Talk to an expert Log in/Sign up

What is Tenant

The article explains, what tenant is and how to set up tenant (clinic)

In terms of Aidbox, a tenant is logically isolated data belonging to one medical practice (clinic)

Structure of a Tenant

id: my-clinic
resourceType: Tenant
name: My Clinic Name
logoUrl: https://example.com/my-clinic-logo.png
identityProvider:
  client:
    id: ziW2...lv0
    secret: 7Ho...gvb
  scopes:
    - user
    - read:org
    - openid
    - profile
  system: aidbox:tenant:my-clinic
  token_endpoint: https://auth.example.com/token
  userinfo_endpoint: https://auth.example.com/userinfo
  authorize_endpoint: https://auth.example.com/authorize

  • id should consist of Unreserved Characters (section 2.3 of RFC 3986) as it is used as the part of URL

  • name is a tenant name

  • logoUrl defines where the tenant logo image is. The link should be publicly accessible

  • identityProvider defines the external identity provider Aidbox uses to authenticate users. If it's omitted, Aidbox uses the built-in Login form

    • client

      • id is the Client ID in the external identity provider

      • secretis the Client Secret in the external identity provider

    • scopes is an array of scopes identity providers supports

    • system should be a string representing the current tenant. Users of the tenant should have the same system value in their identifier property

    • token_endpoint is the token endpoint of the external identity provider

    • userinfo_endpoint is the userinfo endpoint of the external identity provider

    • authorize_endpoint is the authorize endpoint of the external identity provider

How to create a Tenant

POST /Tenant
content-type: text/yaml

id: my-clinic
resourceType: Tenant
name: My Clinic Name
logoUrl: https://example.com/my-clinic-logo.png
identityProvider:
  client:
    id: ziW2...lv0
    secret: 7Ho...gvb
  scopes:
    - user
    - read:org
    - openid
    - profile
  system: aidbox:tenant:my-clinic
  token_endpoint: https://auth.example.com/token
  userinfo_endpoint: https://auth.example.com/userinfo
  authorize_endpoint: https://auth.example.com/authorize

How to create a User

POST /User
content-type: text/yaml

resourceType: User
active: true
email: mail@example.com
identifier:
  - system: aidbox:tenant:my-clinic
    value: user-id-in-external-identity-provider
meta:
  tenant:
    id: my-clinic
    resourceType: Tenant

meta.tenant links the user to the Tenant

There should be one element in the identifier section where

  • system links to the identityProvider.system

  • value is the user ID in the external identity provider

Last updated