Viewing as:
FASTLOGIN · FOR HEALTHCARE PROVIDERS

Verified once. Trusted across the network.

Submit your MDCN or NMCN licence and pass a Didit liveness check once. Then sign in to Doorcta, OneHealth, and any partner clinical app with the same credential, the same MFA, and the same audit trail.

Request accessRead the docs
FastLogin is the verified-clinician identity for the Fastclinic ecosystem — one MDCN-checked profile, one MFA enrolment, one audit trail across hospitals.
01 / 06

1 · Hospital invites you

Your hospital's IT admin adds you to their FastLogin tenant by name and email. You receive an invite that takes you to the registration flow, with the hospital pre-attached as your organisation. You don't pick a tenant; the invite picks it for you. The audit trail records who invited you and when.

fastlogin.fastclinic.xyz/org/st-martins/roster
142 ACTIVE
St. Martin's Specialist Hospital · Roster
Bulk-enrol staff
NameRoleMDCNLast sign-inStatus
Dr. Adaeze N.DoctorMDCN/R/1234509:14 · LagosActive
Dr. Tunde O.DoctorMDCN/R/22318YesterdayActive
Nurse Funmi A.NurseNMCN/N/5501208:50 · LagosActive
Mary EzeFront desk08:10 · LagosActive
Dr. Sade B.LocumMDCN/R/98412Last weekSuspended
Verified MDCN licences refresh weekly · After-hours access flagged for review
02 / 06

2 · Verify your medical licence

You enter your MDCN or NMCN licence number and upload the licence document. Didit OCRs the document and cross-checks the number; the licence-board side validation runs in the background. You snap a single-frame selfie for liveness — iBeta Level 1 PAD certified, 99.9% accuracy at under 0.1% false-accept. Three retry attempts before a terminal decline, then support.

MTN9:415G
Verify your medical licence
DIDIT · LIVEProvider KYC

Submit your MDCN licence and a quick selfie. Verified by Didit (iBeta Level 1 PAD).

Upload licence (PDF or image)
licence-mdcn.pdf · 2.1 MB
Liveness selfiePASSED
Single-frame · 99.9% accuracy
Submit for verification
03 / 06

3 · Enrol MFA — both factors

You add a passkey for everyday sign-in — fastest is Touch ID or Face ID, on whatever device you spend your clinical day on. Then you scan a TOTP QR code with Google Authenticator or 1Password as a portable fallback. We generate backup codes; you store them somewhere only you can reach. Both factors are required policy; clinical scopes will not issue otherwise.

fastlogin.fastclinic.xyz/auth/register/mfa
STEP 2 OF 2
Set up authenticator app

Scan this QR code with Google Authenticator, Authy, 1Password, or similar. The code is your portable fallback if you lose your passkey.

Verify and continue
Next · Save your backup codes
04 / 06

4 · Step up before clinical access

Opening a patient's record in OneHealth or starting a Doorcta consultation requires an AAL2-fresh session. If your last MFA event was over an hour ago, FastLogin re-prompts you for a passkey before issuing the scoped clinical token. You consent to the scopes the product asks for — read records, write notes, place orders — explicitly, on a screen, every time the scope set changes.

fastlogin.fastclinic.xyz/auth/consent
DOORCTA
Authorize access

Doorcta is requesting access to your account.

  • openid
    Sign you in to the app
    on
  • profile
    See your name and basic info
    on
  • email
    Access your email address
    on
  • phone
    Access your phone number
    on
  • offline_access
    Stay signed in
    on
Allow access
Deny
05 / 06

5 · Use the same identity at every hospital

If you cover shifts at a second hospital, the second hospital's IT admin invites your existing FastLogin identity to their tenant. You don't re-do KYC. You don't re-enrol MFA. You inherit the second hospital's entitlements while keeping your own clinical record clean across both. Locum doctors and visiting specialists carry their identity with them; the hospitals carry the entitlements. The audit chain shows which tenant you signed in to for each session, so a regulator asking about a specific consult or prescription can see exactly which hospital you were practising under at the time. One identity, multiple employment contexts, fully traceable.

