Authentication and Authorization

HealthShare® Health Connect supports a wide variety of authentication mechanisms. Authentication determines if users are who they say they are. Additionally, HealthShare® Health Connect supports a robust role-based authorization system, which determines an authenticated user can create, use, view, change, or delete.

Get acquainted

video icon Users and roles in InterSystems IRISOpens in a new window

documentation icon Authentication introduction

documentation icon Authorization: Controlling User Access

Try it

interactive icon First Look: Role-based access control

Read all about it

documentation icon LDAP

The lightweight directory access protocol

documentation icon Kerberos

The Kerberos network authentication system

documentation icon OS-based authentication

Using operating system credentials

documentation icon Instance authentication

The Health Connect built-in authentication system

documentation icon Delegated authentication

Using your own authentication system and tying in Health Connect

documentation icon Assets and resources

The system, database, and service resources that protect assets such as an InterSystems IRIS database

documentation icon Privileges and permissions

Combining permissions and resources to create privileges

documentation icon Roles

Using roles, which are collections of privileges

documentation icon Users

Managing users, including predefined users

Match authentication with authorization

Your authentication mechanism determines what authorization mechanism you can use.

Authentication mechanism	Authorization mechanisms
LDAP	InterSystems authorization
LDAP	LDAP
Kerberos	InterSystems authorization
Kerberos	Delegated authorization
OS-based	InterSystems authorization
	Delegated authorization
	LDAP
Instance authentication	InterSystems authorization
Delegated authentication	InterSystems authorization
Delegated authentication	Delegated authorization

Two-factor authentication

Health Connect supports both SMS text authentication and time-based one-time password (TOTP) authentication.

documentation icon Two-factor authentication

External authorization systems

documentation icon delegated authorization (authorization only)

documentation icon delegated authentication (authorization and authentication)

Match authorization with authentication

You can use each authorization/role-assignment mechanism only with certain authentication mechanisms.

Authorization/role-assignment mechanism	Authentication mechanism(s)
InterSystems authorization	All authentication systems
Delegated authorization	Delegated authentication
	OS-based
	Kerberos
LDAP	LDAP
LDAP	OS-based
Delegated authentication (can also perform authorization)	Delegated authentication

Explore more

Navigation icon Security

Navigation icon TLS