Smile CDR v2023.05.PRE
On this page:
   41.105    SMART Login Terms of Service
  • Configuration Categories
  • 41.0 Web Admin Console Settings
  • 41.1 appSphere
  • 41.2 Payer Config
  • 41.3 Initial appSphere Seeding
  • 41.4 Authentication Callback Scripts
  • 41.5 Auth: General for APIs
  • 41.6 User Authentication
  • 41.7 Auth: HTTP Basic
  • 41.8 Auth: OpenID Connect
  • 41.9 Browser Syntax Highlighting
  • 41.10 Capability Statement (metadata)
  • 41.11 CDA Generation
  • 41.12 CDA Import
  • 41.13 CDS Hooks Definitions
  • 41.14 Channel Import
  • 41.15 Channel Retry
  • 41.16 Kafka
  • 41.17 Cluster Manager Maintenance
  • 41.18 Message Broker
  • 41.19 Cluster Level Security
  • 41.20 Credentials
  • 41.21 Cross-Origin Resource Sharing (CORS)
  • 41.22 Database
  • 41.23 Da Vinci Health Record Exchange
  • 41.24 DQM
  • 41.25 Email Configuration
  • 41.26 ETL Import: CSV Properties
  • 41.27 ETL Import: Source
  • 41.28 FHIR Binary Storage
  • 41.29 FHIR Bulk Operations
  • 41.30 Capability Statement
  • 41.31 FHIR Configuration
  • 41.32 Consent Service
  • 41.33 FHIR Endpoint Conversion
  • 41.34 Interceptors
  • 41.35 FHIR Endpoint Partitioning
  • 41.36 Resource Providers
  • 41.37 FHIR Endpoint Security
  • 41.38 Endpoint Terminology
  • 41.39 FHIR Gateway Configuration
  • 41.40 FHIR Interceptors
  • 41.41 LiveBundle Service
  • 41.42 FHIR MDM Server
  • 41.43 FHIR Performance
  • 41.44 FHIR Performance Tracing
  • 41.45 FHIR Realtime Export
  • 41.46 Repository Validation
  • 41.47 FHIR Resource Types
  • 41.48 FHIR REST Endpoint
  • 41.49 FHIR Search
  • 41.50 IG Support
  • 41.51 MegaScale
  • 41.52 FHIR Storage Module Scheduled Tasks
  • 41.53 FHIR Validation Services
  • 41.54 FHIR Storage Package Registry
  • 41.55 FHIR Storage Partitioning
  • 41.56 Versioned References
  • 41.57 FHIR Subscription Delivery
  • 41.58 FHIR Subscription Persistence
  • 41.59 Amazon HealthLake REST Endpoint
  • 41.60 HL7 v2.x Mapper - Contained Resource
  • 41.61 HL7 v2.x Mapper - DG1
  • 41.62 HL7 v2.x Mapper - Forced Namespace Mode
  • 41.63 HL7 v2.x Mapper - General
  • 41.64 HL7 v2.x Mapper - Medications
  • 41.65 HL7 v2.x Mapper - OBR
  • 41.66 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 41.67 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 41.68 HL7 v2.x Mapper - PID
  • 41.69 HL7 v2.x Mapper - PV1
  • 41.70 HL7 v2.x Listener Script
  • 41.71 HL7 v2.x MLLP Listener
  • 41.72 HL7 v2.x MLLP Sender
  • 41.73 FHIR to HL7 v2.x Mapper Script
  • 41.74 HL7 v2.x Outbound Mapping
  • 41.75 Da Vinci Health Record Exchange (HRex)
  • 41.76 HTTP Access Log
  • 41.77 HTTP Listener
  • 41.78 HTTP Request Pool
  • 41.79 HTTP Security
  • 41.80 Hybrid Providers Definitions
  • 41.81 Initial User Seeding
  • 41.82 JavaScript Execution Environment
  • 41.83 JSON Web KeySet (JWKS)
  • 41.84 LDAP Authentication
  • 41.85 Smile CDR License
  • 41.86 Lucene FullText Indexing
  • 41.87 MDM
  • 41.88 Narrative Generator
  • 41.89 OpenID Connect Token Validation
  • 41.90 OpenID Connect (OIDC)
  • 41.91 Payer to Payer
  • 41.92 Privacy Security Notice
  • 41.93 Provenance Injection
  • 41.94 Realtime Export
  • 41.95 Endpoint Validation: Request Validating
  • 41.96 Search Parameter Seeding
  • 41.97 SAML Provider
  • 41.98 Security Inbound Script
  • 41.99 Inbound SMART on FHIR Authentication
  • 41.100 Inbound SMART on FHIR Endpoints
  • 41.101 OAuth2/OIDC Federation
  • 41.102 SMART Callback Script
  • 41.103 Cross-Organizational Data Access Profile
  • 41.104 SMART Login Skin
  • 41.105 SMART Login Terms of Service
  • 41.106 SMART Authorization
  • 41.107 SMART Definitions Seeding
  • 41.108 Sessions
  • 41.109 Two Factor Authentication
  • 41.110 TLS / SSL (Encryption)
  • 41.111 Transaction Log
  • 41.112 Trusted Client
  • 41.113 User Self Registration
    • 41.107    SMART Definitions Seeding   
       Table of Contents

