You must have established a Client in the Hyland IdP administration to support the SMART on FHIR applications. The settings established here provides communication information between SMART on FHIR and the Hyland IdP. Please see the Hyland Identity and Access Management module reference guide for more information.
To configure the Hyland IdP for your application:
-
Select the application you want to configure from the SMART on FHIR Applications dialog box.
-
Click Hyland IdP. The Hyland IdP Settings dialog box for the application you selected is displayed.
- In the Authority URL field, enter the name of the server for the Hyland IdP instance you created. For example: https://example.com/identityprovider. This is a required field.
-
In the Client ID field, enter the GUID specified in the Hyland IdP when configuring a new client, This configuration for the client should be associated with the SMART on FHIR launch. This is a required field.
Note:
See the Hyland Identity and Access Management Service module reference guide for details on creating the client.
-
In the Client Secret field, enter the plain text secret (password) that is configured for the client during Hyland IdP configuration.
Note:
Be sure to use the Client Secret value that was written down prior to saving the Hyland IdP configuration. The Client Secret is encoded once the configuration is saved. The encoded value will not work for application configuration. See your system administrator for more information if necessary.
-
Select the Scopes tab to add a list of scopes required by the Hyland IdP to execute the Token exchange and Addendum exchange grants. Add a scope by typing the name of the scope in the field provide, and then click Add. The openid scope is required.
Note:
Administrators should limit the scopes that are requested during the SMART on FHIR app launch to avoid granting the client unnecessary access to resources.
-
Select the Endpoints tab to add endpoint connections between SMART on FHIR and the Hyland IdP. Adding endpoint configuration can reduce network traffic required per app launch. If no endpoints are configured, the launch process will default to requesting the Discovery Document using the IdP's well-known endpoint ("/.well-known/openid-configuration"). The Discovery Document is then used to locate the Token and JWKS endpoints. If both Token and JWKS endpoints are specified, then the process will not attempt to load the Discovery Document, regardless of whether a Discovery Document endpoint is explicitly configured or not. This can improve performance.
Note: Only one of each endpoint type is allowed.
Do the following to add endpoints:
-
From the Type drop-down list, select an endpoint type. Options include:
-
Discovery Document. This is a URL to the IdP's Discovery document. For example: https://example.com/identityprovider/.well-known/openid-configuration.
-
Jwks. This is a URL to the IdP's JSON Web Key set. For example: https://example.com/identityprovider/.well-known/openid-configuration/jwks.
-
Token. This is a URL to the IdP's Token endpoint for use in a Token Exchange. For example: https://example.com/identityprovider/connect/token.
-
-
In the URL field, enter a server location for the endpoint.
-
Click Add. The endpoint is added to the Endpoints tab.
-
- Click Save.