49.131    SMART Login Terms of Service
  • Configuration Categories
  • 49.0 Web Admin Console Settings
  • 49.1 appSphere
  • 49.2 Payer Config
  • 49.3 Initial appSphere Seeding
  • 49.4 Authentication Callback Scripts
  • 49.5 Auth: General for APIs
  • 49.6 User Authentication
  • 49.7 Auth: HTTP Basic
  • 49.8 Auth: OpenID Connect
  • 49.9 Browser Syntax Highlighting
  • 49.10 Camel
  • 49.11 Capability Statement (metadata)
  • 49.12 Care Gaps
  • 49.13 CDA Generation
  • 49.14 CDA Import
  • 49.15 CDA Interceptors
  • 49.16 CDA JavaScript Execution Scripts
  • 49.17 CDA Terminology
  • 49.18 CDS Hooks Definitions
  • 49.19 CDS Hooks On FHIR
  • 49.20 Channel Import
  • 49.21 Channel Retry
  • 49.22 Kafka
  • 49.23 Cluster Manager Maintenance
  • 49.24 Message Broker
  • 49.25 Cluster Level Security
  • 49.26 Consent
  • 49.27 CQL
  • 49.28 Credentials
  • 49.29 Cross-Origin Resource Sharing (CORS)
  • 49.30 Invoke Export
  • 49.31 Member Match
  • 49.32 Database
  • 49.33 Da Vinci Health Record Exchange
  • 49.34 EasyShare SMART Health Links
  • 49.35 Email Configuration
  • 49.36 MDM UI
  • 49.37 ETL Import: CSV Properties
  • 49.38 ETL Import: Source
  • 49.39 Measure Evaluation
  • 49.40 FHIR Binary Storage
  • 49.41 FHIR Bulk Operations
  • 49.42 Capability Statement
  • 49.43 FHIR Configuration
  • 49.44 Consent Service
  • 49.45 FHIR Endpoint Conversion
  • 49.46 FHIR Endpoint HFQL Support
  • 49.47 FHIR Endpoint Partitioning
  • 49.48 Resource Providers
  • 49.49 FHIR Endpoint Security
  • 49.50 Endpoint Terminology
  • 49.51 FHIR Gateway Cache
  • 49.52 FHIR Gateway Configuration
  • 49.53 FHIR Interceptors
  • 49.54 LiveBundle Service
  • 49.55 FHIR MDM Server
  • 49.56 FHIR Performance
  • 49.57 FHIR Performance Tracing
  • 49.58 FHIR Realtime Export
  • 49.59 Repository Validation
  • 49.60 FHIR Resource Types
  • 49.61 FHIR REST Endpoint
  • 49.62 FHIR Search
  • 49.63 Custom Resource Types
  • 49.64 IG Support
  • 49.65 MegaScale
  • 49.66 FHIR Storage Module Conditional Updates
  • 49.67 FHIR Storage Module Scheduled Tasks
  • 49.68 FHIR Validation Services
  • 49.69 FHIR Validation Services Remote Terminology Client TLS / SSL (Encryption)
  • 49.70 FHIR Storage Package Registry
  • 49.71 FHIR Storage Partitioning
  • 49.72 Versioned References
  • 49.73 FHIR Subscription Delivery
  • 49.74 FHIR Subscription Persistence
  • 49.75 Amazon HealthLake REST Endpoint
  • 49.76 HL7 v2.x Mapper - Contained Resource
  • 49.77 HL7 v2.x Mapper - DG1
  • 49.78 HL7 v2.x Mapper - Forced Namespace Mode
  • 49.79 HL7 v2.x Mapper - General
  • 49.80 HL7 v2.x Mapper - Medications
  • 49.81 HL7 v2.x Mapper - OBR
  • 49.82 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 49.83 HL7 v2.x Mapper - ORC
  • 49.84 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 49.85 HL7 v2.x Mapper - PID
  • 49.86 HL7 v2.x Mapper - PV1
  • 49.87 Listener Interceptors
  • 49.88 HL7 v2.x Listener Script
  • 49.89 HL7 v2.x Listening Endpoint
  • 49.90 HL7 v2.x MLLP Listener
  • 49.91 HL7 v2.x MLLP Sender
  • 49.92 FHIR to HL7 v2.x Mapper Script
  • 49.93 HL7 v2.x Outbound Mapping
  • 49.94 HTTP Access Log
  • 49.95 HTTP Listener
  • 49.96 HTTP Request Pool
  • 49.97 HTTP Security
  • 49.98 Hybrid Providers Definitions
  • 49.99 IG Support
  • 49.100 Initial User Seeding
  • 49.101 JavaScript Execution Environment
  • 49.102 JSON Web KeySet (JWKS)
  • 49.103 LDAP Authentication
  • 49.104 Smile CDR License
  • 49.105 Lucene FullText Indexing
  • 49.106 MDM
  • 49.107 Migration
  • 49.108 Narrative Generator
  • 49.109 OpenID Connect Token Validation
  • 49.110 OpenID Connect (OIDC)
  • 49.111 Payer to Payer
  • 49.112 Prior Authorization Coverage Requirement Discovery
  • 49.113 Prior Authorization Documentation Templates and Requirements
  • 49.114 Prior Authorization Support
  • 49.115 Privacy Security Notice
  • 49.116 Product Portal
  • 49.117 Provenance Injection
  • 49.118 Quality Payment Program (QPP)
  • 49.119 Realtime Export
  • 49.120 Endpoint Validation: Request Validating
  • 49.121 Scheduler Configuration
  • 49.122 Search Parameter Seeding
  • 49.123 SAML Provider
  • 49.124 Security Inbound Script
  • 49.125 Inbound SMART on FHIR Authentication
  • 49.126 Inbound SMART on FHIR Endpoints
  • 49.127 OAuth2/OIDC Federation
  • 49.128 SMART Callback Script
  • 49.129 Cross-Organizational Data Access Profile
  • 49.130 SMART Login Skin
  • 49.131 SMART Login Terms of Service
  • 49.132 SMART Authorization
  • 49.133 SMART Definitions Seeding
  • 49.134 Sessions
  • 49.135 Two Factor Authentication
  • 49.136 TLS / SSL (Encryption)
  • 49.137 Transaction Log
  • 49.138 Trusted Client
  • 49.139 User Self Registration
    • 49.133    SMART Definitions Seeding   
       Table of Contents