    SMART Authorization

    41.106SMART Authorization

     

    The SMART Authorization configuration category includes the following configurable options:

    • Allowed Audience List

    • Email From Address

    • Enforce Approved Scopes to Restrict Permissions

    • Scopes Supported

    41.106.1Property: Allowed Audience List

     
    Property Name Allowed Audience List
    Property Key
    Property Type STRING
    Description Space-separated list of allowed resource URLs as the 'audience' parameter during authentication flow. If left empty, no validation is performed.
    Applies to Modules
    • SMART Outbound Security
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.allowed_audience_list =

    41.106.2Property: Email From Address

     
    Property Name Email From Address
    Property Key
    Property Type STRING
    Description Forgotten password related emails will be sent from this email address.
    Applies to Modules
    • Payer to Payer
    • SMART Outbound Security
    • appSphere
    Default Value noreply@unknown.com
    Example Property 
    module.[MODULE_ID].config.email.from_address = noreply@unknown.com

    41.106.3Property: Enforce Approved Scopes to Restrict Permissions

     
    Property Name Enforce Approved Scopes to Restrict Permissions
    Property Key
    Property Type BOOLEAN
    Description When enabled, permission will be stripped from a user's session if they are not supported by an approved SMART on FHIR scope. For example, any FHIR write permissions will be removed from a session if the user has not approved (or a client is set to auto-approve) a scope such as Patient/*.write.
    Applies to Modules
    • SMART Inbound Security
    • SMART Outbound Security
    Default Value true
    Example Property 
    module.[MODULE_ID].config.enforce_approved_scopes_to_restrict_permissions = true

