Active Directory Federation Services (ADFS)
Active Directory Federation Services (ADFS) extends single sign-on (SSO) capabilities beyond an organization’s internal network, allowing users to access third-party apps, like cloud services, with just their Windows credentials. This means users can log in once and access multiple systems without needing different passwords. ADFS securely shares a user's identity and access permissions, called claims, with trusted external systems. While it simplifies login for users and reduces password management for IT, setting it up requires extra infrastructure and comes with some risk of added failure points. However, it's flexible, compatible with different systems, and can be customized to fit a company's needs.
How Does the Active Directory Federation Service work
Functionality
Requirements for TeleTracking's Auth0 Integration with Client ADFS
TeleTracking uses Auth0 to route authentication requests to an organization’s Active Directory Federation Services (ADFS).
This routing is based on the subdomain in the URL. To connect a client Active Directory to TeleTracking's system, the client must configure the required software versions, ADFS Relying Party Trust, and ADFS Claims.
Required Software Versions & Setup:
ADFS: Must be version 2003R2 or higher (Domain & Tree) on the customer’s AD.
Add *.auth0.com to Trusted Sites.
The published ADFS site must be externally accessible to Auth0 and TeleTracking websites.
Ensure Port 443 is open.
Firewall Whitelist:
Option #1: Generic - *.auth0.com
Option #2: Fully Qualified Domain Names (FQDN):
US: prod-teletracking.auth0.com
EU/UK: prod-uk-teletracking.eu.auth0.com
Option #3: IP Address Whitelisting (IP ranges may change; refer to Auth0's IP Whitelist Guide for updates).
ADFS Relying Party Trust Setup
Certificate Installation:
Download the Auth0 certificate for the Relying Party Trust setup:
Copy this certificate to your ADFS server.
Steps to Create a New Relying Party Trust:
On the ADFS Server, open Administrative Tools → ADFS Management → Trust Relationships → Select Relying Party Trusts.
Click Add Relying Party Trust in the right-hand column and start the wizard.
Choose to enter data about the relying party manually. Click Next.
Enter a Display Name and Description for your organization. Click Next.
Select ADFS Profile. Click Next.
Skip the next step and click Next again. Leave both boxes unchecked.
Enter the Relying Party Trust Identifier provided by the TeleTracking Technical Project Manager (e.g., urn:auth0:prod-teletracking:examplecenter, replacing "examplecenter" with the customer’s identifier).
TeleTracking® does not use Multi-Factor Authentication (MFA) at this time. Select I do not want to configure multi-factor authentication and click Next.
Select Permit all users access. Review your settings and click Next.
Uncheck "Open the Edit Claim...". Click Close to complete the setup.
Finalizing the Relying Party Trust Setup:
After completing the wizard, locate the newly created Relying Party Trust entry, right-click it, and select Properties.
Go to the Signature tab, click Add, and select the previously downloaded certificate. Click Open and then OK.
Go to the Endpoints tab, click Add WS-Federation, and enter the appropriate trusted URL:
Click OK.
From here, you can proceed to add the necessary claims for the Relying Party Trust.
ADFS Claims Configuration Guide
This section provides a step-by-step process to set up ADFS claims for integration with the TeleTracking Cloud Platform. While there are different methods, the following is the recommended configuration.
Steps for Configuring Claims Rules:
Accessing the Claim Rules:
Right-click on the Relying Party Trust and choose Edit Claim Rules (or Edit Claim Issuance Policy depending on your ADFS version).
Adding a New Claim Rule:
Click Add Rule...
Change the Claim Rule Template to the appropriate option (such as a custom rule) and click Next.
Creating the Custom Claims Rule:
Repeat the previous step to create the following claim rule:
Claim Rule Name: Custom Rule: User Attributes
Custom Rule:
plaintext
Copy code
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "Active Directory AUTHORITY"] => issue(store = "Active Directory", types = ("https://teletracking.cloudapp.net/identity/claims/aduserguid", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "https://teletracking.cloudapp.net/identity/claims/firstname", "https://teletracking.cloudapp.net/identity/claims/lastname", "https://teletracking.cloudapp.net/identity/claims/middleinitial", "http://schemas.xmlsoap.org/claims/CommonName", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"), query = ";objectguid,mail,name,givenName,sn,Initials,displayName,userPrincipalName;{0}", param = c.Value);
Matching Logic for User Authentication:
When a user logs in via an Identity Provider (IDP), the system will use the following matching logic to identify the user in the TeleTracking® Cloud Platform:
Match by Active Directory GUID (SID):
If the user’s record in the platform database has an Active Directory GUID matching the one returned by the claim, it's considered a match. All user attributes will be updated in the database according to the claim data.
Match by UPN (User Principal Name):
If the Active Directory GUID is not present, the system checks for a record with the same UPN as the one in the claim. The user's Active Directory GUID will be updated to match the claim if the UPN is found.
Match by Email:
If neither the Active Directory GUID nor UPN matches, the system searches for a record with the same email address as in the claim. If a match is found, both the UPN and Active Directory GUID will be updated.
No Match Found:
If no match is found using Active Directory GUID, UPN, or email, the user will not be able to sign into the application. In such cases, a user account must be created manually in the Operation IQ® Platform.
This process ensures accurate user authentication and synchronization between the ADFS claims and the TeleTracking Cloud Platform.
Active Directory
The Operations IQ® Platform uses Microsoft Active Directory (AD) to manage user accounts. Customers have two options for setting up Active Directory with the Operations IQ® Platform: they can either use TeleTracking's Active Directory (ID-TeleTracking.com) or their own domain. If a customer opts to use TeleTracking's AD, some setup is required for Organizational Units (OUs) and Trusts.
How Does Active Directory Work
Functionality
Special Case: Even if a customer uses their own Active Directory for Operations IQ® Platform authentication, Report Builder users will still need to authenticate through TeleTracking AD. Therefore, an OU in ID-TeleTracking.com is necessary for Report Builder users.
OU Structure
For each tenant using TeleTracking Active Directory or Report Builder, an OU must be created in ID-TeleTracking:
Create an OU:
Right-click on Tenant → New Organizational Unit → Name the Tenant according to naming standards.