    SMART Authorization

    49.132.1SMART Authorization

     

    The SMART Authorization configuration category includes the following configurable options:

    • Allowed Audience List

    • Email From Address

    • Enforce Approved Scopes to Restrict Permissions

    • Scopes Supported

    49.132.2Property: Allowed Audience List

     
    Property Name Allowed Audience List
    Property Key
    Property Type STRING
    Description Space-separated list of allowed resource URLs as the 'audience' parameter during authentication flow. If left empty, no validation is performed.
    Applies to Modules
    • SMART Outbound Security
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.allowed_audience_list =

    49.132.3Property: Email From Address

     
    Property Name Email From Address
    Property Key
    Property Type STRING
    Description Forgotten password related emails will be sent from this email address.
    Applies to Modules
    • Payer to Payer
    • SMART Outbound Security
    • appSphere
    Default Value noreply@unknown.com
    Example Property 
    module.[MODULE_ID].config.email.from_address = noreply@unknown.com

    49.132.4Property: Enforce Approved Scopes to Restrict Permissions

     
    Property Name Enforce Approved Scopes to Restrict Permissions
    Property Key
    Property Type BOOLEAN
    Description When enabled, permission will be stripped from a user's session if they are not supported by an approved SMART on FHIR scope. For example, any FHIR write permissions will be removed from a session if the user has not approved (or a client is set to auto-approve) a scope such as Patient/*.write.
    Applies to Modules
    • SMART Inbound Security
    • SMART Outbound Security
    Default Value true
    Example Property 
    module.[MODULE_ID].config.enforce_approved_scopes_to_restrict_permissions = true

