Configuring the IdP Client for the Clinician Window UI - Hyland Clinician Window - 23.1 - 23.1 - Other - external

Hyland Clinician Window

Platform
Other
Product
Hyland Clinician Window
Release
23.1
License

The Clinician Window UI requires a client connection configured on the Hyland IdP server.

To configure an IdP client for the Clinician Window UI:

  1. Create a client connection on the Hyland IdP server for the Clinician Window UI to use.
    Tip:

    Complete details on configuring a client connection on the Hyland IdP server are documented in the separate Identity and Access Management Services documentation.

    The client connection must have the following settings, as well as any standard required settings. All other settings can be left with the default values.

    Setting

    Value

    Protocol Type

    oidc

    Redirect URLs

    The authentication-confirmation location for the Clinician Window UI installation.

    For example, if your domain is my.domain, and the Clinician Window UI application name is HCW_UI, then the URL is:

    https://my.domain/HCW_UI/view/authentication-confirmation

    Allowed Grant Types

    Select Authorization Code and Token Exchange

    Allowed Scopes

    openid, group, evolution, offline_access

    Note:

    If you are using an existing NilRead environment with Clinician Window, then you also must add the nilread scope.

    Allow users to log in locally

    Select Allow users to log in locally

    Allow clients to request a refresh token

    Select Allow client to request a refresh token

    Post Logout Redirect URLs

    The unauthenticated location for the Clinician Window UI installation.

    For example, if your domain is my.domain, and the Clinician Window UI application name is HCW_UI, then the URL is:

    https://my.domain/HCW_UI/view/unauthenticated

    Front Channel Logout requires session ID

    Select Front Channel Logout requires session ID

    Back Channel Logout requires session ID

    Select Back Channel Logout requires session ID

    Access Token Lifetime

    For security reasons, it is strongly recommended that the Access Token Lifetime setting on the IdP server be configured to expire after a period of 30 minutes of inactivity. However, for increased security, it is generally recommended to configure this setting to expire after a period of 5-10 minutes.

    For information on configuring the Access Token Lifetime setting on the IdP server, see the Hyland Identity and Access Management Services documentation.

    Access Token Type

    Select Reference

    Client Secret must be present

    Deselect Client Secret must be present

  2. After saving the client connection, copy the Client ID value to the clipboard by clicking the icon at the right of the Client ID field.

    You will need this value in the next procedure.

  3. Recycle the application pool of the Hyland IdP server for the changes to take effect.