Trapeze: Enabling authenticated EHR sessions for a 24/7 AI voice agent

Sep 30, 2025

"We went from initial CloudCruise integration to production-ready in 1 day. Building this authentication flow in-house would have taken our team at least a week, plus 4+ hours of weekly maintenance. Even then, we'd never achieve CloudCruise's 99.9%+ success rate. When the EHR itself went down a couple times, CloudCruise immediately knew it wasn't an auth issue and notified us via Slack. CloudCruise gives us a hardened, ready-to-use EHR session on demand that supports Trapeze’s always-on infrastructure."

Christopher Chen, Co-Founder & CTO, Trapeze

Products used: Vault & Session State · Email TFA Inbox · Webhooks · Audit Logs & Replay · Maintenance Agent
Industry: Healthcare

Outcomes:

  • 99.9%+ session availability with <2 seconds average retrieval time

  • 5,000+ calls per day handled by Trapeze’s AI voice agent for one customer’s deployment

  • 100% workflow uptime across 3+ months of continuous production operation

  • 3 EHR downtime incidents automatically detected and recovered without manual intervention

Bringing secure EHR access to an AI voice agent

Trapeze operates a 24/7 AI call center that schedules and supports patients over the phone. To complete tasks like appointment lookups and booking, their agent needed a live, authenticated session in one of their clinic customer's EHR – without exposing credentials or manually logging in mid‑call. CloudCruise provides the session layer only: we log in, harden, and hand off a valid browser state; Trapeze handles all actions within the EHR.

Goal: Deliver frictionless, compliant session handoff so Trapeze can execute EHR workflows (lookups, scheduling) reliably, instantly, and autonomously.

Technical Challenge: Complex Multi-Layer Authentication

Trapeze's EHR access required navigating a sophisticated authentication chain:

1. Dual Authentication Flow

  • IDP Layer: Initial login through identity provider with corporate credentials

  • EHR Layer: Secondary authentication into the EHR system

  • Two credential sets: Separate username/password pairs stored securely in CloudCruise Vault

2. Email-Based Two-Factor Authentication

  • IDP requires email TFA for every login attempt

  • Custom TFA Email Inbox: Trapeze configured secure channel to dedicated CloudCruise-specific TFA inbox

  • Runtime email access: Our browser agent automatically retrieves and enters TFA codes during authentication

3. Dynamic Authentication State Management

  • Intelligent session detection: Browser agent first validates current authentication state before initiating any login flows

  • Conditional workflow branching: If IDP session remains valid but EHR session expired, agent skips IDP authentication and proceeds directly to EHR re-authentication

Why CloudCruise for session auth

Resilient automation: Graph‑based browser agents with static selectors where possible and action‑level AI fallbacks for layout drift and edge cases.

Autonomous email TFA handling: Dedicated TFA email address per vault entry to enable fully autonomous automation of email TFA challenges.

Security & compliance: Credentials stored in Vault; per‑action logs, screenshots, and full‑run video for audits.

Intelligent failure detection: Distinguishes between internal authentication issues and external EHR downtime, with proactive Slack notifications and automatic requeuing via maintenance agent.

Implementation (as used by Trapeze)

Core Workflow

  1. Invoke authentication workflow via API - Trapeze requests an EHR login for a specific tenant/user context

  2. CloudCruise runs authentication workflow:

    • Navigate to IDP gateway

    • Enter IDP credentials from Vault

    • Handle email TFA using dedicated TFA inbox

    • Navigate to EHR application selection

    • Switch browser context and enter EHR credentials

    • Validate successful authentication across both layers

  3. Wait for execution.success webhook - Trapeze receives webhook signaling completion of workflow

  4. Fetch the Vault entry & browser state - Trapeze retrieves credential references and browser session state

  5. Use the session downstream - Trapeze's AI voice agent uses the state to execute EHR workflows

Reliability Architecture

  • Duplicate vault entries: Primary and backup credential sets for each tenant

  • Proactive refresh: 10-minute cron jobs maintain session health across all vault entries

  • Automatic failover: If primary session expires, system automatically switches to backup

Results

Production Scale:

  • 5,000+ calls per day handled by Trapeze’s AI voice agent for one customer’s deployment

  • 100% uptime during 3+ months of production deployment

  • Handled 3 EHR downtime incidents with intelligent failure detection and automatic recovery

Session Availability:

  • 99.9%+ of API requests for EHR sessions return an immediately available authenticated session

  • Zero downtime during peak call volumes through redundant session management

  • <2 seconds average session retrieval time

Compliance & Security:

  • Audit‑ready traceability simplified compliance reviews and partner security assessments

  • Full workflow replay available for every authentication attempt

  • Zero credential exposure to AI agents or call center staff

What this unlocks for Trapeze

Instant EHR access at scale: 99.9%+ session availability means 5000+ daily patient calls get immediate EHR access without authentication delays – no 3-4 minute hold times while systems log in.

Fully autonomous authentication: Complex IDP-to-EHR flows with email TFA run completely without human intervention using dedicated TFA secure email channels and dual credential management – perfect for 24/7 AI operations.

Production-grade resilience: Redundant vault entries, proactive session refresh, and intelligent incident detection with automatic recovery ensure zero downtime even during EHR outages.

Get Access

Privacy

Terms