Once you have built and designed your study, you can share it with users. You can assign different User Types and User Roles to users to specify their access level within the Study Build System and each study environment.
Share Screen
The Share features allow you to add sites and invite users to access your study. In the Share interface, you can also access study settings, Participant ID settings, and User Roles.
You can access the Share screen from either the My Studies screen or Study Designer.
The Share button is on the bottom of the Study card in the My Studies screen. Select Test or Production to share your study.
The Share button is in the header bar in Study Designer. Select Test or Production to share your study.
Add Sites
Before you invite users to your study, add at least one site. This applies even if your study is only collecting data from a single site.
To add a site:
1. On the Share screen, scroll down to Sites, and click the Add button.
2. On the Add Site screen, begin to type the site name. If it already exists in that environment, select that site from the list. Fields are prefilled with site information. If you need to make a new site, type the name of the site, and enter information in the appropriate fields.
Note: sites are global, meaning if you use a site in Study A you dont need to recreate that site for Study B. When adding an existing site to a study, values appear in the Site Name, City, State/Province, Zip, and Country fields automatically.
3. Click the Save button.
Otherwise, complete the site form and click Save.
Invite Users
To invite a user:
1. Click the Share button under the Form Card of your study on the My Studies screen or in Study Designer, and select your study environment.
2. Under the People header, on the right, click the Invite button.
3. Begin typing, and click Invite a new user, or select an existing user from the drop-down list.
a. If you select Invite a new user, the Add User screen appears, and you can enter values for each field. Then click the Create User button.
b. If you select a user from the drop-down list, the system sends an invitation to an existing user via email.
Before a user can access a study, they must create a password that meets the following criteria:
- Must be at least 8 characters in length
- Must contain at least one of each of the following types of characters:
- Lower case letters (a-z)
- Upper case letters (A-Z)
- Numbers (0-9)
- Special characters (!@#$%^&*)
In addition:
- Passwords expire every 180 days, and users are automatically prompted to create a new password.
- User accounts are locked after ten failed login attempts from the same IP address.
- The lockout resets after 15 minutes. The login failure count resets every 24 hours.
- When a user tries to login after their account has been locked, it is included in the User Audit Log as a failed login attempt.
- If a user resets a password, it cannot be the same as the previous password.
- The password reset link is available for 24 hours, after which if a user has not reset the password, they must request a password reset again.
- All reset requests are logged in the User Audit Log.
- Users are automatically logged out of OpenClinica after one hour of inactivity.
- Invitations to studies expire in 14 days if they have not been accessed.
Once the password has been defined, the user is prompted to log into OpenClinica. The username or email address is not case-sensitive, but the password is case-sensitive.
Multi-Factor Authentication
You can enable multi-factor authentication for your site with an API or contact the OpenClinica Customer Service team.
When you enable multi-factor authentication, users are prompted to:
1. Download either the FreeOTP app or the Google Authenticator app to your smartphone.
2. Scan a barcode.
3. Enter an access code.
Note: Once you have enabled multi-factor authentication, you no longer need to scan a barcode. Only username, password, and an access code are required to sign in.
Users with a User Type of Administrator can reset multi-factor authentication for a user from the Reset Multi-Factor Access button on the People table on the Administration screen.
If this feature is enabled:
- Users are required to login with two methods:
1. Enter your username and password.
2. Enter the access code generated by the FreeOTP or Google Authenticator app on your smartphone.
- All non-Participant users are required to use this feature.
- Data Specialists and Investigators can still sign Participant records with only their username and password.
- Participant users logging into Participate are still only required to enter access codes.
- You cannot enable multi-factor authentication for a specific study, site, or user. It must be enabled per environment.
User Type
Overview:
When a user is created, that user is assigned a User Type and User Role. There are two User Types: Admin and User. Only Admins have access to Central User Administration.
Definitions:
User Type determines the tasks that the user has permission to perform globally throughout the system. For example, only Admins can create studies or view the Administration screen.