    41.106.4Property: Scopes Supported

     
    Property Name Scopes Supported
    Property Key
    Property Type STRING
    Description A space separated list of scopes to advertise as supported in the .well-known/smart-configuration
    Applies to Modules
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • Hybrid Providers REST Endpoint
    • SMART Inbound Security
    • SMART Outbound Security
    Default Value openid fhirUser
    Example Property 
    module.[MODULE_ID].config.smart_configuration.scopes_supported = openid fhirUser
       41.105    SMART Login Terms of Service
  • Configuration Categories
  • 41.0 Web Admin Console Settings
  • 41.1 appSphere
  • 41.2 Payer Config
  • 41.3 Initial appSphere Seeding
  • 41.4 Authentication Callback Scripts
  • 41.5 Auth: General for APIs
  • 41.6 User Authentication
  • 41.7 Auth: HTTP Basic
  • 41.8 Auth: OpenID Connect
  • 41.9 Browser Syntax Highlighting
  • 41.10 Capability Statement (metadata)
  • 41.11 CDA Generation
  • 41.12 CDA Import
  • 41.13 CDS Hooks Definitions
  • 41.14 Channel Import
  • 41.15 Channel Retry
  • 41.16 Kafka
  • 41.17 Cluster Manager Maintenance
  • 41.18 Message Broker
  • 41.19 Cluster Level Security
  • 41.20 Credentials
  • 41.21 Cross-Origin Resource Sharing (CORS)
  • 41.22 Database
  • 41.23 Da Vinci Health Record Exchange
  • 41.24 DQM
  • 41.25 Email Configuration
  • 41.26 ETL Import: CSV Properties
  • 41.27 ETL Import: Source
  • 41.28 FHIR Binary Storage
  • 41.29 FHIR Bulk Operations
  • 41.30 Capability Statement
  • 41.31 FHIR Configuration
  • 41.32 Consent Service
  • 41.33 FHIR Endpoint Conversion
  • 41.34 Interceptors
  • 41.35 FHIR Endpoint Partitioning
  • 41.36 Resource Providers
  • 41.37 FHIR Endpoint Security
  • 41.38 Endpoint Terminology
  • 41.39 FHIR Gateway Configuration
  • 41.40 FHIR Interceptors
  • 41.41 LiveBundle Service
  • 41.42 FHIR MDM Server
  • 41.43 FHIR Performance
  • 41.44 FHIR Performance Tracing
  • 41.45 FHIR Realtime Export
  • 41.46 Repository Validation
  • 41.47 FHIR Resource Types
  • 41.48 FHIR REST Endpoint
  • 41.49 FHIR Search
  • 41.50 IG Support
  • 41.51 MegaScale
  • 41.52 FHIR Storage Module Scheduled Tasks
  • 41.53 FHIR Validation Services
  • 41.54 FHIR Storage Package Registry
  • 41.55 FHIR Storage Partitioning
  • 41.56 Versioned References
  • 41.57 FHIR Subscription Delivery
  • 41.58 FHIR Subscription Persistence
  • 41.59 Amazon HealthLake REST Endpoint
  • 41.60 HL7 v2.x Mapper - Contained Resource
  • 41.61 HL7 v2.x Mapper - DG1
  • 41.62 HL7 v2.x Mapper - Forced Namespace Mode
  • 41.63 HL7 v2.x Mapper - General
  • 41.64 HL7 v2.x Mapper - Medications
  • 41.65 HL7 v2.x Mapper - OBR
  • 41.66 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 41.67 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 41.68 HL7 v2.x Mapper - PID
  • 41.69 HL7 v2.x Mapper - PV1
  • 41.70 HL7 v2.x Listener Script
  • 41.71 HL7 v2.x MLLP Listener
  • 41.72 HL7 v2.x MLLP Sender
  • 41.73 FHIR to HL7 v2.x Mapper Script
  • 41.74 HL7 v2.x Outbound Mapping
  • 41.75 Da Vinci Health Record Exchange (HRex)
  • 41.76 HTTP Access Log
  • 41.77 HTTP Listener
  • 41.78 HTTP Request Pool
  • 41.79 HTTP Security
  • 41.80 Hybrid Providers Definitions
  • 41.81 Initial User Seeding
  • 41.82 JavaScript Execution Environment
  • 41.83 JSON Web KeySet (JWKS)
  • 41.84 LDAP Authentication
  • 41.85 Smile CDR License
  • 41.86 Lucene FullText Indexing
  • 41.87 MDM
  • 41.88 Narrative Generator
  • 41.89 OpenID Connect Token Validation
  • 41.90 OpenID Connect (OIDC)
  • 41.91 Payer to Payer
  • 41.92 Privacy Security Notice
  • 41.93 Provenance Injection
  • 41.94 Realtime Export
  • 41.95 Endpoint Validation: Request Validating
  • 41.96 Search Parameter Seeding
  • 41.97 SAML Provider
  • 41.98 Security Inbound Script
  • 41.99 Inbound SMART on FHIR Authentication
  • 41.100 Inbound SMART on FHIR Endpoints
  • 41.101 OAuth2/OIDC Federation
  • 41.102 SMART Callback Script
  • 41.103 Cross-Organizational Data Access Profile
  • 41.104 SMART Login Skin
  • 41.105 SMART Login Terms of Service
  • 41.106 SMART Authorization
  • 41.107 SMART Definitions Seeding
  • 41.108 Sessions
  • 41.109 Two Factor Authentication
  • 41.110 TLS / SSL (Encryption)
  • 41.111 Transaction Log
  • 41.112 Trusted Client
  • 41.113 User Self Registration
    • 41.107    SMART Definitions Seeding