Franklin implements a comprehensive access control and authentication framework to protect sensitive genomic and clinical data. This article provides guidance on account creation, login procedures, authentication mechanisms, password management, role-based access, and best practices for maintaining secure access to the platform.
Sign Up
To create a new account on the Franklin platform, follow these steps:
Click the Sign Up button at the top right corner of the Franklin main window.
Enter your company email address and create a password.
Read and agree to the Terms of Use and Privacy Policy by selecting the corresponding checkbox.
Click the Continue button to complete the registration process.
Upon completing registration, you will receive a series of instructional emails from Franklin containing helpful information, tips, and guidance to maximize your efficiency on the platform.
Note: Users can only register using an authorized institutional email domain such as a laboratory, hospital, university, or organization. Public email domains (e.g., Gmail, Hotmail) will not be accepted.
Upon completion of the initial training, users are encouraged to continue their learning through a live demonstration of the system with a clinical expert from QIAGEN.
Logging In via the Web Interface
To log in to Franklin via the web interface:
Open the Franklin platform in your web browser.
Enter your username and password in the designated fields.
Click the Login button to initiate the authentication process.
Upon successful login, you will gain access to the features and tools provided by Franklin that are available to your account, including your organization’s specific data and analysis capabilities. The range of access may vary depending on the type of workflows, assays, QC metrics, and other configurations discussed with Franklin’s FAS team during onboarding.
Note: For users working on temporary or shared desktops, it is recommended to use Incognito Mode before logging in and to close the browser tab once finished.
API Authentication
To access Franklin via API, follow these steps:
Send a request to Franklin’s API endpoint with your credentials (username and password) in the request body.
Receive authentication tokens from the server.
Use the tokens to integrate Franklin into your workflows and access the platform’s services.
Important: API access is available as part of Franklin’s Premium plan.
Single Sign-On (SSO) and Active Directory
For an enhanced experience, Franklin supports Single Sign-On (SSO) and Active Directory integration:
Single Sign-On (SSO): SSO allows users to sign in to Franklin using their organization’s authentication process. After logging into your organization’s applications, you will automatically be signed in to Franklin without re-entering your credentials.
Active Directory Integration: Organizations using an Active Directory can enable users to log in with their existing credentials, ensuring consistency across internal applications and Franklin.
Two-Factor Authentication (2FA)
Two-factor authentication adds an additional layer of security to user accounts. After entering a valid username and password, users must provide a second verification factor to complete the login process. This provides protection even if credentials are compromised.
Franklin supports multi-factor authentication (MFA) as a configurable security feature. MFA can be customized according to organizational requirements, ensuring compliance with advanced security protocols.
Session Management
Caution: After successfully logging into Franklin, there is no default system timeout. To prevent unauthorized access or data exposure, users should manually log out after completing their work or when stepping away from their desktop for an extended period.
Organizations that require automatic session timeout can request this feature to be configured according to their security policies. When enabled, the system will terminate the session or initiate a session lock upon detection of inactivity, which remains in effect until the user re-authenticates.
Password Policy and Best Practices
Franklin enforces password requirements to protect user accounts. The platform’s password policy supports the following complexity standards:
Requirement | Details |
Minimum Length | Minimum 8 characters (organizational policies may enforce a higher minimum, such as 15 characters) |
Uppercase Letters | At least one uppercase letter (A–Z) |
Lowercase Letters | At least one lowercase letter (a–z) |
Numeric Characters | At least one number (0–9) |
Special Characters | At least one special character (e.g., !, @, #, $, %, &) |
Password Changes | Periodic password changes may be enforced in accordance with organizational security policy |
Best Practices for Strong Passwords
To maximize account security, users should follow these best practices:
Use unique passwords: Do not reuse passwords from other accounts or services. Each Franklin account should have a password that is unique to the platform.
Avoid predictable patterns: Do not use easily guessable information such as names, dates of birth, common words, or sequential characters (e.g., “123456” or “password”).
Use a password manager: Consider using a reputable password manager to generate and securely store complex passwords.