Create a Security Group:
Right-click on Tenant → New Security Group → Name the group following the same naming standards and place it in the Tenant OU.
Create a User:
Right-click on Tenant → New User → Enter the necessary details, including:
First Name
Last Name
Username (ensure correct namespace; see "Domains and Trusts" section)
Add to Tele Security Groups
Email Address
Domains and Trusts
Each tenant using TeleTracking Active Directory must have their auth0 URN added to Active Directory Domains and Trusts:
Open Active Directory Domains and Trusts on the domain controller.
Right-click on Directory Domains and Trusts → Properties.
Assign the UPN (User Principal Name) to match the namespace for each tenant created. Ensure each new user has a matching URN added to the domains and trusts.
Administrators
Administrators in the Operations IQ® Platform play a crucial role in ensuring that the system is properly configured for smooth and effective operations across the organization. They manage the platform's settings, user accounts, and system components, allowing users to perform their tasks without interruption.
How Administrators Work
Functionality
Anyone assigned the Administrator role can configure the platform. Administrators are often individuals from the Information Technology department or management teams who understand both the technical setup and operational needs of the platform.
Administrators ensure that all aspects of the platform are tailored to meet the organization’s needs, enabling users to carry out their tasks efficiently and securely.
Administrator Responsibilities include:
Configuring Platform Settings: Adjust session timeouts, setting how long a session lasts before it automatically logs out users due to inactivity.
Managing Dictionary Items: Configure and maintain dictionary items (like facilities and physicians) that are used for scheduling on-call services.
Setting Up User Accounts: Create and manage user accounts, assigning appropriate roles and permissions to ensure users have access to the tools and information they need.
Managing Locations and Transportable Items: Configure locations within the system where pickups, deliveries, or movements of items (such as medical equipment or patient transport) need to occur.
Configuring Dictionary Items for Referrals and Transfers: Set up dictionary items such as diagnoses that are required when creating or editing referrals and transfer cases to ensure that the proper information is available for patient transfers.
Calendar Tool
The calendar tool is a valuable feature within the Operations IQ® platform that helps users easily select and manage dates. It appears in several areas of the platform, streamlining tasks that require setting specific dates, such as scheduling, tracking tasks, or managing patient transfers.
How To Use the Calendar Tool
Functionality
The Calendar Tool is used to easily select and change dates in a system. Here’s how to change dates using this tool:
Select the Calendar Icon:
Click on the calendar icon to open the date selection tool.
View Current Date:
The calendar tool will display the currently selected date, month, and year in the top center.
Choose a Day:
If the month and year you want are already displayed, simply click on the desired day in the calendar body.
Change the Month:
If you need to select a different month, use the left or right arrows at the top of the calendar to navigate through months.
Change the Year:
If you need to select a different year, there are two options:
For nearby years: Click the month and year displayed in the top center. The year will appear at the top, without the month. Use the arrows to navigate to the correct year, then select the month and day.
For years farther than 10 years away:
Click the month and year at the top.
Select the year again to see a range of 10 years at the top of the calendar.
Use the left or right arrows to scroll through the 10-year ranges.
Select the specific year you need from the calendar body.
After selecting the year, choose the month and day from the calendar.
Confirm the Date:
After selecting a date, the calendar will close, and the chosen date will appear in the field or.
Platform Settings - Capacity Management Settings
Capacity Management Settings section of the Admin > Settings > Platform Settings page allows you to see details about instances of the Capacity IQ® that are integrated with your system. An instance represents a group of campuses, and the settings page shows the names and URLs of IQ-enabled instances, which are used throughout the application. Additionally, you can check whether the synchronization of the Payor field is enabled from the Capacity IQ® solutions.
Note: These settings are view-only. For any configuration changes, your TeleTracking representative can assist your health system.
How Capacity Management Settings Work
Functionality
Capacity Management Settings can be configured
By a TeleTracking Representative
By Instance
Your health system can be integrated with up to 20 “instances” of Capacity IQ®.
Capacity Management Settings include:
Instance Names:
These fields are labeled CMS Name, which are appended by a number (e.g., CMS Name 123).
These instance names appear as options in the following menu selections:
Clinical Operations: Capacity IQ® PreAdmit, PatientTracking Portal®, Capacity IQ® Reports
Care Support: Capacity IQ® EVS, Capacity IQ® Transport, Capacity IQ® Reports
Admin: Settings > Capacity Management
Instance URLs:
The URLs for each instance are located in the URL fields, with each URL also appended by a number (e.g., URL 123) that corresponds to the instance name.
Instance IDs:
IDs are displayed in the ID fields and follow the same numbering format.
These IDs are appended by a number (e.g., ID 123) matching the instance name.
IDs are not visible to client administrators.
Test Button:
The Test button can be used to check if the instance is functioning correctly.
This option is not available for client admins.
Manage Settings Link:
The Manage Settings Link allows administrators to view and configure the settings for a particular instance.
Selecting Manage Settings opens the Manage Settings window.
The Manage Settings window contains the following details:
CMS Name: The instance name of the Capacity IQ® solution.
Disable Placement Payor Sync: This toggle controls whether the Capacity IQ® Payor field information synchronizes with the Transfer IQ® application Payor field information:
ON (Blue): The Capacity IQ® Payor field does not overwrite the Transfer IQ® Payor field during synchronization.
OFF (Gray): The Capacity IQ® Payor field overwrites the Transfer IQ® Payor field during synchronization.
How to View Capacity Management Instance Information:
Go to Admin > Settings > Platform Settings.
The Manage Settings page will open.
Locate the Capacity Management Settings.
Error when Attempting to Savine an Operations IQ® Platform Profile
An error may appear, stating that you "Cannot Save Active Directory User", when attempting to save a user account.
This error occurs when adding a newly built instance to a user’s Operations IQ® Platform profile and attempting to save the changes. The issue results in the following behaviors:
No Capacity IQ® profile is created in the new instance.
The user account is not found in the Capacity IQ® Database.
No changes are saved.
Solution:
Test the Instance Connection:
Navigate to the Admin tab of the Operations IQ® Platform.
Go to Platform Settings.
Find the newly added instance and click the TEST button.
This action will refresh the integration between the Operations IQ® Platform and the Capacity IQ® solution.