User Role determines study-level access and specific tasks the user can perform based on the assigned User Type in the Test or Production environments.
Example:
For example, A user might have a User Type of Admin and a User Role of Data Manager or a User Type of User and a User Role of Investigator.
Available User Types are:
- Admin:
- Can create studies.
- Can see all studies that exist in your test and production environments.
- Can assign their own access to any study in your Test and Production environments.
- User:
- Can only view and access assigned studies or sites.
When assigning a User Type, keep the following in mind:
Best Practice:
- The Admin User Type should be assigned sparingly because administrators have access to all studies. Most users should be assigned the User Type of User. Site users should never be assigned a User Type of Admin, as this would give them potential access to all data across all studies and sites in your Test and Production environments.
- Each user only has one User Type but can have different User Roles in different studies or sites. For example, one can have a User Type of User, with a User Role of Data Manager on one study and a User Role of Study Monitor on another study.
Refer to the User Matrix for a table of permissions available to each of the OC4 User Roles.
User Roles
User Roles include:
User Roles include:
Study-level roles:
Data Entry Person: Study-level role with permission to create, view, edit, and remove records; add and update queries; import data.
Data Manager: Study-level role with permission to configure the study, add sites, and invite users; create, view, edit, remove, and SDV records; add, update, and close queries; import and extract data.
Data Specialist: Study-level role with permission to create, view, edit, remove, and sign records; add and update queries; import and extract data.
Study Monitor: Study-level role with permission to view and SDV records; add, update, and close queries; extract data.
Site-level roles:
Clinical Research Coordinator: Site-level role with permission to create, view, edit, and remove records; add and update queries; import data.
Investigator: Site-level role with permission to create, view, edit, remove, and sign records; add and update queries; import and extract data.
Site Monitor: Site-level role with permission to view and SDV records; add, update, and close queries; extract data.
Note: Site-level users can only see Participants at the sites they have been assigned to and cannot see study-level Participants.
To access the User Roles screen, click the Settings icon on the Form Card for your study on the My Studies screen and select User Roles.
To edit a User Role:
1. On the User Roles screen, click the Edit button to the right of the role you want to edit. The Edit Role screen appears.
2. Enter information in each field (optional):
a. Rename the User Role.
b. Edit the description of the User Role. (The default role description appears to the right of the User Role in the Based On field.)
c. Assign Permission Tags. (See Design a Study: Study Designer Features for more information on Permission Tags.)
3. Click the Save button.
To create a new User Role:
1. On the User Roles screen, click the Create button. The Create New Role window appears.
2. Enter information in each field:
a. Name the User Role.
b. Select a standard User Role on which to base the new User Role.
c. Enter a description for the User Role. (The default User Role description appears to the right of the User Role in the Based On field.)
d. Assign Permission Tags. Assign Permission Tags. (See Design a Study: Study Designer Features for more information on Permission Tags.)
Click the Save button.
Note: When a User Role is saved, it becomes available to users in both Test and Production environments for the study.
Keep the following in mind:
- User Roles are defined per study.
- Custom User Roles have the same access as the User Roles they were based on.
- Changes to User Roles take effect immediately in both the Test and Production environments. You do not need to re-publish the study.
- If you want a user to have access in one environment but not another, you must use a different User Role in each environment. For example, the User Roles might be Clinical Research Coordinator 1 in Test and Clinical Research Coordinator 2 in Production. In this case, Clinical Research Coordinator 1 in Test might have access to a Form, but Clinical Research Coordinator 2 in Production might not have access to that Form.
User Profile
All users can update their user profile and password at any time.
To edit profile information:
1. From the User Menu, select My Profile.
2. Click the Edit link, and update your information as needed:
a. You cannot change the email address associated with your account. Please contact your administrator if you need to change your email address.
b. To change your password, click the Change Password link, and update your password.
