Skip to main content

Act now to avoid losing access to Directory of Services (DOS)

As of 4 August 2025, NHS England has changed how users access the Directory of Services (DoS). To access DoS, users must now have their active Care Identity linked to their DoS account.

Page contents

Care Identity (CIS2) authentication is now live in DoS

Care Identity (CIS2) authentication is now live in DoS

To access DoS, users must now have their active Care Identity linked to their DoS account. If you have not linked your active Care Identity to your DoS account, you must follow the instructions below immediately.

If you have already linked your active Care Identity to your DoS account, or if you are an API user, no further action is required.

Actions for DoS users

Switch to using Care Identity authentication

1. Request your own DoS account

If you already have your own DoS account, go to Step 2. If you do not have an individual DoS account, Step 2 can be completed in parallel with Step 1.

How to request your own DoS account

If you are using a shared account, you must request your own DoS account. Shared accounts are no longer supported. 

When requesting your account, use the "Tell us why you need access to NHS Directory of Services" field and include the following information: 

  • your organisation name
  • your full hospital name, unit and location (if applicable)
  • the text “I currently use the following shared username (for example,  exampletrust123) and require an individual username for MFA readiness.” 

Make sure you replace the example with your actual shared username. Do not type or paste the word “username” as this will delay your request. Omitting any of this required information may result in delays or a rejection of your application. 

After submitting your request, you will receive an email from [email protected] with the subject line: “Action required: Complete the setup of your Directory of Services (DoS) account”.

Check your inbox and junk or spam folders for this email. You must then follow instructions in the email and complete any actions.

2. Set up or reactivate your Care Identity (CIS2) authentication

If you already have your own DoS account and an active Care Identity, go to Step 3.

How to set up or reactivate your Care Identity (CIS2) authentication

You must contact your organisation's local registration authority (RA) to apply for a Care Identity or to reactivate an existing one.

If you need additional help finding your local Registration Authority (RA), contact your hospital or organisations' IT helpdesk.

Your RA will create a ‘Directory of Services’ position for you locally. This position must include the following parameters:

  • Role R8008, admin or clinical support access role 
  • Activity B0166, Directory of Service User Interface (UI) Access

Acceptable authentication methods are: 

  • NHS Smartcard - Health & Social Care Network (HSCN) and internet
  • Windows Hello
  • iPad
  • security key
  • Microsoft Authenticator
  • NHS.net Connect
  • passkeys 

For help with applying for a Care Identity, view Support with Applying for my Care ID.

3. Link your Care Identity to your DoS account

As of 4 August 2025, only users who have linked their Care Identity to their DoS account can access the Directory of Services (DoS).

How to link your Care Identity to your DoS account

Follow the guidance on how to link your Care Identity to your DoS account.

Once you link your Care ID, you will be able to log in to DoS with a smartcard or other approved authentication method.

Update your contact details in DoS

All DoS users must have a valid, up-to-date, accessible work email address and a work mobile phone number associated to their DoS account.

How to update your email address and phone number
  1. Log in to your DoS account.
  2. Select Account in the top right corner.
  3. Under My Account Details, check the Email ID box.
    1. If the email address shown is incorrect or a shared email account, replace it with your email address. We recommend you use your work email address.
  4. Under My Account Details, check the Work Phone Number box.
    1. If the phone number shown is incorrect or is a landline number, replace it with a valid mobile number. We recommend you use your work mobile number.
  5. Select Save at the bottom of the page.

Actions for local RAs to prepare for UEC deployment

Local registration authorities (RAs) must take the following actions to get ready for urgent emergency care (UEC) DoS deployment.

Decide on your access profile configuration by choosing an option

Option 1 - create and assign a position based access control (PBAC) position

We recommend this option to users who do not have any existing positions in Care Identity Management.

To enable users to access the UEC DoS application, local registration authorities must create and assign a new position or add B0166 to an existing position.

The new position must be titled UEC Directory of Services, and must be created under your own organisation’s ODS code containing the following RBAC attributes:

  • role R8008 Admin or Clinical Access Role
  • activity B0166 UEC Directory of Service UI Access

 

Option 2 - add B0166 to an existing position

Alternatively, RAs can add activity code B0166 to an existing position under their organisation using the Modify Position option. There are no limitations on role code in this option, meaning this option may best suit users who also access other Spine applications.

Decide and approve the authentication method

Users who have created a Care Identity will receive notification of their approved NHS authentication method. Registration authority teams can bind any of the below authenticator options:

  • NHS smartcard - Health and Social Care Network (HSCN) and internet
  • Windows Hello
  • iPad
  • security key
  • Microsoft Authenticator
  • NHS.net Connect 
  • passkeys

Find more information on issuing authenticators as an RA.

Process Care Identity requests for DoS users who do not already have a Care Identity

Registration authorities can register users in Apply for Care ID or Care Identity Management, either directly or using the Electronic Staff Record (ESR) link and issue an authenticator.

Registration authorities must assign a new or existing position to the user profile(s) as per the information provided under Decide your access profile configuration by choosing an option, that details options 1 and 2.

Amend the Care Identity profile for DoS users who already have a Care Identity

Registration authorities must ensure that users have an authorised, active, NHS authenticating method.

Actions for RAs to support these changes

To enable this critical change, RAs must ensure their agents are aware that an approved authentication method is required to access the DoS.

Acceptable authentication methods are:

  • NHS smartcard - Health and Social Care Network (HSCN) and internet
  • Windows Hello
  • iPad
  • security key
  • Microsoft Authenticator
  • NHS.net Connect 
  • passkeys

Find more information on issuing authenticators as an RA.

Registration authorities must also process: 

  • authenticator requests for DoS users who do not have an approved authentication method 
  • requests for the DoS application access position to be added to existing users who already have an appropriate authentication method in place

Actions for local IT teams

Directory of Services (DoS) users must now log in using their local authentication method and Care Identity credentials. As of 4 August 2025, the previous username and password login method is no longer supported.

Local IT teams must ensure that devices are set up according to requirements for the authentication option selected. See NHS CIS2 Authentication - authenticator options for more information.

For smartcard access, see guidance for configuring NHS identity to work with NHS smartcards.

Actions for DoS user administrators

All users of the DoS UI must use Care Identity with an appropriate authentication method to login to DoS. This login method has replaced the previous username and password login process.

Replacing shared account accounts with individual accounts

Directory of Services now uses multi-factor authentication (MFA). All logins to DoS must be via an individual account.

If you currently manage DoS users who access DoS using shared accounts (accounts used by multiple users), action must be taken.

All users accessing DoS using a shared account, must request an individual account.

Users will then be asked to link their Care Identity and validate their authentication option.

Authorisation of the DoS account will happen in the same way. The user will validate their email, and you, as the administrator, will authorise access as appropriate.

Once a DoS account is authorised and active, users will be able to use their Care Identity login to access DoS.

Actions for DoS leads

You must now use your Care Identity with your chosen authentication method to log in to DoS. This has replaced the previous username and password login process via the DoS log in page.

Why Care Identity authentication has been implemented

Care Identity authentication provides a secure and reliable way to access sensitive information. It enables:

  • logging in with a variety of additional authentication methods
  • a single login across multiple systems, meaning there is no need to remember multiple logins and passwords

Get help

For support:

  • use the Service Now Portal (preferred option). Type ‘MFA-DoS -’ followed by your own text in the ‘Short description’ field, or
  • call 0300 303 5035 (for urgent queries)

Last edited: 6 August 2025 12:34 pm