Retry Saving the Operations IQ® Platform Profile:
After refreshing the integration, return to the user’s Operations IQ® Platform profile.
Attempt to save the profile again.
A new Capacity IQ® profile should now be created for the user, and the changes should be successfully saved.
Alternative Workaround:
Delete and Re-add the Instance:
If the above solution does not work, you can delete the newly added instance from the user’s account and then re-add it.
Note: In some cases, deleting the new instance may result in a different instance being deleted instead, while the new instance remains. Be cautious when using this workaround.
Platform Settings - External Source Configuration
An External Source is an outside source of data that feeds into the Operations IQ® Platform. This is used for sending Procedure Information, Staff Assignments, or trackable location Information to automatically update into the Views. An Administrator would work with TeleTracking® to configure the integrations during implementation. This ensures consistency and clarity when referencing units, departments, and other entities across various systems.
An External Source is configured under Platform Settings > External Source Configuration. You’ll see External Source and External Source IDs on fields that allow custom mapping such as Tasks or Locations.
How External Source Configuration Works
Add External Source
Go to Admin >Settings > Platform Settings.
Locate the External Source Configuration Section.
Select Add Configuration Source.
Fill out the required details and click Save at the top-right of the page.
Functionality
In Fields that accept External ID, you can identify the Source System and the External ID
External Source IDs appear in:
Tasks
Bed Locations
Healthcare systems typically utilize multiple systems that communicate through Health Level 7 (HL7) messages.
Common systems include:
Admissions Discharge Transfer (ADT) systems
Ordering systems
Scheduling systems
These various systems often use different terminologies for the same items. For instance, the "MedSurg1" unit in one system may be referred to as "4West" in another.
The External Source Configuration section is designed to lay the groundwork for future TeleTracking Technologies product offerings.
While this section is currently accessible, there is no need to enter any configurations at this time.
Any information displayed here does not impact your current solutions.
External Sources can be added or edited.
Each row in the External Source Configuration section provides the following information:
Name - The name of the external source.
This value appears in the dictionary details page as an option in the External Source ID drop-down list.
After selecting the external source, administrators can supply a value that the source uses for the dictionary item.
ID - The unique identifier for the external source.
Description - An optional field providing additional details about the external source.
Category - The type of external source, such as ADT (Admission, Discharge, Transfer), Ordering, Real-Time Locating Systems (RTLS), or Scheduling.
Inbound Message Forwarding URL - The web address where Iguana is installed, is used to facilitate the ADT or SIU (Scheduling Information Unsolicited) message inbound flow.
On-Premise Target - For single-instance connections with Capacity IQ® where RTLS is on-premise, this value is the Capacity IQ® Instance ID (not required). For Workflow IQ®/Location IQ® integration scenarios, this field requires a unique ID that can identify a single Gateway installation.
View Settings Link: To see more details for a specific external source, select the View Settings link in the corresponding row.
This will display the View Settings with the following information about an External Source:
Tenant ID: The identifier for the tenant using the external source.
External Source ID: The unique identifier of the external source in the Operations IQ® Platform.
TeleTracking API Host URL: The URL used for receiving messages from the external source.
The IDs or URL in the View Settings Window can be copied using the clipboard button next to each row.
Platform Settings - Facility Utilization
Configuring the Facility Utilization setting helps prevent referrals from being sent to incorrect facilities. It allows administrators to limit the Target Facilities that users in a Medical Practice Account can send referrals to, ensuring that only specific, pre-approved facilities appear in the Preferred Facilities list on the Create Referral and Edit Referral pages. These settings are not required for jobs, behavioral health encounters, on-call scheduling. Only users with an Administrator role can configure the Facility Utilization settings.
How Facility Utilization Settings Work
Functionality
You need to specify which facilities appear in the Preferred Facilities list in the Create or Edit Referral pages. These are the facilities to which users in your organization can submit referrals.
How to Configure the Facility Utilization Setting
To control which facilities appear in the Preferred Facilities list:
Go to Admin > Settings > Platform Settings.
Under Facility Utilization, begin typing the facility's name in Select Facilities.
From the drop-down list, select the facility.
The list will display the facility's name, city, and state.
These are the facilities designated as Target Facilities in the Transfer IQ® or Capacity IQ® solution at the receiving health system.
The facility appears in the Target Facilities list, and an Added icon confirms its selection.
Click Change Settings to save the new Target Facilities.
Now, when users with External Care Provider roles create referrals, only the facilities you've selected will appear in the Preferred Facility list.
The updated Facility Utilization setting is applied for new referrals created going forward.
Go to Admin > Settings > Platform Settings.
Under Facility Utilization in the Target Facilities list, hover over the name of the facility you wish to remove.
Click the X that appears next to the facility name. The facility clears from the list, and a Removed icon confirms the action.
Click Change Settings to save the updates.
The removed facility will no longer appear in the Preferred Facility list when users create referrals.
The updated Facility Utilization setting is applied for new referrals created going forward.
An Identity Provider (IdP), sometimes referred to as an IdP, is a service that authenticates users on behalf of your application. In a healthcare system, an IdP can combine your system login with all the software provided by platforms like TeleTracking®, ensuring seamless authentication across services. This shows as a column in the user area of the platform, it also shows on the users profile.
How Identity Provider Works
Functionality
An identity provider (IdP) manages and stores digital identities for users and allows users to access resources like email and file management systems. Here's how an IdP works:
Request: The user enters their identity, such as a username and password or biometric authentication.
Verification: The IdP checks the user's identity and determines what resources they have access to.
Unlocking: The user is given access to the resources they are authorized for.
IdPs can also authenticate any entity connected to a network or system, including computers and other devices.
IdPs are often used for single sign-on (SSO), which allows users to log in once and access multiple services without re-entering their credentials. SSO reduces password fatigue and the risk of password-related vulnerabilities.
IdPs use languages like Security Assertion Markup Language (SAML) and data formats like Open Authorization (OAuth) to communicate with other web service providers. They issue three types of messages:
Authentication assertion: Confirms the identity of the requesting user or device
Attribution assertion: Contains relevant data about the user or device, such as their roles, permissions, and other profile information
Authorization assertion: Records whether a user or device has access to an online resource
Examples of IdPs include Google, Facebook, and Microsoft Azure Active Directory.
