Fear of Phishing

Some of our users were reluctant to login to MTools initially because they were afraid it might be a "phishing" scheme.  Wikipedia defines phishing as "...the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication."  Most people experience multiple phishing attacks every week, so those users were concerned this might be an effort to get their MedDRA Id and password and exploit them in some way.  That is not the case!

meddra login with proof of MSSO

When you go to https://mtools.terminologix.com you are redirected to a site that asks for your MedDRA Id and password.  Look closely, and you will see that the login site is https://mid.meddra.org.  That is the location on the web of the MSSO identity server.  The MSSO uses that site to validate users of its mobile browser.  We are doing the same.  You are giving your MedDRA Id and password to the MSSO not to Terminologix.  The MSSO determines if you are a valid MedDRA subscriber and tell us if it is OK for you to use MTools.  We never see your MedDRA password.  If you are authorized, we will receive your MedDRA Id from the MSSO so we can keep track of usage by subscriber.  We receive no other information about you or your company unless you send us a communication.

Geekspeak Warning!  The MSSO uses the oAuth2 protocol on IdentityServer4 for user authentication.  Your MedDRA Id and password are submitted to the indentity server.  If you are a valid MedDRA subscriber, you receive an authorization token, which you pass to MTools.  MTools, in turn, submits the authorization token along with our identity server client id and secret password to validate your token.  If all is well, you are given access to MTools.  Terminologix is known to the MSSO and has its own server credentials that the MSSO gave us to ensure that you can safely use MTools within the limitations of your MedDRA subscription.

Categories: General