Users
Using this interface you can maintain the RoQua user accounts. We have two types of account: admin users and EPR users.
Admin-users
Admin users have access to the admin panel of RoQua. These accounts work on the basis of an email address, and one account can be linked to multiple organizations.
Login
Authentication is, by default, based on email address, password and a temporary code generated by an authenticator app on a mobile phone.
Occasionally users will lose access to their authenticator app and no longer be able to log in. In that case another admin user can reset their security settings with the "Remove MFA" button.
Take great care to avoid phishing attacks: when an attacker has learned a user's password, their next step will be to try to convince an admin to remove the MFA configuration. It is therefore of the utmost importance to verify any request to do so independently. You cannot rely on the from address of an email, which is trivially easy to forge.
Alternatively, we can also use an Azure AD connection or other OAuth provider to log in. In that case the user can log in with your organization wide credentials without having to maintain a password on our end. Another benefit of this is that when the employment relation ends and the account gets closed on your end, access will be automatically disabled on our end as well.
Rights
Every user has a set of rights per organization. Without any specifically assigned rights the user can log in but can only access the basic dashboard page.
EPR users
These accounts get generated automatically upon a user's first log in from your EPR system, and cannot be made in advance. After creation, their rights can be assigned.
Rights
- All rights: All of the rights below, and any rights we add in the future.
- Change completed answers: When clicking on a response in the timeline, at the top right there will be a "Customize Answer" button, which allows changing the item values of the response. This is meant to be used in case a patient specifically mentions having made an error in the completion of the response.
- Delete completed responses: When clicking on a response in the timeline, at the top right there will be a trash can icon, which allows removal of the completed response. This is meant to be used if a patient has accidentally received the log in token of a different respondent, or an employee accidentally worked in the wrong patient file.
These rights used to be provided by the "coordinator" user role. We have since removed the notion of roles and instead split up the rights into distinct check boxes. The coordinator role was essentially what the "all rights" option now provides.