We are currently using Ntlm type of authentication with default login page (browser authentication). Wwe would like to customize our login process and use either the alternate login page (web form) or a custom login page but are unsure as to whether these methods would ensure secure connection for HIPAA. Our clients use the reports from a public website so this is not an internal implementation. I've looked through documentation for authentication but all they show is how to do various forms of logging in to Access Point and the portal. Has anyone had to set up Accesspoint and Qlikview for external customers on a public site but needed to maintain a high degree of secure authentication? And how have you done it?