General Settings - Inactivity Timeout
The Inactivity Timeout feature is vital for maintaining the security of Protected Health Information (PHI) by automatically logging out users after a period of inactivity. This prevents unauthorized personnel from accessing sensitive patient data if a workstation is left idle and unattended. For example, sometimes a user has started another task without closing the browser window. Automatically signing out the user can prevent any visible patient information from being seen by another employee who has no need to see it. Only users with an administrator role are authorized to configure the inactivity timeout settings within the Operations IQ® platform.
How Inactivity Timeout Works
Functionality
Users will be signed out automatically based on the timeout configured by administrators.
This ensures the security of sensitive information when a workstation is left unattended while logged into the platform.
Some organizations may have general IT settings that log out users after a specific inactivity period. In such cases, the IT department’s settings take precedence over the Operations IQ® Platform's Inactivity Timeout.
For example, if your timeout is set for 960 minutes and the IT department enforces a 900-minute limit, the user will be signed out after 900 minutes.
For details about these settings, consult your IT department.
The system tracks user activity through page navigation, screen refreshes, and data saves.
Automatically logging out idle users protects sensitive data.
For example:
If a user leaves their workstation without logging out, the automatic timeout prevents unauthorized individuals from accessing the data.
If a user leaves the browser window open and becomes inactive, the automatic logout will ensure no one else can view or modify sensitive information.
Mobile App Users: The inactivity timeout does not apply to users of our mobile applications, especially those with the Fulfiller role. However, these users will be subject to your IT department's general logout setting.
Each Capacity IQ® Security Group has its own inactivity timeout settings.
In IQ-integrated environments, the group-specific timeout setting has been removed from master configurations.
Other features, such as Single Sign-On and Session Timeout (minutes), are also no longer available when Capacity IQ® is fully integrated with the Operations IQ® Platform.
The Timeout Duration field of the Inactivity Timeout feature has a default value of 30 minutes and can range in value from 1 to 960 minutes (16 hours).
Go to Admin > Settings > Platform Settings to display the Manage Settings page.
Under General Settings, locate the Inactivity Timeout (Minutes) field.
Enter the desired number of minutes of inactivity after which the user will automatically be signed out.
After entering the desired value, click Change Settings to save the new timeout duration.
How to Avoid Inactivity Sign-Out
Warning: Five minutes before the automatic logout, users will receive a warning that appears as a dialog with a countdown from 5 minutes, and alerts users to Continue the Session to remain logged in.
Continue Session: Select Continue Session in the warning dialog to extend the session and avoid being logged out.
This action resets the inactivity timer, allowing the user to remain logged in.
If no action is taken, users will be logged out, and unsaved changes will be lost.
General Settings - Locale
The Default Locale setting is essential because it determines the language and date format used across the Data IQ® interface and reports. This ensures that users see the interface and reports in their preferred language and regional date format, providing a consistent user experience tailored to the locale settings. Only customer administrators have access to view the Default Locale setting. This allows administrators to ensure that the correct language and date format are applied for users across the platform. Your TeleTracking representative can configure the Default Locale.
How Locale Works
Functionality
Locale allows administrators to confirm and adjust the locale settings based on the language preferences of the platform's users.
This field will display one of the following locale options:
en-US: For English-speaking users in the United States.
en-GB: For English-speaking users in Great Britain.
de-DE: For German-speaking users in Germany.
Go to Admin > Settings > Platform Settings.
Under General Settings, locate the Default Locale.
Login
The TeleTracking login page is an essential part of accessing the platform and understanding it is crucial in case of an outage or issue. Your hospital may have specific procedures for handling login problems, so it's important to follow your local processes first.
How Login Works
Functionality
To log into TeleTracking applications, you will need the website, your username, and your password.
The hospital's Helpdesk will usually provide a link to the website, either on your desktop, in a favorites menu, or on the hospital's intranet, and they can also assist in provisioning your access.
When you launch the TeleTracking website, observe the address at the top, which typically includes your hospital's identity management link.
If the login page does not load, your first step should be to check with your Helpdesk. If the page loads but you are unable to log in, there may be other issues that need further investigation.
Contact your Helpdesk to:
Locate your username
Reset your password
Since TeleTracking is integrated with your hospital’s Identity Management solution, it cannot reset passwords.
The application does not save passwords.
If your password is auto-filled, it has likely been saved via the browser. You will need to remove it from the browser and/or credential manager on the PC if you do not want this to happen.
If you don’t have the proper permissions to edit the browser settings, reach out to your internal help desk for assistance.
The Operations IQ® Platform automatically creates shell accounts when a matching user is not found in Capacity IQ®, leading to duplicate accounts. This occurs when a user exists in Capacity IQ® but has an invalid or missing email address.
The Stay Signed-In Indefinitely feature allows users to remain logged in until they manually log out. This feature is Inactive by default and can be enabled on a per-user basis by an administrator. However, to comply with HIPAA regulations, which require automatic log-off for systems handling PHI (Protected Health Information), it is recommended to keep this feature Inactive.
When this feature is deactivated, users will be subject to their health system's automatic logout settings based on the configured timeouts and security policies.
Refreshing Your Login
If you experience errors or issues with features not working, these are often related to a session problem.
Solution:
Log out properly using the Sign Out button and then re-login.
Avoid simply closing the browser with the red X as this may not end your session correctly.
Login Issues with Duplicate Accounts
Problem: Users may not see all their appropriate application tabs, often affecting new users or users returning after migrating to the Operations IQ® Platform.
Action:
Confirm the presence of a duplicate account by searching in Admin > Users using the Last Name, First Name, or Email.
Verify the correct email associated with the account and ensure that the appropriate User Roles are assigned.
Information to Provide for Review
Last Name
First Name
Email
Duplicate account information
Login Problems Checklist - Basic
This checklist will guide you through common issues for troubleshooting login problems in TeleTracking. It is divided into four parts: account setup, launching the Operations IQ® Platform, ruling out problems, and missing tabs in Transfer IQ®.
Part 1 - Account Setup
Ensure your account is correctly set up.
