search for "Internet Options" in the Start menu to access this setting.) 

2. In the Internet Properties window, select the Local intranet tab, then click on the Sites button. 

   • Internet Properties - Local Intranet: 

     • Ensure the following settings in the Local intranet dialog: 

       • Automatically detect intranet network: Unticked 

       • The following options should be checked: 

         • Include all local (intranet) sites not listed in other zones 

         • Include all sites that bypass the proxy server 

         • Include all network paths (UNCs) 

If these settings match the above configuration, no further changes are required for NHS Credential Management to function properly. 

Group Policy settings

Certain group policy settings in Chrome and Edge can block NHS Credential Management from working as expected. If this happens, you will see the following generic error:

NHS Credential Management Error: Not Installed or Running 

While there are other possible reasons for this error, if NHS Credential Management and the NHS Port Service are running and functionality works in one browser (such as Edge) but not in another (such as Chrome), it's worth examining the group policy settings. 

Note: changes to group policy settings must be made by your local IT team.

Cookie settings

Incorrect cookie settings in Chrome and Edge can also block NHS Credential Management. To function correctly, the browser must allow cookies for localhost.

Registry settings

The Smartcard Connect client reads settings from three separate areas of the registry.  The locations have different purposes, and this is reflected in the order in which they are prioritised. The priority order is controlled by Windows. 

1. Set by Group Policy

These settings will be applied by group policy. System administrators can create their own template(s) from the registry setting information provided in this document for policy rollout if required.  These settings will always take precedence. 

2. All Users (Local Machine)

These settings are machine-wide and will apply to any user who logs in to the system. The settings will remain machine specific, meaning that a user will always adopt these in preference to user settings. 

3. Current User

These settings apply only to the current logged in user and will persist with the user profile. If the user has a roaming profile, then the settings will travel with the user between machines. 

The Smartcard Connect process runs as a 32-bit process regardless of whether the operating system is 32-bit or 64-bit.  

64-bit operating system:

Authentication and common settings 

Registry keys

Get help with the most common issues with all versions of NHS Credential Management.