fastlogin.fastclinic.xyz/org/st-martins/entitlements
5 USERS · 3 PRODUCTS
Entitlement matrix · who can use what
UserDoorctaOneHealthFastCredits
Dr. Adaeze N.Doctor · activeProvider · activeSpend · active
Dr. Tunde O.Doctor · activeProvider · activeSpend · active
Nurse Funmi A.Read-only · activeRead-only · active
Mary EzeFront desk · activeReconcile · active
Dr. Sade B.Doctor · suspendedProvider · suspended
organisation-inherited
personal entitlement
suspended (revocable)
06 / 06

6 · See your sessions and audit

Every device you've signed in from is listed under active sessions; ending one revokes the token within seconds. Every clinical access event — patient record opened, prescription written, consult completed — flows into the same hash-chained audit log as your authentication. After-hours sign-ins (outside Africa/Lagos 08:00–18:00) are flagged automatically for compliance review.

fastlogin.fastclinic.xyz/account/sessions
3 ACTIVE
Active sessions
15-min access · 24h refresh · rotated
DeviceWhereLast seenAction
This device · Chrome 124 · macOSLagos · 102.89.42.7Now
iPhone 15 · SafariAbuja · 41.220.11.8812 min agoEnd session
Doorcta app · iOSLagos · 102.89.42.72 hours agoEnd session
All sessions AAL2
End all other sessions
What you get

MDCN-verified identity portable across hospitals

One licence check. Multiple employers. The hospitals share a verified provider directory; you don't pile up duplicate KYC artefacts on your phone.

Phishing-resistant MFA, mandatory

Both passkey and TOTP enrolled at registration. Clinical scopes need AAL2-fresh sessions. A stolen password proves nothing on its own.

Audit trail that follows you, not the building

Your authentication and clinical-access events live in one chain regardless of which hospital you signed in from. NDPA 2023 retention rules apply to the chain; you can request your own access record on demand.

Visible session control

Active sessions show every device with its IP, last-seen, and AAL. End any of them with one click. After-hours sign-ins are flagged for review without you having to chase a log.

Capabilities

Auth
  • Email + phone verification (OTP)
  • Passkey (WebAuthn / FIDO2)
  • TOTP authenticator app
  • Backup recovery codes (lookup_secret)
  • Password as fallback only
  • Session-bound CSRF on every flow
MFA / step-up
  • Phishing-resistant by default
  • AAL2 step-up before sensitive scopes
  • Per-device session listing + revoke
  • Configurable step-up freshness window
  • Hardware-key support (YubiKey / Titan)
KYC
  • Didit liveness (passive single-frame)
  • iBeta Level 1 PAD certified
  • MDCN licence verification (provider)
  • NIN verification (patient)
  • 3 retry attempts before terminal decline
  • 30-day Didit retention, 24-hour purge
OAuth2 / OIDC
  • 15-min access tokens
  • 24-hour refresh with rotation
  • JWKS · 5-min cache
  • Scope-limited consent screen
  • Authorization-code with PKCE
  • Client-credentials for service tokens
Audit
  • Hash-chained event log
  • 7-year retention
  • Daily export to WORM S3
  • Africa/Lagos timezone
  • After-hours flagging (08:00–18:00)
  • Per-IP and per-device columns
Compliance
  • NDPA 2023 §25 lawful basis
  • African data residency
  • Documented data-processing record
  • DSAR export pipeline
  • Cross-product consent ledger
  • Quarterly third-party pentest

Under the hood

What ships when you ship this. The architecture is built once and inherited by every Fastclinic product.

SIGN IN · REGISTER · MFAOAUTH2 CONSENTEVERY EVENTPUBLISH KEYSACCESS · 15-MINACCESS · 15-MINACCESS · 15-MINVERIFYVERIFYVERIFYPATIENT · PROVIDER · ADMINORY KRATOS · IDENTITYORY HYDRA · OAUTH2 / OIDCJWKS · 5-MIN CACHEAUDIT LOG · HASH-CHAINEDDOORCTAONEHEALTHFASTCREDITS
15-min access tokens · 24-hr refresh
Hydra issues short-lived access tokens; refresh tokens rotate on every use. Compromise window measured in minutes, not weeks.
JWKS · 5-min cache
Each product caches FastLogin's public keys for 5 minutes. Key rotation propagates without redeploy.
AAL2 step-up · phishing-resistant
Sensitive operations require AAL2 — passkey or TOTP, not just a password. Kratos enforces; Hydra checks before issuing scoped tokens.

