Configuring the Medical Records Management (MRM) Client to Use IdP Authentication - Identity and Access Management Services - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - external

Integrating With Hyland IAM Services

Identity and Access Management Services
Foundation 23.1

The MRM Client requires the OnBase Application Server to communicate with OnBase. You must also configure the Application Server to use IdP authentication. See Configuring the Application Server to Use IdP Authentication.

To configure the MRM Client to use the Hyland IdP server for authentication:

  1. Configure a client connection on the Hyland IdP server for the MRM Client to use.

    If you have already configured a client connection for use with the OnBase Unity Client, the same client connection can be used for the MRM Client. Complete details on configuring a client connection on the Hyland IdP server are documented in the separate Identity and Access Management Services documentation. Version compatibility with OnBase Foundation releases is documented in the Version section of that documentation

    The client connection must have the following settings, as well as any standard required settings. All other settings can be left with the default values.



    Protocol Type


    Redirect URLs

    The URL of the Service.asmx page of the OnBase Application Server. This value must be the same as the ServicePath configured for the MRM Client, which must be all lowercase.

    Allowed Grant Types

    Authorization Code

    Allowed Scopes


    Post Logout Redirect URLs

    The same URL as the Redirect URLs value. This value must be all lowercase.


    Select Require PKCE


    Do not select Client Secret must be present

  2. After saving the client connection, copy the Client ID value to the clipboard by clicking the icon at the right of the Client ID field.

    Recycle the application pool of the Hyland IdP server in IIS for any configuration changes on the Hyland IdP server to take effect.

  3. Open the obmrmunity.exe.config file of the MRM Client for editing in a plain-text editor.

    If the module is deployed using ClickOnce you must use the installer to update the deployment package. Editing the configuration file without updating the deployment package will break the deployment.

  4. Locate the ServiceLocations element.
  5. Locate the <add ServicePath element for the OnBase Application Server and data source the MRM Client uses and update the values of the following attributes.

    If the attributes do not exist, you must add them to the add element for the ServicePath used by the MRM Client. Attribute names in XML are case sensitive.




    Paste the client ID value you copied from the Hyland IdP server into the value of the IdpClientId attribute. This is the unique ID of the client on the Hyland IdP server. This value is case sensitive and must match exactly the value on the Hyland IdP server.


    The endpoint of the Hyland IdP server. This value is case sensitive.

    For example, if your domain is my.domain and the Hyland IdP application name is identityprovider, then the value is: https://my.domain/identityprovider


    Set the value to Idp.


    This value is case sensitive. Note the uppercase I in Idp.

  6. Save and close the obmrmunity.exe.config file.