Viewing as
FASTLOGIN · FOR ORG ADMINS

Provision a hospital. Audit it.

Stand up a FastLogin tenant in an afternoon. Bulk-enrol staff. Assign per-product entitlements. Read the audit chain. Suspend access in seconds when a clinician leaves.

Talk to usRead the docs
FastLogin tenants are the org-admin surface — a hospital, group, or HMO provisioning verified staff, scoped entitlements, and a hash-chained audit trail.
01 / 06

1 · Stand up your tenant

Sign in as the named admin contact for your organisation. We pre-create the tenant during the customer-onboarding call, with your hospital's name, registration number, and timezone (Africa/Lagos by default) configured. From there, you control the tenant: branding, support email, allowed-domain rules, MFA freshness window for clinical scopes.

Sign in to Fastclinic
One account for every product
Sign in with passkey
Use password instead
15-min access · 24-hr refresh · rotating tokens
fastlogin.fastclinic.xyz/login
02 / 06

2 · Add IT admins and roles

An organisation has more than one administrator. You add other IT staff as co-admins, and define roles below them — clinical lead, finance lead, front desk supervisor — each with the entitlements they actually need. Admin actions are rate-limited at sixty requests per minute per admin to keep an attacker who phishes one credential from blast-radiusing the entire tenant.

St. Martin's Specialist Hospital · Roster
Bulk-enrol staff
NameRoleMDCNLast sign-inStatus
Dr. Adaeze N.DoctorMDCN/R/1234509:14 · LagosActive
Dr. Tunde O.DoctorMDCN/R/22318YesterdayActive
Nurse Funmi A.NurseNMCN/N/5501208:50 · LagosActive
Mary EzeFront desk08:10 · LagosActive
Dr. Sade B.LocumMDCN/R/98412Last weekSuspended
Verified MDCN licences refresh weekly · After-hours access flagged for review
142 active
fastlogin.fastclinic.xyz/org/st-martins/roster
03 / 06

3 · Bulk-enrol clinical staff

Upload a CSV of staff with name, role, and licence number, or enter them one at a time. Each invited person gets the registration flow we already shipped, and KYC verification runs against their licence number. Until verification clears, their entitlements are pending — they can sign in to the tenant, but no clinical scopes are issued.

Verification status — Dr. Adaeze N.
MDCN · MDCN/R/12345NIN · 12345678901Liveness · Approved
  1. 09:14Identifier verified · email + phone OTP
  2. 09:15Identity created · Kratos session active
  3. 09:16Liveness selfie · single-frame · 99.9% match
  4. 09:18MDCN licence · MDCN/R/12345 · valid
  5. 09:18MFA enrolled · passkey + TOTP + backup codes

Verification artefacts retained for 7 years on Nigerian-region AWS, hash-chained per NDPA 2023 §25.

Approved
fastlogin.fastclinic.xyz/account/verification
04 / 06

4 · Assign per-product entitlements

The matrix shows your staff by row, the Fastclinic products by column. Cell values say what each person can do: Doorcta consultations, OneHealth read, OneHealth write, FastCredits spend, finance reconcile. Entitlements are typed (active, suspended, expired, revoked) and sourced (organisation-inherited or personal). One toggle suspends one cell; one row-level revoke exits a leaver from every product at once. The matrix is the source of truth, not a derived view — the cell value at the time a token is issued is exactly what Hydra encodes in the scope claim. There is no separate authorisation database to keep in sync. Your entitlement edit propagates to product-side enforcement in five minutes via the JWKS-aligned token-refresh window.

Entitlement matrix · who can use what
UserDoorctaOneHealthFastCredits
Dr. Adaeze N.Doctor · activeProvider · activeSpend · active
Dr. Tunde O.Doctor · activeProvider · activeSpend · active
Nurse Funmi A.Read-only · activeRead-only · active
Mary EzeFront desk · activeReconcile · active
Dr. Sade B.Doctor · suspendedProvider · suspended
organisation-inherited
personal entitlement
suspended (revocable)
5 users · 3 products
fastlogin.fastclinic.xyz/org/st-martins/entitlements
05 / 06

5 · Watch the audit

Every authentication, every entitlement change, every consent grant is in the org audit feed with IP, device, AAL, and timestamp. Africa/Lagos timezone, with after-hours sign-ins (outside 08:00–18:00) flagged for review automatically. You can filter, export, and reconcile against your HR records on a schedule. The chain is hash-linked; tampering is detectable end-to-end.

Authentication audit · last 24 hoursHash-chained · NDPA §25
WhenEventAALIP / Device
09:14:02user.registration_step_completedAAL2102.89.42.7 · Chrome · Lagos
09:14:48user.registration_advancedAAL2102.89.42.7 · Chrome · Lagos
09:15:31user.session.createdAAL2102.89.42.7 · Chrome · Lagos
13:42:09user.session.createdAAL241.220.11.88 · iOS · Abuja
19:08:11admin.registration_resetAAL210.0.4.12 · Chrome · ops
All AAL2After-hours: 1Africa/Lagos
7y retention
fastlogin.fastclinic.xyz/account/audit
06 / 06

6 · Revoke when someone leaves

When a clinician resigns, you revoke their entitlements row in seconds. Active sessions are killed; refresh tokens are invalidated; product-side caches refresh on the next JWKS poll within five minutes. The hash-chained audit records the revocation event. Their personal Fastclinic identity continues to exist; only the organisation's entitlements drop. Their old access at the org is forensically reconstructable from the chain forever.

