Configure Custom AS2 Gateways

Vault Safety supports AS2 (system-to-system) communication to exchange ICSRs with other organizations.

Last Updated Dec 6, 2023

Note Beginning with 24R1 in April 2024 and for all subsequent releases, Vault Safety General Release Help content is moving to a new site. Test the new site using Limited Release content.

Sections in This Article

• About Custom AS2 Gateways
• Prerequisites
• Create an AS2 Transmission Profile
• Configure the AS2 Gateway Profile
• Configure Transmission Lifecycles and Workflows

Note Vault Safety AS2 Connections are replacing Vault Safety Gateways. AS2 Connections provide significant technical improvements including Admin management of Internet Protocol (IP) lists, more concise outbound IP lists, and improved Certificate Management. Though Gateways are still supported, we recommend configuring your Vault to use a Custom AS2 Connection instead of a Custom AS2 Gateway.

About Custom AS2 Gateways

To configure Vault Safety to communicate with another organization through AS2 Gateway, you must set up a Transmission Profile and Gateway Profile.

Set these profiles up for each organization that you want to exchange information with. You only need one profile per trading partner, which includes both sending and receiving transmissions.

Vault Safety supports both synchronous and asynchronous AS2 interchange. Set up your Gateway type to match the external Gateway with which you want to communicate.

Note If you are configuring a CRO vault, which multiple sponsor organizations can access, consider setting up multiple AS2 Gateways for sponsor transmissions to a common destination. A unique AS2 Gateway for each sponsor enforces organization-specific Transmission security.

Prerequisites

Your environment must meet the following requirements before you set up an AS2 Gateway Profile:

• You must contact Veeva Support to enable configurable AS2 Gateways in your vault.
• You must have your own public and private certificate pair set up for communication with the destination gateway.
• You must have the public certificate and URL for the destination gateway.
• You must configure contact details for the Sender User.
  Typically, the Sender User is the Head of Safety for the organization sending a transmission. Manage Users provides more information on setting up user contact details.

Create an AS2 Transmission Profile

You must first create a Transmission Profile of the type AS2 Gateway. Manage Transmission Profiles provides instructions on setting up Transmission Profiles.

If Veeva Support has enabled custom AS2 Gateways in your vault, the system automatically creates a Gateway Profile for the Transmission Profile once you save the record. Next, configure the Gateway Profile.

Configure the AS2 Gateway Profile

1. In the Admin area, go to Settings.
2. In the left pane, select Gateway Profiles.
3. On the Gateway Profiles page, select the name of the Gateway Profile that matches the Transmission Profile.
   If you do not see the Gateway Profile, ensure that your vault has the AS2 Gateway feature enabled.
4. Under Details, complete the following fields:
   
   • Sponsor Email Address: Enter a contact email address for your organization.
     This email address is included in the message header.
   • Description: Enter a description of the Gateway Profile.
5. Under AS2 Profile Configuration, complete the following fields:
   • Sponsor Certificate: Select Choose, and then open the certificate containing both the public and private encryption keys for the origin organization.
     The private certificate is usually a .pfx file.
   • Sponsor Certificate Password: Enter the password for the sponsor certificate.
   • Sponsor ID: If your organization is a registered sender with the destination, enter the registration ID.
     The Sponsor ID and Health Authority ID combination must not match an existing profile.
   • Health Authority Certificate: Select Choose, and then open the public encryption certificate for the destination organization.
     The public certificate is usually a .p7b file.
   • Health Authority ID: Enter the ID for the destination organization.
     The Sponsor ID and Health Authority ID combination must not match an existing profile.
   • Health Authority URL: Enter the destination Gateway URL.
   • Gateway User: For Async Gateway Profiles only, select the Vault Safety user whose name should appear in audit logs and gateway transactions.

   Note The Gateway User Required checkbox is automatically populated by the system and is informational only.

6. Select Save.
7. To activate the Gateway Profile, in the top-right corner, select Set Active.

Result

The Gateway Profile is active and available to use to exchange data with external organizations.

Note For partner gateways that transmit MDNs asynchronously, the partner gateway should send the MDN to the URL included in the header of the Vault Safety Transmission.

Configure Transmission Lifecycles and Workflows

We recommend that you configure Transmission lifecycles and workflows to align with your organization’s standard operating procedures. The following items are best practices and recommendations:

• Configure a Case Transmission Error workflow to handle Transmission errors.
• Configure a workflow to prevent a Transmission record from entering a Ready for Submission state until a Transmission Profile is specified.

About Object Lifecycles and About Object Workflows provide more information about configuring Lifecycles and Workflows.

---

Configure PMDA Gateway

← Previous

Configure Your Vault for the Receive E2B API

Next →

Related Docs

• Receive an E2B Transmission
• Configure Custom AS2 Connections
• Configure EMA AS2 Connection
• Configure FDA AS2 Connection