Integrations

Fastclinic
Doorcta

Telehealth signs patients and doctors in via FastLogin. Consult start requires AAL2 within the last fifteen minutes. Doorcta never sees the user's password.

Fastclinic
OneHealth

Health-record access requires AAL2 plus an explicit scope on the consent screen. Provider identity is the MDCN-verified FastLogin identity — there is no separate clinical login.

Fastclinic
FastCredits

The shared credits ledger trusts FastLogin's identity for both individual and organisation accounts. Hold, capture, and refund actions all carry the FastLogin user ID and write to the same audit chain.

External
Ory Kratos

Open-source identity store. We run pinned releases and edit configuration at fastlogin/ory/kratos/. Container restarts are part of every config change.

External
Ory Hydra

Open-source OAuth2 / OIDC server. Tokens are signed with rotating keys; the public key set is cached by every relying party for five minutes. Hydra never sees user passwords.

External
Didit

External KYC processor for liveness, MDCN licence OCR, and NIN verification. Signed agreement under NDPA 2023; selfie data deleted after thirty days on Didit's side.

Compliance & safety

NDPA 2023 — lawful basis recorded

FastLogin processes personal data under contract, consent, legal obligation, and legitimate-interest bases per NDPA 2023 §25. Every dataset and processor is recorded in the data-processing record kept by the Fastclinic Limited data controller (RC 1919428).

NDPA 2023 (NDPC)
Audit log — 7-year hash chain, daily WORM export

Every authentication event is hashed into a Postgres-side chain. Tampering with any historical row breaks the chain. We export the chain daily to write-once-read-many S3 storage; the seven-year retention satisfies records-of-processing requirements.

African data residency

Identities, sessions, KYC artefacts, and audit logs are hosted in a Nigerian-region AWS account. Cross-border transfer is limited to the named Didit liveness flow under signed processor agreement.

Phishing-resistant MFA policy

Every FastLogin account holds both a passkey credential and a TOTP secret. Passkeys carry the phishing-resistance properties NIST 800-63 names as AAL2-eligible without an authenticator-app fallback. We require both factors so a lost device is recoverable.

NIST 800-63B
Token lifetimes — short by design

Access tokens last fifteen minutes. Refresh tokens last twenty-four hours and rotate on every use. JWKS caches expire every five minutes. Compromise windows are measured in minutes, not weeks.