Never share credentials: Passwords must not be shared with colleagues, IT support, or any third party. Franklin support will never ask for your password.
Avoid default credentials: Never use default, generic, or temporary credentials. Always set a strong, unique password during account setup.
Change passwords promptly: If you suspect your password may have been compromised, change it immediately and notify your organization’s administrator.
Role-Based Access Control
Franklin implements Role-Based Access Control (RBAC) to ensure that users only have access to the features and data necessary for their responsibilities. Access is governed by two independent permission layers: User Roles and Organizational Roles.
User Roles
User roles define what actions a user can perform within the clinical workflow. Franklin provides the following predefined user roles:
Role | Permissions |
Director | Full user privileges: case management, variant classification, report generation, and authorization to sign and finalize reports |
Analyst | Full classification and case management privileges, including report generation, but cannot sign or authorize final reports |
Accessioner | Limited privileges focused on case creation and editing of case details |
Organizational Roles
Organizational roles define administrative capabilities within the organization’s Franklin account:
Role | Capabilities |
Admin | Full organizational privileges: user management (invite/remove users, set roles), asset management (panels, filters), case management, and knowledge base administration |
Member | Standard organizational access with no administrative capabilities |
Custom Roles
In addition to the predefined roles, organizational administrators can define custom roles using any label (e.g., “Bioinformatics”) and assign a specific set of permissions to that role. This allows organizations to tailor access controls to their specific workflows and operational requirements.
Case-Level Access Control
Franklin supports granular, case-level access control. Administrators can assign access to specific cases on a per-user basis, ensuring that sensitive clinical data is only accessible to authorized personnel. Case assignments can be managed through the user interface, via API, or through sample sheet configuration.
Data Access Permissions
Access to data within Franklin is controlled at a granular level to protect the confidentiality and integrity of patient and genomic information:
Per-user-per-sample permissions: A user’s access to a given file can depend on the context (analysis) in which the file is being used.
Data sharing restrictions: Sharing of data can only be performed via the platform itself, governed by administrator-defined permissions.
Administrator controls: Administrators can prevent non-administrators from viewing, accessing, or deleting data. Administrators may also prevent deletion of files for all users.
Segregation of duties: System administrators and database administrators do not have access to user data, maintaining separation between administrative functions and clinical data access.
Audit Trail and Activity Logging
All user access and actions on the Franklin platform are comprehensively logged to support regulatory compliance, security monitoring, and organizational auditing:
Log Category | Details |
User Sessions | Login, logout, session durations, and user agent information |
Account Administration | User invitations, removals, permission changes, and profile modifications |
API Operations | All API operations are logged with user identity, timestamp, and action details |
Case-Level History | Every action performed within a case is logged with user identity, timestamp, action type, and detailed payload |
Assets Management | Deletion or modification of samples, assays, panels, and filters |
Knowledge Base | Additions and modifications to the organizational variant knowledge base |
Retention Period | Informational audit logs are retained for 48 months; secure data access logs are retained for six years |
Audit logs can be viewed in the platform’s user interface and can be exported in Excel or JSON format upon request.
Administrator Guidance
Organizational administrators are responsible for managing user access and maintaining the security posture of their Franklin account. The following practices are recommended:
Review access regularly: Conduct quarterly reviews of user accounts and permissions to ensure that access levels remain appropriate and that inactive or terminated user accounts are promptly removed.
Apply least privilege: Assign the minimum permissions necessary for each user to perform their role. Avoid granting administrative privileges unless required.
Promptly revoke access: When a team member leaves the organization or changes roles, immediately update or revoke their access permissions.
Monitor audit logs: Regularly review audit logs for unusual activity, failed login attempts, or unauthorized access patterns.
Enforce MFA compliance: Where required by organizational policy, ensure that all users have enrolled in multi-factor authentication and that no exceptions are granted.
Document role assignments: Maintain internal records of role assignments and any custom role configurations for compliance and auditing purposes.
Login Troubleshooting and Support
If you encounter login issues, please refer to the Troubleshooting article in the Franklin Help Center for guidance on resolving common authentication problems.