Users also have access to OpenClinica Support and to the OpenClinica Privacy Policy from the User menu:
To access the OpenClinica Support Team (contract-based, named users, only):
1. From the User menu, select Support. The Support Portal appears. You must log into the Support Portal separately from OpenClinica.
2. Click the Create Request, View Request, or Email Support buttons, or click the Regulatory Resources button to go to OpenClinicas documentation site and view information on Regulatory Resources.
To access OpenClinica’s Privacy Policy:
From the User menu, select Privacy Policy. You are then redirected to the Privacy Policy page of the OpenClinica website.
Study-Specific User Administration
Data Managers can manage user accounts for studies they have access to.
To manage users for a study:
1. Go to the My Studies screen.
2. Click the Share button below the study you want to manage users in.
3. On the study-specific User Administration/Share screen, click the Invite, Edit, or Remove buttons to perform those actions as needed. Click the Resend Invitation button to resend an invitation if the user accidentally deleted the original invitation, or it expired.
Note: The Go button appears on the Share screen and the Settings screen only if the study is available in Test or Production and if you have a User Role with access to the study in the environments it is published in. When you click the Go button, if the study is only available in one environment to which you have access, that environment appears by itself (i.e. If the study is only published in Test, and you have a role in that environment, the only option is Test.) The Design button appears only for Data Managers in the study.
Central User Administration
Only Administrators have access to Central User Administration, where user accounts can be edited, deactivated, or re-activated across all environments.
Administrators can also click the Download the User and Role Audit Logs button to download an audit log that includes:
- Login attempts
- Role changes
- Profile changes
- Password reset requests
To edit user accounts:
1. From the User menu, select Administration. (This option is only available to Administrators.)
2. On the Administration screen, click the Edit button to edit the user account. You can edit everything except for the username.
3. Click the Save button.
To deactivate/activate user accounts:
1. From the User menu, select Administration. (This option is only available to Administrators.)
a. On the Administration screen, click the deactivate button to deactivate the user account. The user can no longer log into OpenClinica.
b. To reactivate a deactivated account (across all studies/environments), click the Activate button.
You can sort columns on the Administration screen by clicking the sort toggle next to a column header.
The possible statuses for a user are as follows:
Status | Description |
Created | The user account has been created, but no User Roles have been assigned. |
Invited | The user account has been created, and at least one User Role has been assigned, but the user has never accessed/activated the account. |
Available | The user account is active and available for use. |
Deactivated | The user account has been removed. The user can no longer log into OpenClinica. |
Note: User accounts cannot be deleted.
Central User Administration applies across all studies and environments.
Once a study has been created, Data Managers can:
- Design the study
- Share the study with sites and users
- Edit the study settings
- Define Participant ID settings
- Publish the study to the Test and/or Production environment
- Activate/deactivate study modules, such as Insight, Participate, or Randomize
View Earlier Designs
The Share screen tracks the publication history for each environment. Scroll to the bottom of the Share screen to see the publication history. To view a previously published version of the study, click the View Study Design link to the right of the version you want to view.
A read-only version of the previously published study design appears:
Though no changes can be made to this version of the study, you can view Form and Event settings, download Form versions, preview Forms, etc.
The header clearly indicates this is a read-only version, and includes a link to quickly access the current version of the study, which is fully editable.
Note: Some Form attributes (checklists, tags, and labels) show the values that they have in the current design, regardless of their state in the previously published version.
In the Test environment, if a Form version was overwritten after a previous publication, only the newest version of that Form version is available for preview and download. This is not a concern in the Production environment since Form versions cannot be overwritten.
5.2.1 Using the Share Screen
Share screen features allow you to add sites and invite users to access your study.
You can access the Share screen from either the My Studies screen, Study Designer, or the Settings screen.
The Share button is on the bottom of the study card on the My Studies screen. Select Test or Production to share your study.
The Share button is also in the header bar in Study Designer. Select Test or Production to share your study.
5.2.2 Adding Sites
Before you invite users to your study, add at least one site. This applies even if your study is only collecting data from a single site.
