The Clinician Window UI requires a client connection configured on the Hyland IdP server.
To configure an IdP client for the Clinician Window UI:
-
Create a client connection on the Hyland IdP server for the Clinician Window UI
to use.
Tip:
Complete details on configuring a client connection on the Hyland IdP server are documented in the separate Identity and Access Management Services documentation.
The client connection must have the following settings, as well as any standard required settings. All other settings can be left with the default values.
Setting
Value
Protocol Type
oidc
Redirect URLs
The authentication-confirmation location for the Clinician Window UI installation.
For example, if your domain is my.domain, and the Clinician Window UI application name is HCW_UI, then the URL is:
https://my.domain/HCW_UI/view/authentication-confirmation
Allowed Grant Types
Select Authorization Code and Token Exchange
Allowed Scopes
openid, group, evolution, offline_access
Note:If you are using an existing NilRead environment with Clinician Window, then you also must add the nilread scope.
Allow users to log in locally
Select Allow users to log in locally
Allow clients to request a refresh token
Select Allow client to request a refresh token
Post Logout Redirect URLs
The unauthenticated location for the Clinician Window UI installation.
For example, if your domain is my.domain, and the Clinician Window UI application name is HCW_UI, then the URL is:
https://my.domain/HCW_UI/view/unauthenticated
Front Channel Logout requires session ID
Select Front Channel Logout requires session ID
Back Channel Logout requires session ID
Select Back Channel Logout requires session ID
Access Token Lifetime
For security reasons, it is strongly recommended that the Access Token Lifetime setting on the IdP server be configured to expire after a period of 30 minutes of inactivity. However, for increased security, it is generally recommended to configure this setting to expire after a period of 5-10 minutes.
For information on configuring the Access Token Lifetime setting on the IdP server, see the Hyland Identity and Access Management Services documentation.
Access Token Type
Select Reference
Client Secret must be present
Deselect Client Secret must be present
-
After saving the client connection, copy the Client ID
value to the clipboard by clicking the icon at the right of the
Client ID field.
You will need this value in the next procedure.
- Recycle the application pool of the Hyland IdP server for the changes to take effect.