Last updated
Was this helpful?
Last updated
Was this helpful?
There are three ways to manage users in Aidbox:
Manage Users in Aidbox
Manage Users in external systems
Automatically create users from external systems
Aidbox user management is based on the User resource.
A User represents an application‑level identity and is completely stored and controlled inside the Aidbox database. Each user record contains the login name, a hashed password, an active flag, and a link to FHIR user (Practitioner or Patient), and some additional fields that determine the user's effective permissions through AccessPolicy rules.
Because everything is a resource, you can manage users the same way you manage clinical data: create to apply validation, versioned history, transactions, _history, etc.
See also:
If you already have an identity provider, you can delegate authentication to it and keep all identities outside Aidbox. Aidbox becomes a Service Provider that trusts the external IdP and focuses on authorization.
Two building blocks are involved:
IdentityProvider – resource to configure an external identity provider. Log in to Aidbox UI with SSO. When users hit the Aidbox UI, they are redirected to the IdP; after successful login, the IdP posts an ID‑token back to Aidbox, establishing a browser session.
TokenIntrospector – For API access, point your application to the IdP directly, then present the resulting JWT/Opaque token to Aidbox. The TokenIntrospector resource tells Aidbox how to verify the token signature.
See also:
In some cases, you want to authenticate with an external IdP and still have a corresponding User resource inside Aidbox for auditing, patient‑to‑user mapping, or granular AccessPolicy rules. Aidbox supports just‑in‑time (JIT) user provisioning – it transparently creates a local user record the first time a foreign identity appears.