What is Tenant
The article explains, what tenant is and how to set up tenant (clinic)
In terms of Aidbox, a tenant is logically isolated data belonging to one medical practice (clinic)
id: my-clinic
resourceType: Tenant
name: My Clinic Name
logoUrl: https://example.com/my-clinic-logo.png
identityProvider:
client:
id: ziW2...lv0
secret: 7Ho...gvb
scopes:
- user
- read:org
- openid
- profile
system: aidbox:tenant:my-clinic
token_endpoint: https://auth.example.com/token
userinfo_endpoint: https://auth.example.com/userinfo
authorize_endpoint: https://auth.example.com/authorize
id
should consist of Unreserved Characters (section 2.3 of RFC 3986) as it is used as the part of URLname
is a tenant namelogoUrl
defines where the tenant logo image is. The link should be publicly accessibleidentityProvider
defines the external identity provider Aidbox uses to authenticate users. If it's omitted, Aidbox uses the built-inLogin
formclient
id
is theClient ID
in the external identity providersecret
is theClient Secret
in the external identity provider
scopes
is an array of scopes identity providers supportssystem
should be a string representing the current tenant. Users of the tenant should have the same system value in theiridentifier
propertytoken_endpoint
is the token endpoint of the external identity provideruserinfo_endpoint
is the userinfo endpoint of the external identity providerauthorize_endpoint
is the authorize endpoint of the external identity provider
With external identity provider
Without identity provider
POST /Tenant
content-type: text/yaml
id: my-clinic
resourceType: Tenant
name: My Clinic Name
logoUrl: https://example.com/my-clinic-logo.png
identityProvider:
client:
id: ziW2...lv0
secret: 7Ho...gvb
scopes:
- user
- read:org
- openid
- profile
system: aidbox:tenant:my-clinic
token_endpoint: https://auth.example.com/token
userinfo_endpoint: https://auth.example.com/userinfo
authorize_endpoint: https://auth.example.com/authorize
POST /Tenant
content-type: text/yaml
id: my-clinic
resourceType: Tenant
name: My Clinic Name
logoUrl: https://example.com/my-clinic-logo.png
With link to identity provider
Without link to identity provider
POST /User
content-type: text/yaml
resourceType: User
active: true
email: [email protected]
identifier:
- system: aidbox:tenant:my-clinic
value: user-id-in-external-identity-provider
meta:
tenant:
id: my-clinic
resourceType: Tenant
POST /User
content-type: text/yaml
resourceType: User
active: true
email: [email protected]
password: secret # should be provided
meta:
tenant:
id: my-clinic
resourceType: Tenant
meta.tenant
links the user to the TenantThere should be one element in the
identifier
section wheresystem
links to theidentityProvider.system
value
is theuser ID
in the external identity provider
Last modified 2mo ago