Active sessions15-min access · 24h refresh · rotated
DeviceWhereLast seenAction
This device · Chrome 124 · macOSLagos · 102.89.42.7Now
iPhone 15 · SafariAbuja · 41.220.11.8812 min agoEnd session
Doorcta app · iOSLagos · 102.89.42.72 hours agoEnd session
All sessions AAL2
End all other sessions
3 active
fastlogin.fastclinic.xyz/account/sessions
What you get

Tenant-scoped admin with rate limits

Admin requests cap at sixty per minute per admin. Multiple admins per tenant. No single phished credential can reach the entire roster in a minute.

Bulk-enrol with KYC behind it

Upload staff in bulk, but each clinician still passes Didit liveness and licence verification before their clinical scopes ever issue. You don't trade safety for speed.

Per-product entitlement matrix

Doorcta, OneHealth, FastCredits as columns. Staff as rows. Cell-level grants, with sources flagged (org-inherited vs personal) and statuses typed.

Hash-chained, exportable audit

Africa/Lagos timezone, after-hours flagging built in, seven-year retention, daily WORM export. The audit isn't a feature you bolt on; it's the substrate.

Capabilities

Auth
  • Email + phone verification (OTP)
  • Passkey (WebAuthn / FIDO2)
  • TOTP authenticator app
  • Backup recovery codes (lookup_secret)
  • Password as fallback only
  • Session-bound CSRF on every flow
MFA / step-up
  • Phishing-resistant by default
  • AAL2 step-up before sensitive scopes
  • Per-device session listing + revoke
  • Configurable step-up freshness window
  • Hardware-key support (YubiKey / Titan)
KYC
  • Didit liveness (passive single-frame)
  • iBeta Level 1 PAD certified
  • MDCN licence verification (provider)
  • NIN verification (patient)
  • 3 retry attempts before terminal decline
  • 30-day Didit retention, 24-hour purge
OAuth2 / OIDC
  • 15-min access tokens
  • 24-hour refresh with rotation
  • JWKS · 5-min cache
  • Scope-limited consent screen
  • Authorization-code with PKCE
  • Client-credentials for service tokens
Audit
  • Hash-chained event log
  • 7-year retention
  • Daily export to WORM S3
  • Africa/Lagos timezone
  • After-hours flagging (08:00–18:00)
  • Per-IP and per-device columns
Compliance
  • NDPA 2023 §25 lawful basis
  • African data residency
  • Documented data-processing record
  • DSAR export pipeline
  • Cross-product consent ledger
  • Quarterly third-party pentest

Integrations

Fastclinic
Doorcta

Telehealth signs patients and doctors in via FastLogin. Consult start requires AAL2 within the last fifteen minutes. Doorcta never sees the user's password.

Fastclinic
OneHealth

Health-record access requires AAL2 plus an explicit scope on the consent screen. Provider identity is the MDCN-verified FastLogin identity — there is no separate clinical login.

Fastclinic
FastCredits

The shared credits ledger trusts FastLogin's identity for both individual and organisation accounts. Hold, capture, and refund actions all carry the FastLogin user ID and write to the same audit chain.

External
Ory Kratos

Open-source identity store. We run pinned releases and edit configuration at fastlogin/ory/kratos/. Container restarts are part of every config change.

External
Ory Hydra

Open-source OAuth2 / OIDC server. Tokens are signed with rotating keys; the public key set is cached by every relying party for five minutes. Hydra never sees user passwords.

External
Didit

External KYC processor for liveness, MDCN licence OCR, and NIN verification. Signed agreement under NDPA 2023; selfie data deleted after thirty days on Didit's side.

Compliance & safety

NDPA 2023 — lawful basis recorded

FastLogin processes personal data under contract, consent, legal obligation, and legitimate-interest bases per NDPA 2023 §25. Every dataset and processor is recorded in the data-processing record kept by the Fastclinic Limited data controller (RC 1919428).

NDPA 2023 (NDPC)
Audit log — 7-year hash chain, daily WORM export

Every authentication event is hashed into a Postgres-side chain. Tampering with any historical row breaks the chain. We export the chain daily to write-once-read-many S3 storage; the seven-year retention satisfies records-of-processing requirements.

African data residency

Identities, sessions, KYC artefacts, and audit logs are hosted in a Nigerian-region AWS account. Cross-border transfer is limited to the named Didit liveness flow under signed processor agreement.

Phishing-resistant MFA policy

Every FastLogin account holds both a passkey credential and a TOTP secret. Passkeys carry the phishing-resistance properties NIST 800-63 names as AAL2-eligible without an authenticator-app fallback. We require both factors so a lost device is recoverable.

NIST 800-63B
Token lifetimes — short by design

Access tokens last fifteen minutes. Refresh tokens last twenty-four hours and rotate on every use. JWKS caches expire every five minutes. Compromise windows are measured in minutes, not weeks.

Plain answers

Provision your hospital — keep the audit clean.

Stand up a FastLogin tenant for your organisation, bulk-enrol verified staff, assign entitlements per product, and read the hash-chained audit on demand.

Talk to onboardingRead the docs