To Add a Site:
- On the Share screen, scroll down to Sites, and click the Add button.
- On the Add Site screen, begin to type the site name.
- If the site already exists in another environment, select that site from the list. Fields are prefilled with site information.
- If you need to make a new site, type the name of the site, and enter information in the appropriate fields.
- Although the Expected Number of Participants field is required, this will not limit the number of participants at the site. Limiting the number of participants can only be done at the Study level. View the Create a Study page for detail on limiting participants in a study.
Note: Sites are global, meaning if you use a site in Study A you don’t need to recreate that site for Study B. When adding an existing site to a study, values appear in the Site Name, Time Zone, City, State/Province, Zip, and Country fields automatically.
- Click the Save button.
Within Study Runner, additional site specific CRF settings can be configured on the Site Details page after publishing.
- Select Sites within the Tasks menu.
- Click the Edit pencil icon within the Actions column for the Site.
- Select the Event to edit. From here, you can edit the the CRF settings for the site including the SDV requirement, Default Version, and Form Submission URL (if using Participate Public URL).
5.2.3 Inviting Users
To Invite a User:
- Click the Share button under the Study Card of your study on the My Studies screen or in the header of the Settings screen or Study Designer.
- Select your study environment (Test or Production).
- Under the People header, on the right, click the Invite button.
- Begin typing, and click Invite a new user, or select an existing user from the drop-down list.
- If you select Invite a new user, the Add User screen appears, and you can enter values for each field. Then click the Create User button.
- If you select an existing user from the drop-down list, the system sends a new email invitation.
Note: The username and email of each user in the system must be unique.
- When prompted, select a role for the user from the list of available roles:
Note: To provide access to another site, for example for a Monitor who is responsible for montoring two sites, click in the Site box again and select additional site(s) as needed.
- When finished granting the appropriate access, click Invite. An email is sent to the user, and they are listed in the People table on the Share screen.
Before a User can Access a Study, They Must Create a Password that Meets the Following Criteria:
- Must be at least 8 characters in length
- Must contain at least one of each of the following types of characters:
- Lower case letters (a-z)
- Upper case letters (A-Z)
- Numbers (0-9)
- Special characters (!@#$%^&*)
5.2.4 Publish History
The Share screen tracks the publication history for each environment (Test and Production). Scroll to the bottom of the Share screen to see the publication history.
To View a Previously Published Version of the Study:
Click the View Study Design link to the right of the version you’d like to view.
A read-only version of the previously published study design displays:
Though no changes can be made to this version of the study, you can:
- View form and event settings
- Download form versions,
- Preview forms
etc.
The header clearly indicates this is a read-only version, and includes a link to quickly access the current version of the study, which is fully editable.
Note: Some Form attributes (checklists, tags, and labels) show the values that they have in the current design, regardless of their state in the previously published version. In the Test environment, if a Form version was overwritten after a previous publication, only the newest version of that Form is available for preview and download. This is not a concern in the Production environment, since Form versions cannot be overwritten.
5.2.5 Editing Study Settings
To Edit Study Settings:
- To the right of Study Settings, click Edit.
- The Study ID field has a limit of 30 characters.
- Edit the study settings as needed, and click Save.
Note: The changes take effect immediately in both the Test and Production environments for that study.
Adding and Editing Participant IDs
Participant IDs can be created with:
- Manual Entry: The user must enter the ID for each Participant.
- System-generated: The system will auto-generate the ID based on an ID Template that you specify.
To Change the Method of Creation to Allow Automatic Entry:
- From the My Studies screen, click the Settings (gear) icon under the study name, and select Settings.
- Click the Edit link next to the Participant ID Settings header.
- Click the radio button next to System-generated.
Note: If Method of Creation is set to System-generated, only Data Managers can edit the Participant ID. Data Managers can always edit IDs, even ones that are system-generated.
