Skip to main content

Authentication and Authorization

InterSystems IRIS for Health™ supports a wide variety of authentication mechanisms. Authentication determines if users are who they say they are. Additionally, InterSystems IRIS for Health™ supports a robust role-based authorization system, which determines an authenticated user can create, use, view, change, or delete.

Get acquainted

Users and roles in InterSystems IRISOpens in a new tab

Authentication introduction

Authorization: Controlling User Access

Try it

Configuring Role-Based AccessOpens in a new tab

Read all about it

LDAP

The lightweight directory access protocol

Kerberos

The Kerberos network authentication system

OS-based authentication

Using operating system credentials

Instance authentication

The InterSystems IRIS for Health built-in authentication system

Delegated authentication

Using your own authentication system and tying in InterSystems IRIS for Health

Using Resources to Protect Assets

The system, database, and service resources that protect assets such as an InterSystems IRIS database

Privileges and permissions

Combining permissions and resources to create privileges

Roles

Using roles, which are collections of privileges

Users

Managing users, including predefined users

Match authentication with authorization

Your authentication mechanism determines what authorization mechanism you can use.

Authentication mechanism Authorization mechanisms
LDAP InterSystems authorization, LDAP
Kerberos Delegated authorization, InterSystems authorization
OS-based Delegated authorization, InterSystems authorization, LDAP
Instance authentication InterSystems authorization
Delegated authentication Delegated authorization, InterSystems authorization

Two-factor authentication

InterSystems IRIS for Health supports both SMS text authentication and time-based one-time password (TOTP) authentication.

Two-factor authentication

External authorization systems

delegated authorization (authorization only)

delegated authentication (authorization and authentication)

Match authorization with authentication

You can use each authorization/role-assignment mechanism only with certain authentication mechanisms.

Authorization/role-assignment mechanism Authentication mechanism(s)
Delegated authentication (can also perform authorization) Delegated authentication
Delegated authorization Delegated authentication, Kerberos, OS-based
InterSystems authorization All authentication systems
LDAP LDAP, OS-based

Explore more

Security

TLS

FeedbackOpens in a new tab