Plain answers

01What licences does FastLogin verify for clinicians?
MDCN for medical and dental practitioners, NMCN for nurses and midwives, and the relevant licence body for pharmacists, optometrists, and physiotherapists as the role catalogue extends. Verification is two-step: the licence number is OCR'd from the document you upload by Didit, and the document itself is checked for tampering. We do not issue you a clinical role until both sides return a clean signal.
02How long does the KYC step take?
About ninety seconds end-to-end on a typical mobile connection in Lagos. Document upload runs to Didit; liveness is a single passive frame, not a video; OCR and licence cross-check return within thirty seconds for most documents. If the document scan returns ambiguous you get up to three retries before a terminal decline routes to manual review by Fastclinic compliance. Manual review aims for a one-business-day turnaround; we email you the result and the audit chain records every step from submission to decision. If you're declined, the decline reason is plain-language — wrong document type, expired licence, image illegible — and the next steps are concrete, not a generic try-again message.
03Why do I need both a passkey and a TOTP secret?
The passkey is what you use every day — fastest, phishing-resistant. The TOTP secret is the portable backup. Passkeys live in a single device's secure enclave; if that device dies, you'd be locked out without a second factor that travels independently. Backup recovery codes are the third line of defence behind that. The policy is enforced by the registration flow, not by you.
04When does AAL2 step-up trigger?
Clinical scopes — record read, record write, prescription, lab order — require AAL2 within the last sixty minutes by default. The threshold is configurable per organisation. If your session is older than the threshold when you try to open a record, FastLogin re-prompts for a passkey or a TOTP code before Hydra issues the scoped token. You don't sign back in; you confirm.
05Do I have to KYC again at every hospital I work at?
No. A second hospital invites your existing identity rather than creating a new one. Your KYC artefacts are reused; your audit history is preserved across hospitals; only entitlements (which products, which scopes) differ per tenant. Locum doctors and visiting specialists particularly benefit — your identity is yours, and the entitlements travel with the org.
06What if my MDCN licence expires while I'm employed?
The licence-board check runs on a schedule. When the system flags an expired or revoked licence, your clinical entitlements are auto-suspended within hours, and the affected hospital's IT admin gets a notification. Suspension is reversible: re-upload the renewed licence and Didit re-validates. The hash-chained audit shows the suspension and reinstatement events with timestamps.
07Can I see when my own record was accessed?
Yes. The personal audit feed shows every authentication event you initiated and every clinical-access event you performed — patient lookup, record open, prescription write. The hospital's audit feed shows the inverse: who accessed which record. Both are derived from the same chain. NDPA 2023 §25 read-rights apply.
08Why hash-chain the audit and not just sign each row?
Because the chain catches deletions and reorderings, not just edits to existing rows. Each row's hash includes the previous row's hash; tampering breaks the chain at every subsequent row. Verifiers can replay the chain end-to-end and prove no row has been altered or removed. This is the same property that supports the seven-year retention exposure to regulators.
09How does session revoke work?
When you click End session, FastLogin marks the Kratos session inactive immediately and revokes the matching Hydra refresh token. Existing access tokens are still valid until their fifteen-minute expiry; the affected products will fail to refresh. In practice the revoke takes effect within minutes. Hospital admins can also force-revoke a specific user across all sessions from the admin console.
10What's the SLA for sign-in availability?
FastLogin targets four nines on sign-in availability across the Lagos region, measured monthly. Outages and slow-paths trigger an incident response with a customer-facing status update within fifteen minutes of detection. The trust page tracks the historical numbers and links to the most recent post-mortems. The five-minute JWKS cache means that during a brief FastLogin disruption, already-signed-in clinicians keep working against the cached keys until their fifteen-minute access token expires — most short outages never reach the bedside.
11Can I write prescriptions and lab orders through FastLogin scopes?
FastLogin issues the scoped tokens; the actual prescription or lab-order workflow lives in the product. Doorcta and OneHealth both expose prescription scopes that require an AAL2-fresh session and an MDCN-verified clinical role on your FastLogin profile. When you sign a prescription in Doorcta, FastLogin attests that the session is fresh and the role is verified, and the prescription record carries the FastLogin user ID and the audit timestamp. The actual prescription content is stored in the relevant product's record store, not in FastLogin.
12What if I'm covering an on-call shift and need access at 3am?
Sign in normally. After-hours sign-ins are flagged for compliance review by the org-admin tooling, but they are not blocked — that would defeat the point of on-call. The flag becomes a high-signal queue item that the hospital's compliance team reviews the next business day to confirm the activity matched a real on-call assignment. The default after-hours window is Africa/Lagos 08:00–18:00; your hospital's admin can configure a different window or disable flagging entirely if your roster doesn't follow that pattern.
13How do you handle supervision relationships for trainees?
Supervision is currently expressed via entitlements on the trainee's FastLogin identity that scope what they can do without a co-signature. A trainee's prescription scope, for example, may require an attending clinician's AAL2-fresh session within the last five minutes for the prescription to be accepted by the product. The dual-attestation pattern lives in the product's workflow; FastLogin's job is to make the supervisor's identity provable and the supervision event auditable. The OneHealth break-the-glass workflow uses the same primitive for emergency access.

Verify once. Practise everywhere.

Get an MDCN-verified, MFA-protected, audit-traceable Fastclinic identity that travels across hospitals — and across every Fastclinic product.

Request provider accessRead the docs