System Generated IDs
If you choose System-generated, you must specify the template for the system-generated ID.
You Can Generate Participant IDs by the Following Methods:
- The Participant Count Method: Generate Participant IDs sequentially.
- The Random Number Method: Generate Participant IDs using random numbers.
You Can Build Your ID Template Using One or More of the Following Components:
- ${siteId}: The unique identifier for the site the Participant is being added to.
- ${siteParticipantCount}: The current number of Participants at the site. This is generally used like ${(siteParticipantCount+1)} to have the ID increment the Participant count for each new Participant added.
- ${helper.random(n)}: Generates a random number with up to n digits each time a Participant ID is generated.
- ?string[000]: Added to the resulting values to pad them with leading zeros to equal the number of digits specified, for example, ${(siteParticipantCount+1)?string[000]} or ${(helper.random(5))?string[00000]}.
- Prefixes, suffixes, separators – Include other text (such as – or a Study-specific prefix) to include standard content in each ID.
Note: Each ID Template must include #2 or #3.
Examples: The Participant Count Method template, ${siteId}-${(siteParticipantCount+1)?string[000]}, for site University Hospital (Site ID = UH) would produce the IDs, UH-001, UH-002, UH-003, etc. For site Central Hospital (Site ID = CH) would produce CH-001, CH-002, CH-003, etc.
The Random Number Method template, P-${(helper.random(5))?string[00000]}, would produce IDs with a fixed prefix of P- followed by a 5-digit random number (including leading zeros), for example P-00362, P-82394, P-35070.
Notes About the Template:
- The template cannot exceed 255 characters, and the resulting Participant ID cannot exceed 30 characters.
- ${siteId} and ${siteParticipantCount} are both required but can be in any order.
- Static text can be added to any portion of the template, but cannot include the following characters:
- Slash (/)
- Backslash (\)
- Less Than (<)
- Greater Than (>)
- Ampersand (&)
- Quotation Marks {“)
- Apostrophe (‘)
Best Practice: There is no restriction for going beyond the minimum, but it is best practice to set up the minimum length to match the length of the maximum number of expected Participants.
If the template is invalid for any reason, the system uses a default template of ${siteOID} followed by a dash and a six-digit random number.
5.2.6 Using Multifactor Authentication
You can enable multi-factor authentication (MFA) for your OpenClinica domain with an API or contact the OpenClinica Customer Service team.
When you enable multi-factor authentication, users are prompted to:
- Download either the FreeOTP app or the Google Authenticator app to your smartphone.
- Scan a barcode.
- Enter the access code from their device.
Initial User Sign-up:
Subsequent Logins:
Note: Once you have enabled multi-factor authentication, you no longer need to scan a barcode. Only username, password, and an access code are required to sign in. The barcode should be treated as your password and should not be shared with anyone (including via screenshare).
If This Feature is Enabled:
- All Study and Site Users are required to login with username, password, and an additional code.
- Data Specialists and Investigators will still sign participant records with only their username and password.
- Participant users logging into Participate are still only required to enter access codes.
- You cannot enable multi-factor authentication for a specific study, site, or user. It must be enabled per OpenClinica domain.
Additional Information:
There is no link between a user’s authenticator app/device and the authentication server: Authenticator apps do not communicate with a server in any capacity. If a user deletes an MFA entry in their app, the server is not informed in any way and the user will still be expected to enter their One Time Password (OTP) upon login.
Troubleshoot syncing the device clock to the server time: We suggest the user compare their MFA device time to something official (e.g. https://www.time.gov/) – ensure that the users understand that MFA is sensitive down to the second. Some mobile devices fetch the time from their local Wi-Fi device and may be inaccurate.
If a user loses their MFA device or authenticator entries: they will have to make a request to the support team to reset their MFA credentials, which will prompt them to re-configure MFA and give them a new QR code to scan.
Note: Our current implementation of MFA/OTP requires a second device such as a phone or tablet running iOS or Android and using one of the apps listed above.