Aidbox
Search
⌃K

What is Tenant

The article explains, what tenant is and how to set up tenant (clinic)
In terms of Aidbox, a tenant is logically isolated data belonging to one medical practice (clinic)

Structure of a Tenant

id: my-clinic
resourceType: Tenant
name: My Clinic Name
logoUrl: https://example.com/my-clinic-logo.png
identityProvider:
client:
id: ziW2...lv0
secret: 7Ho...gvb
scopes:
- user
- read:org
- openid
- profile
system: aidbox:tenant:my-clinic
token_endpoint: https://auth.example.com/token
userinfo_endpoint: https://auth.example.com/userinfo
authorize_endpoint: https://auth.example.com/authorize
  • id should consist of Unreserved Characters (section 2.3 of RFC 3986) as it is used as the part of URL
  • name is a tenant name
  • logoUrl defines where the tenant logo image is. The link should be publicly accessible
  • identityProvider defines the external identity provider Aidbox uses to authenticate users. If it's omitted, Aidbox uses the built-in Login form
    • client
      • id is the Client ID in the external identity provider
      • secretis the Client Secret in the external identity provider
    • scopes is an array of scopes identity providers supports
    • system should be a string representing the current tenant. Users of the tenant should have the same system value in their identifier property
    • token_endpoint is the token endpoint of the external identity provider
    • userinfo_endpoint is the userinfo endpoint of the external identity provider
    • authorize_endpoint is the authorize endpoint of the external identity provider

How to create a Tenant

With external identity provider
Without identity provider
POST /Tenant
content-type: text/yaml
id: my-clinic
resourceType: Tenant
name: My Clinic Name
logoUrl: https://example.com/my-clinic-logo.png
identityProvider:
client:
id: ziW2...lv0
secret: 7Ho...gvb
scopes:
- user
- read:org
- openid
- profile
system: aidbox:tenant:my-clinic
token_endpoint: https://auth.example.com/token
userinfo_endpoint: https://auth.example.com/userinfo
authorize_endpoint: https://auth.example.com/authorize
POST /Tenant
content-type: text/yaml
id: my-clinic
resourceType: Tenant
name: My Clinic Name
logoUrl: https://example.com/my-clinic-logo.png

How to create a User

With link to identity provider
Without link to identity provider
POST /User
content-type: text/yaml
resourceType: User
active: true
identifier:
- system: aidbox:tenant:my-clinic
value: user-id-in-external-identity-provider
meta:
tenant:
id: my-clinic
resourceType: Tenant
POST /User
content-type: text/yaml
resourceType: User
active: true
password: secret # should be provided
meta:
tenant:
id: my-clinic
resourceType: Tenant
meta.tenant links the user to the Tenant
There should be one element in the identifier section where
  • system links to the identityProvider.system
  • value is the user ID in the external identity provider