Is an account set up for you?
If not, consult these articles to reach out to your Helpdesk/Administrator to have one created:
Is your password correct?
If you’re not sure, review with your Helpdesk using this article:
If your account and password are correct, move to Part 2.
Part 2 - Launching IQ
Ensure the application is loading:
Launch the Operations IQ® Platform website using the icon, link, or favorite button provided by your Helpdesk.
Does the webpage load Active Directory with a login/password field or show an error?
If there’s an issue, consult this article:
If the page still does not load, contact your Helpdesk to confirm the proper link and check for Identity Provider issues.
Try to log in:
If you cannot log in, proceed to Part 3.
Once logged in, do you see everything you need?
If not, consult:
Part 3 - Ruling Out Problems
If login issues persist, follow these troubleshooting steps to narrow down the problem:
Close and relog into the application:
Review these steps for help:
Try a different browser:
If the browser seems to be the issue, consult:
Clear browser cache:
If trying another browser doesn’t help, review the following articles to clear your cache:
Test login on another computer:
If another colleague is able to log in, try this:
If none of these steps work, contact your Helpdesk. They will confirm if there’s an overlooked issue or if TeleTracking Technical Support needs to review it.
Part 4 - Missing Transfer IQ® Tabs
If you can log in but are missing certain tabs or applications, consult this article:
Login Problems Checklist - Intermediate
This checklist is designed for Administrators and Helpdesk employees to assist in troubleshooting login issues. It builds on the basic troubleshooting steps and offers more advanced techniques for diagnosing and resolving problems.
Part 1 - Account Verification
Before diving into deeper issues, verify that the user's account is properly configured.
Is their account set up within your Active Directory (AD)?
If you do not have access to check, contact someone who can verify this.
Are they assigned to the proper Active Directory groups for the applications they need?
Cross-reference the ROLES - Operations IQ® Platform article for role mapping and confirm within Active Directory that they are assigned to the appropriate groups.
Is their account locked?
Verify that they can log in elsewhere using their username and password. If not, consider resetting their password.
If everything checks out, proceed to Part 2.
Part 2 - Website Verification/Login
Ensure the application is loading on your computer:
Launch the Operations IQ® Platform website on your own machine to rule out any issues with the user's system or network.
Does the webpage load to the login/password screen or show an error?
Refer to this article for error troubleshooting: Login Page Issues.
ADFS Verification:
If the initial page does not load, check if there is an issue with your ADFS (Active Directory Federation Services).
Test logging in yourself:
If you can log in but the user cannot confirm that they’ve attempted these basic troubleshooting steps:
Document the issue:
Record what happens when they try to log in, including any error messages. If you've encountered a similar problem before, try to resolve it.
If only certain users are affected, record the following information and contact TeleTracking for further assistance:
User’s Email
First Name and Last Name
Time of login attempt (with time zone)
Part 3 - Past Login but Application Tabs Missing
Determine the scope of the issue:
Is this affecting all users or only a subset? If it affects everyone, reach out to TeleTracking for assistance.
Identify missing tabs:
If the missing tabs are related to Capacity Management, review this article to troubleshoot: Capacity Management Issues.
Verify Active Directory groups:
Confirm that the user is assigned to the correct Active Directory groups. If they are, verify that these groups are correctly passed over during login.
Part 4 - Using F12 to Verify User Information During Login
Open the Login Page:
Navigate to the Operations IQ® platform login page.
Open Developer Tools (F12):
Press F12 to open Developer Tools.
Navigate to the Network Tab:
While on the login page, open the Network tab in Developer Tools.
Login to the Operations IQ® Platform:
Log in to the platform and look for the “user profile” call in the Network tab.
Check Roles:
Under Preview or Response, you will find the user’s roles. This information contains the groups passed from the ADFS call, which is crucial for verifying that the correct groups are being sent.
Collect Information:
Other details in the Developer Tools can also be helpful for troubleshooting. Provide as much of this information as possible when reaching out for support.
Part 5 - Verifying Browser Settings for Missing Capacity IQ® Tabs
Check Internet Explorer settings:
If Capacity Management Suite tabs are not loading, ensure the correct browser settings are applied.
Add Trusted Sites:
Ensure the following domains are listed in your Trusted Sites:
*.cl-teletracking.com
*.auth0.com
Your Capacity Management Suite URL
Set Custom Level Security:
In the security settings, make sure that Access data sources across domains is set to Enable.
Following these steps should assist in resolving intermediate login problems and determining the root cause. If issues persist, collect the necessary information and reach out to TeleTracking for further support.
Logging into Single URL
1. Domain Selection
Identifying the Domain
When accessing the login page, the system first identifies the user's domain.
Domain selection ensures that the appropriate settings are applied to the login session.
Passing the Domain as an URL Parameter
The domain can be passed as a parameter in the URL. Refer to this guide for more details.
2. Credential Login
After the domain is identified, users input their credentials (username and password) to log in.
3. Tenant Selection
Identifying the Tenant
Once logged in, users may need to select the appropriate tenant for their session.
Passing the Tenant as an URL Parameter
The tenant can also be passed as a URL parameter to streamline the login process. See more about this in the Tenant Selection section.
Configure User Ability to Stay Signed-In Indefinitely
Navigate to Admin > Users.
Select the user account you want to edit.
Locate the Allow User to Stay Signed-In Indefinitely? toggle in the User Permissions section.
Click the toggle to Activate this feature.
A confirmation message will appear.
Active Directory the message, check the checkbox and click I Agree to confirm activation.
If you click Cancel, the feature will remain inactive.
The user’s account is now set to stay signed in until they manually log out.
Deactivate "Allow User to Stay Signed-In Indefinitely"
Navigate to Admin > Users.
Select the user account you want to edit.
Locate the Allow User to Stay Signed-In Indefinitely? toggle in the User Permissions section.
Click the toggle to Deactivate the feature.
Unable to log into Transfer IQ® - Issue
Clients are Receiving the error "Teletracking, oops something went wrong." in Transfer IQ®.
You may have pressed the back button, refreshed during login, opened too many login dialogs, or there is some issue with cookies, since we couldn't find your session. Try logging in again from the application and if the problem persists, please contact the administrator.
