01How long does it take to provision a hospital tenant?+
From signed paperwork to first clinician signed in: typically the same business day. The tenant is created during onboarding, the bulk-enrol CSV runs against Kratos in minutes, and KYC verifications complete asynchronously over the following hour. The bottleneck is licence-document quality, not our pipeline. We have shipped tenants for facilities ranging from twelve-clinician boutique clinics to three-hundred-clinician university teaching hospitals on the same code path; the per-tenant configuration only differs in MFA freshness, after-hours window, and brand asset set. We don't custom-fork the auth surface for any tenant.
02What happens to a staffer's identity when they leave?+
You revoke the organisation's entitlements; their personal Fastclinic identity continues to exist independently. They lose access to the org's products immediately; they keep access to anything they own personally — a personal FastCredits balance, for instance. The audit chain preserves the entitlement-revoked event with timestamp; you can prove they had access on day X and not on day Y.
03Can we enforce a stricter MFA policy for our tenant?+
Yes. The default policy is passkey plus TOTP plus an AAL2 freshness window of one hour for clinical scopes. You can shorten the freshness window — fifteen minutes, or zero, which forces a step-up on every record open — and you can require hardware-key passkeys (YubiKey or Google Titan) instead of platform passkeys for a defined role set. The settings live in the tenant admin console.
04How do we handle locums and visiting specialists?+
Invite their existing FastLogin identity to your tenant. They sign in with the credentials and MFA they already have; your tenant grants them an entitlement set scoped to the locum role, with whatever expiry you configure. When the locum stint ends, the entitlement expires automatically — no manual revoke required. The clinical record shows the session-by-session attribution.
05Where can we see who accessed what?+
The org audit feed shows every authentication and every entitlement-change event across the tenant. The OneHealth audit feed (separate UI, same chain) shows record-level access events with the FastLogin user ID. Both feeds export to CSV or to your SIEM by signed webhook. The chain is hash-linked; tampering shows up at verification time.
06What's the rate-limit story for our admin actions?+
Admin endpoints throttle at sixty requests per admin per minute by default. The threshold is per-admin, not per-tenant, so multiple admins acting concurrently aren't bottlenecked by each other. Bulk operations like CSV roster import bypass the per-request limit but trigger an audit event each. The trust page exposes the live thresholds.
07How do we get our regulator a clean compliance record?+
The data-processing record names every dataset, every processor, every lawful basis. It's exportable as a PDF on demand. The audit chain export gives the regulator forensic-grade authentication and access logs for the seven-year retention. The pentest history and incident-response runbook are linked from the trust page. We don't ask you to assemble a compliance binder.
08What if a clinician's identity is compromised at our hospital?+
You revoke their entitlements immediately and suspend their personal identity through the abuse-flag flow. The on-call from Fastclinic engages within fifteen minutes and walks through the active-sessions terminate, audit-chain export for forensic review, and per-product cache flush. If the breach involved a passkey, the new-device passkey enrolment is rate-limited and audit-logged so a re-attack is detectable.
09Can we white-label the FastLogin sign-in screen?+
Yes — within the brand boundaries that keep the SSO contract obvious. Your hospital logo, your brand colours, your support email and footer text. The 'Sign in with FastLogin' affordance stays where it is so users learn one ecosystem-wide pattern. Tenant branding lives in the admin console; changes propagate within five minutes via the same JWKS-cache schedule.
10Why does after-hours flagging matter?+
Because hospital sign-in patterns cluster sharply during business hours, and an attacker phishing a credential is most likely to test it at 3am Lagos. The 08:00–18:00 default window flags out-of-hours events without blocking them, so legitimate on-call clinicians aren't locked out and a security team gets a high-signal review queue. The window is configurable per tenant. The flag is just a bit on the audit row, so your SIEM can subscribe to flagged events as a separate stream and only escalate when the on-call roster doesn't justify them — exactly the kind of derivable workflow the chain is built to support.
11Can we federate from our existing identity provider (IdP)?+
Yes for a defined SSO-only inbound path: your existing Microsoft Entra, Okta, or Google Workspace can sign your staff into FastLogin via SAML or OIDC. We map the IdP claims into a FastLogin identity at first sign-in, and KYC still runs once per clinician on the Fastclinic side because the licence-board check has to be bound to a Fastclinic identity, not a third-party IdP claim. If you maintain SCIM provisioning on your IdP, we can consume the lifecycle events to auto-suspend FastLogin entitlements when a staffer is offboarded in the IdP. SCIM consumption is opt-in at tenant configuration time.
12Can our hospital have a custom-domain sign-in URL?+
Yes. Your tenant can be served from a custom domain like sso.your-hospital.ng with the same FastLogin contract behind it. The custom domain still issues OAuth2 tokens with the canonical Hydra issuer string baked into the JWT — relying parties trust the issuer, not the DNS — so a custom domain doesn't change the security model, only the user-facing branding. The certificate management is handled by us; you provide the DNS CNAME and we provision the cert via the same automation that runs on the canonical domain.
13How is FastLogin priced for organisations?+
FastLogin is bundled with the Fastclinic ecosystem subscription that includes Doorcta, OneHealth, and FastCredits — there is no separate per-seat fee for identity. KYC verification draw against the FastCredits ledger at the cost we pay Didit plus a thin operational margin. Hospital pricing scales by the number of MDCN-verified clinicians on the tenant, not by sign-in count, because we want your sign-in volume up and identity-spread down. The pricing page has the current bands; sales will model your hospital against the bands during onboarding. The included audit-chain export, the included after-hours flagging, the included DSAR pipeline — those are not add-ons. They are how the platform meets NDPA 2023 obligations, and we don't think a healthcare platform should charge a hospital extra for compliance primitives.
14What's the operational story for the FastLogin service itself?+
FastLogin runs in a multi-AZ deployment in the Lagos AWS region with PostgreSQL primary plus warm replica, Redis for rate limits and pre-identity registration tokens, and an active-active deployment of Kratos and Hydra behind an internal load balancer. Deployments roll out via a blue-green strategy with config validation as the gate — Kratos and Hydra refuse to boot on invalid config, so the gate is a true halt rather than a warning. Runbooks for every paged scenario live in the security docs and are reviewed quarterly by the on-call rotation. We also run a pentest by an external firm at least annually with the report shared with enterprise customers under NDA.