Authentication and Authorization
HealthShare® Health Connect supports a wide variety of authentication mechanisms. Authentication determines if users are who they say they are. Additionally, HealthShare® Health Connect supports a robust role-based authorization system, which determines an authenticated user can create, use, view, change, or delete.
Get acquainted
Try it
Read all about it
The lightweight directory access protocol
The Kerberos network authentication system
Using operating system credentials
The Health Connect built-in authentication system
Using your own authentication system and tying in Health Connect
The system, database, and service resources that protect assets such as an InterSystems IRIS database
Combining permissions and resources to create privileges
Using roles, which are collections of privileges
Managing users, including predefined users
Match authentication with authorization
Your authentication mechanism determines what authorization mechanism you can use.
Authentication mechanism | Authorization mechanisms |
---|---|
LDAP | InterSystems authorization |
LDAP | |
Kerberos | InterSystems authorization |
Delegated authorization | |
OS-based | InterSystems authorization |
Delegated authorization | |
LDAP | |
Instance authentication | InterSystems authorization |
Delegated authentication | InterSystems authorization |
Delegated authorization |
Two-factor authentication
Health Connect supports both SMS text authentication and time-based one-time password (TOTP) authentication.
External authorization systems
delegated authorization (authorization only)
delegated authentication (authorization and authentication)
Match authorization with authentication
You can use each authorization/role-assignment mechanism only with certain authentication mechanisms.
Authorization/role-assignment mechanism | Authentication mechanism(s) |
---|---|
InterSystems authorization | All authentication systems |
Delegated authorization | Delegated authentication |
OS-based | |
Kerberos | |
LDAP | LDAP |
OS-based | |
Delegated authentication (can also perform authorization) | Delegated authentication |