Solution
To resolve these errors the end user will need to clear their cache and cookies.
This can be done by clicking on the tools icon at the top-right corner in the Chrome browser (three dots) > More tools > Clear browsing data > Check cookies and other site data & Cached images and files (time range start at 24hrs and adjust as needed). > Clear data
If clearing the cache does not resolve the issue, then have the client recycle their workstation.
Platform Settings - Security Settings
Security settings in Referral IQ® are used to control the visibility of sensitive patient information, such as Social Security Numbers (SSNs) and Medical Record Numbers (MRNs). These settings help protect patient data on the Create Referrals, Edit Referrals, and View Referrals pages. Only users with administrator privileges can configure security settings.
How Security Settings Work
Functionality
Purpose: To safeguard patient information, specifically SSNs and MRNs, by controlling where these fields appear in the platform.
Scope: These settings affect patient referral pages and do not apply to jobs, behavioral health encounters, or on-call scheduling.
Who Can Configure Security Settings?
Administrator Role Required: Only users with administrator privileges can configure security settings.
If you do not have administrator access, follow the steps in this link: How to obtain administrator access.
How to Configure Security Settings
Access Settings:
Navigate to Admin > Settings > Platform Settings.
This will open the Manage Settings page.
Configure MRN Settings:
Locate the Security Settings section.
Under MRN, select one of the following options:
Include: The patient’s medical record number will appear in the Create, Edit, and View Referrals pages. Only the last four digits will be shown on the View Referrals page.
Don't Include: The medical record number field will not appear on the referral pages (this is the default setting).
Configure SSN Settings:
Next, configure the SSN field with the following options:
Include: The patient’s social security number will appear in the Create, Edit, and View Referrals pages. On the View Referrals page, only the last four digits are shown (this is the default setting).
Don't Include: The social security number field will not appear on the referral pages.
Save Changes:
After making your selections, click Change Settings to save the new security options.
Effect of Security Settings
Once changed, the settings are immediately applied to all referrals in the system.
If you select Don't Include for either MRN or SSN:
Existing data: MRN and SSN data already in the system will still be stored for reporting purposes but will not appear on the Create, Edit, or View Referrals pages.
Simultaneously Open Multiple Operations IQ® Platform Tabs
This workflow allows users to open multiple tabs within the Operations IQ® Platform, enhancing productivity by enabling access to different workflows at the same time. It is a useful feature for managing multiple tasks without interrupting ongoing workflows.
How Opening Multiple IQ® Platform Tabs Simultaneously Works
Functionality
Steps to Open Multiple Tabs
Sign In:
Begin by signing into the Operations IQ® Platform.
Access Your Initial Workflow:
Navigate to the tab related to your primary workflow. For example, go to Access > Referrals.
Open a New IQ Tab:
Click the Open New IQ Tab button located next to your name at the top of the screen.
A new tab labeled Home will appear next to your current workflow tab.
Navigate to the Secondary Workflow:
In the newly opened tab, switch to your desired workflow.
Switch Between Workflows:
You can now seamlessly switch between tabs to manage multiple workflows simultaneously.
Log Out Properly:
When finished, ensure you use the Sign Out button. Properly logging out will ensure all sessions are closed and prevent any performance issues or incomplete sign-outs.
Benefits of Opening Multiple Tabs
Previous Limitation: Opening a new tab while logged into the platform previously overwrote the active session.
New Feature: The Open New IQ Tab link allows you to open multiple areas of the Operations IQ® Platform without overwriting your current tab. This enhances accessibility and productivity, letting you manage different sections simultaneously.
General Settings - Time Format
The Time Format setting allows users to view and enter time in either 12-hour or 24-hour format. The system automatically converts any input into the configured time format. This ensures all times entered and displayed within transfer cases follow the same format, improving clarity and reducing errors.
How Time Format Works
Functionality
How to Configure Referrals Time Format
Navigate to Admin Settings:
Go to Admin > Settings > Platform Settings.
Select Referrals Time Format:
Under General Settings, locate Referrals Time Format.
Choose a Time Format:
Choose either 12 Hour Format or 24 Hour Format.
12 Hour Format: Displays time with AM/PM (e.g., 3:00 PM).
24 Hour Format: Displays time in 24-hour format (e.g., 15:00).
Save Settings:
Click Change Settings to save your selection.
The new time format will apply to all users who log in afterward.
How to Configure Transfers Time Format
Navigate to Admin Settings:
Go to Admin > Settings > Platform Settings.
Select Transfers Time Format:
Under General Settings, locate Transfers Time Format.
Choose a Time Format:
Select either 12 Hour Format or 24 Hour Format.
12 Hour Format: Displays time with AM/PM (e.g., 4:30 AM).
24 Hour Format: Displays time in 24-hour format (e.g., 04:30).
Save Settings:
Click Change Settings to save the changes.
The updated time format will be activated for users who log in from that point forward.
Default Settings:
The 24 Hour Format is the default time format for both Referrals and Transfers.
General Settings - Time Zone
The Time Zone setting ensures that times displayed in reports generated from the Operations IQ™ Platform database are accurate and consistent with the local time zone.
How Time Zone Works
Functionality
Access Admin Settings:
Go to Admin > Settings > Platform Settings.
Select Time Zone:
Under General Settings, locate the Time Zone field.
Choose a Time Zone:
Select the appropriate time zone from the drop-down list.
The default value is set to Eastern Standard Time (UTC-04:00).
Save Settings:
Click Change Settings to save the new time zone configuration.
Activation:
The updated time zone will apply to users who log in from that point forward, ensuring that the times displayed in reports align with the selected time zone.
Troubleshooting
Users experiencing issues with the Operations IQ® platform may attempt to troubleshoot. Troubleshooting involves taking actions such as generating a HAR file to diagnose errors, using various browsers, clearing cache, and testing on different computers to identify the source of a problem. Proper troubleshooting helps pinpoint issues, whether they stem from browser-specific problems, cache errors, or network connectivity, facilitating quicker resolutions and ensuring smooth application functionality.
Troubleshooting instructions are applicable across different browsers (Chrome, Firefox, Internet Explorer) and within the application’s user interface. Additionally, users are encouraged to check the status page for real-time updates on Operations IQ® Platform performance issues.
How Troubleshooting Works
Functionality
Basic actions to try when troubleshooting include:
Generating a HAR (HTTP Archive Format) File
Users should generate a HAR file when encountering persistent errors or oddities in the application and may need to troubleshoot network connectivity before reaching out for further support.
A HAR file is a browser setting and is not application-specific.
When generating a HAR file, make sure you follow the instructions for the browser that you are using.
Sometimes certain actions can break or have errors in one browser but be fine in another.
There can also be display differences between each one.
Web applications cache, or store information for later use, to make the application run faster.
Sometimes there can be issues related to the cache not updating properly or having it contain old information.
Clearing the cache will allow the application to pull all information again which may fix some issues.
Using Incognito/InPrivate Mode to test for issues without cached data.
Sometimes there are issues with the application that are related to the browser, (Chrome/Internet Explorer/Edge/Firefox), caching information.
Browsers have a window that requests everything fresh called Incognito/InPrivate browsing.
To see if your issue may be related to that try logging in using an Incognito window.
Switching to a Different Browser
When you run into an error that you can’t get around or is in the way of you completing an action, you can test if it is appearing in another approved browser.
Check with your Helpdesk for approved browsers.
The majority of our applications were designed to work in Internet Explorer or Google Chrome.
Support has been added for Firefox and Chromium Edge as well.
Sometimes it may be required to close all browser windows to fix issues. Often Clearing the cache or trying an Incognito/InPrivate window will fix the issue, but in some circumstances, it may not.
This is because the application remembers that you’ve logged in as long as your browser window is open, and it will try to keep you logged in while you’re interacting with the application.
Sometimes it may log out in the background without you noticing it, then when you go to interact with the application there is some oddity or error.
If you log back in and the issue is still happening, you may want to try closing all browser windows and logging in again.
Switch Computers
Sometimes there can be oddities/errors in the application.
Trying to repeat the same problem on another computer can be a way to narrow down the problem
Checking Network Connection
When performance issues or slowness, lagging, or freezing are experienced, refer to the status page for real-time updates of issues that we are aware of and investigating or working on a solution for.
If you are missing some functionality that you think you should have, verify that you have the correct roles assigned to your account.
Adjusting the zoom setting on the screen or browser can help when the font size appears too small or large.
If after logging in, a user is met with a blank screen, clearing the browser cache or confirming the assigned Active Directory roles could be possible solutions.
Clearing the browser cache can help to resolve various issues.
Web applications cache, or store information for later use, to make the application run faster.
Sometimes there can be issues related to the cache not updating properly or having it contain old information.
Clearing the cache will allow the application to pull all information again which may fix some issues.
Chrome
Navigate to the problematic page in Chrome
Press F12 on your keyboard or Option + ⌘ + I on Mac
Within the new window select the Network Tab
In the upper left corner of the tab, and make sure there is a red record button. If it is grey, click it to turn it red.
Check the box Preserve log.
Click the Clear button next to the Red Record button.
Reproduce the issue that you were experiencing before, while the network requests are being recorded.
Once you have reproduced the issue click Export HAR to download.
Save the file to your computer.
Upload your HAR file to your ticket or attach it to your email so that our Support team can analyze it.
Firefox
Navigate to the problematic page in Firefox
Press F12 on your keyboard. The Developer Tools will open as a docked panel.
Within the new window select the Network Tab.
The recording autostarts when you start performing actions in the browser.
Reproduce the issue that you were experiencing before, while the network requests are being recorded.
Right-click anywhere under the File column, and click on Save all as Har.
Save the file to your computer.
Upload your HAR file to your ticket or attach it to your email so that our Support team can analyze it.
Internet Explorer
Open Internet Explorer and go to the page where the issue is occurring.
Press F12 on your keyboard (or click the gear icon > F12 Developer Tools)
Click the Network tab.
Reproduce the issue that you were experiencing before, while the network requests are being recorded.
Once done click the Save button.
Give the trace a filename and click the Save button which will save it as a .har file or .xml file.
Upload your HAR file to your ticket or attach it to your email so that we may analyze it.
Clearing Cache
Open the browsing data settings by navigating using the Keyboard Shortcut - CTRL + SHIFT + DELETE.
This works for Chrome, Edge, Internet Explorer, and Firefox.
Once opened check the below if applicable and clear:
Cookies
Cached Files
Temporary Files
Incognito Mode
Open the Incognito Browser window using the shortcuts below:
In Chrome / Edge, use the Keyboard shortcut - CTRL+SHIFT+N t
In Internet Explorer / Firefox, use the Keyboard shortcut - CTRL+SHIFT+P
Enter your hospital TeleTracking® web address.
Unstable Network Connection
If you are experiencing an issue with your internal network, contact your internal network administrator and inform them of the problem you're facing.
They can help you determine if there are any network-related issues that may be causing the problem.
If they advise that everything is fine on their end, then you can reach out to Teletracking® support for further troubleshooting assistance.
When speaking with Teletracking support you will need to have the following questions answered:
Is the issue just with my workstation?
Is the issue with more than one user?
Can you provide the most recent date and time you experienced this issue?
Confirm Active Directory Roles
Check the user’s account to confirm user roles are assigned.
If Roles are missing, reach out to an internal resource.
Roles are controlled by Active Directory groups.
The user’s Active Directory profile will need to be verified.
Adjust Font Size
Zoom in to make the font appear larger.
Zoom out to make the font appear smaller.
Confirm your Facility isn’t having issues.
Consult with your IT department to ensure that there are no network issues or that work is being completed.
Confirm Status.
Look at https://us.status.teletracking.com/ for real-time status updates.
Run a Speedtest.
While experiencing slowness, run a speed test at http://speedtest.net
Click Go.
Save your results.
Contact TeleTracking support for more help.
Send us:
The Scope/Description of the Slowness
Who is experiencing slowness?
Are other users experiencing slowness or this problem?
Is it slow opening a new case, saving a case, and case notes appearing?
Slow for case grid updates, switching between active/upcoming/completed tabs?
Provide timestamp of slowness
Are there any examples or errors?
The Results of your speed test
Check the Status Page
Go to https://status.teletracking.com/ for status updates.
Click Details for the Operations IQ® Platform or a Managed Service Environment.
Find the specific product or date range.
Subscribe for Updates if desired.
Select US or EU platform and choose a method of communication.
Users
In order for a staff member to use the Operations IQ® Platform, a user account must be set up for them by an administrator. Users have roles that determine what pages can be accessed and what capabilities can be performed on the Operations IQ® Platform. Some settings can be applied on a per-user basis. User accounts can be created, viewed, edited, activated, or deactivated. User passwords can be reset. New accounts are provisioned as needed, typically when users require access; users should contact their helpdesk for role assignments or if they encounter access issues after account creation. Managing users is essential for ensuring security, access control, compliance, resource optimization, operational efficiency, and effective monitoring of user activity.
Users can be managed from the Admin > Users page on the platform.
How User Accounts Work
Functionality
User Roles define what you have access to in the application.
User Roles are integrated into your organization's Active Directory.
TeleTracking® does not have the ability to access your company's Active Directory.
Your IT Helpdesk will be able to assist in reviewing your account to ensure that you have the proper roles defined for your access.
Although there are different ways you can provision accounts, it’s important to remember that the Active Directory and the Active Directory Groups drive the account.
They solely determine what the user is able to see in the application.
New accounts are provisioned by your local helpdesk or application administrators within your hospital's Active Directory system.
TeleTracking Client Support can assist with any questions regarding account creation but is not able to create user accounts on the behalf of hospitals.
If you need an account:
Find a colleague that has the access that you’d need in your account or has the same role as you.
Reach out to your local helpdesk to ask how you can put in a request for access.
When creating an account, the email address field is used as the main identifying field within the Operations IQ® Platform.
The email address field is integrated to your Active Directory and controlled by your Identity Provider.
Adjustments will be overwritten by Active Directory Sync, or every time a login happens, by the Operations IQ® Platform.
When provisioning/adjusting user accounts that are integrated with Capacity IQ®, you may have a need to adjust the associated UserID/IVRID within Capacity IQ®.
Due to how information was created/uploaded into the applications, there may be duplicate values that are meant to be unique.
This will generally need to be corrected by a TeleTracking® Tech Support Representative.
New Accounts are created with default permissions if additional configuration is required, contact your IT Helpdesk to have them review your account for the proper roles.
If you are not able to see a tab or menu within the Operations IQ® Platform or you see the "not authorized to view this page" error when accessing the Operations IQ® Platform, you may be missing a role that is needed.
Your system administrator will need to add a user role to your account.
Provide your Helpdesk with the information about which applications you need access to.
It may be helpful to reference a colleague who has the access you need.
Roles can be added by going to Admin > Users and searching for a user.
Once the user is found, user roles can be added to the account.
Generating a New Account
Refer to your internal instructions for account creation if available as your health system may have adjustments to the provisioning process.
Create the user in Active Directory.
Create a new record within your Active Directory or use an existing Active Directory account.
Key fields that integrate into the Operations IQ® Platform are FirstName, LastName, and Email.
Within the Operations IQ® Platform, the roles/permissions for your account are assigned by a related Active Directory group within your system.
Refer to your hospital's list of Active Directory Groups to determine what permissions the user would need.
If there isn’t a comparable list, compare to an existing user with proper access to see what Active Directory groups are needed.
Once you’ve determined the proper permissions, associate them with the account.
Create the account within the Operations IQ® Platform.
You can choose to fill out the account manually before the active directory sync, or after the sync.
Manually
Go to Admin > Users.
Click on Create Account.
Flush out additional fields that are not controlled by the Active Directory.
LastName, FirstName, Email, and UserRoles will be overwritten by the sync once the account is authenticated into the Operations IQ® Platform.
If you receive the following error: There are one or more items below that need your attention.
Remove all characters exceeding two in the middle initial field until only two remain.
Operations IQ® Platform user accounts should be created through your company's Active Directory.
When creating accounts through the Active Directory, this is the only area to add the user's roles.
TeleTracking® does not have the ability to access your company's Active Directory.
Reach out to your internal help desk for further assistance.
Automatic
Have the user log in to test their Active Directory account within the system, or log in with the account once yourself to generate a default account.
Once the account has logged in once, you’re able to confirm what information is synchronized from the Active Directory account.
Go to Admin > Users.
Search for the account using the filters.
Opening the account, you should see all of the fields are not aligned with those from the Active Directory object.
Depending on what roles have been assigned, you may need to:
Add facilities to the Associated Facilities Field
Add/Adjust settings within the Capacity Management Suite® User Management Integration.
Once you have configured all of the appropriate settings, the account is properly provisioned.
Problems Changing User Fields
Search the user within Admin > Users and confirm if there are duplicate Platform Accounts.
If there are duplicate accounts, deactivate the unnecessary account.
Under the correct account open the user profile and select Access Permissions to open the associated Capacity IQ® account.
Select Users to search within Capacity IQ®.
Perform a search using the UserLoginID or the IVRID and review for duplicates.
If a duplicate account is found attempt to adjust the duplicate field.
If you run into an error or unable to do so, provide the following information to TeleTracking® Tech Support
Correct Account
FirstName
LastName
Email
Incorrect Account - If you have found one
Email
The Field you are trying to change but cannot, generally:
UserLoginID
IVRID
Signing Out
When your shift ends, you must sign out of the Operations IQ® Platform. Signing out is crucial for security, session management, data integrity, performance, and user and patient privacy. By signing out properly, you can ensure efficient and accurate management of patient cases, enhancing both workflow and patient care.
How Signing Out Works
Functionality
Do not close out of the application using the X located in the browser window, this will not sign you out.
Upon opening a browser tab and navigating to the Operations IQ® Platform again, you will still be signed in on your account.
This could result in unauthorized users accessing your account and confidential patient information.
The Sign Out button is located at the top-right of the page.
After signing out a confirmation page appears with a button that allows you to quickly return to the login screen if needed.
The Inactivity Timer will ensure that if no activity is detected for the configured amount of time, you will be signed out automatically.
Sign Out
Click the SignOut link at the top right of the page.
This redirects you to a sign-out page that confirms you have been signed out.