    49.132.5Property: Scopes Supported

     
    Property Name Scopes Supported
    Property Key
    Property Type STRING
    Description A space separated list of scopes to advertise as supported in the .well-known/smart-configuration
    Applies to Modules
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (All FHIR Versions)
    • FHIR REST Endpoint (DSTU2 - Deprecated)
    • FHIR REST Endpoint (R3 - Deprecated)
    • FHIR REST Endpoint (R4 - Deprecated)
    • Hybrid Providers REST Endpoint
    • SMART Inbound Security
    • SMART Outbound Security
    Default Value openid fhirUser
    Example Property 
    module.[MODULE_ID].config.smart_configuration.scopes_supported = openid fhirUser
       49.131    SMART Login Terms of Service
  • Configuration Categories
  • 49.0 Web Admin Console Settings
  • 49.1 appSphere
  • 49.2 Payer Config
  • 49.3 Initial appSphere Seeding
  • 49.4 Authentication Callback Scripts
  • 49.5 Auth: General for APIs
  • 49.6 User Authentication
  • 49.7 Auth: HTTP Basic
  • 49.8 Auth: OpenID Connect
  • 49.9 Browser Syntax Highlighting
  • 49.10 Camel
  • 49.11 Capability Statement (metadata)
  • 49.12 Care Gaps
  • 49.13 CDA Generation
  • 49.14 CDA Import
  • 49.15 CDA Interceptors
  • 49.16 CDA JavaScript Execution Scripts
  • 49.17 CDA Terminology
  • 49.18 CDS Hooks Definitions
  • 49.19 CDS Hooks On FHIR
  • 49.20 Channel Import
  • 49.21 Channel Retry
  • 49.22 Kafka
  • 49.23 Cluster Manager Maintenance
  • 49.24 Message Broker
  • 49.25 Cluster Level Security
  • 49.26 Consent
  • 49.27 CQL
  • 49.28 Credentials
  • 49.29 Cross-Origin Resource Sharing (CORS)
  • 49.30 Invoke Export
  • 49.31 Member Match
  • 49.32 Database
  • 49.33 Da Vinci Health Record Exchange
  • 49.34 EasyShare SMART Health Links
  • 49.35 Email Configuration
  • 49.36 MDM UI
  • 49.37 ETL Import: CSV Properties
  • 49.38 ETL Import: Source
  • 49.39 Measure Evaluation
  • 49.40 FHIR Binary Storage
  • 49.41 FHIR Bulk Operations
  • 49.42 Capability Statement
  • 49.43 FHIR Configuration
  • 49.44 Consent Service
  • 49.45 FHIR Endpoint Conversion
  • 49.46 FHIR Endpoint HFQL Support
  • 49.47 FHIR Endpoint Partitioning
  • 49.48 Resource Providers
  • 49.49 FHIR Endpoint Security
  • 49.50 Endpoint Terminology
  • 49.51 FHIR Gateway Cache
  • 49.52 FHIR Gateway Configuration
  • 49.53 FHIR Interceptors
  • 49.54 LiveBundle Service
  • 49.55 FHIR MDM Server
  • 49.56 FHIR Performance
  • 49.57 FHIR Performance Tracing
  • 49.58 FHIR Realtime Export
  • 49.59 Repository Validation
  • 49.60 FHIR Resource Types
  • 49.61 FHIR REST Endpoint
  • 49.62 FHIR Search
  • 49.63 Custom Resource Types
  • 49.64 IG Support
  • 49.65 MegaScale
  • 49.66 FHIR Storage Module Conditional Updates
  • 49.67 FHIR Storage Module Scheduled Tasks
  • 49.68 FHIR Validation Services
  • 49.69 FHIR Validation Services Remote Terminology Client TLS / SSL (Encryption)
  • 49.70 FHIR Storage Package Registry
  • 49.71 FHIR Storage Partitioning
  • 49.72 Versioned References
  • 49.73 FHIR Subscription Delivery
  • 49.74 FHIR Subscription Persistence
  • 49.75 Amazon HealthLake REST Endpoint
  • 49.76 HL7 v2.x Mapper - Contained Resource
  • 49.77 HL7 v2.x Mapper - DG1
  • 49.78 HL7 v2.x Mapper - Forced Namespace Mode
  • 49.79 HL7 v2.x Mapper - General
  • 49.80 HL7 v2.x Mapper - Medications
  • 49.81 HL7 v2.x Mapper - OBR
  • 49.82 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 49.83 HL7 v2.x Mapper - ORC
  • 49.84 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 49.85 HL7 v2.x Mapper - PID
  • 49.86 HL7 v2.x Mapper - PV1
  • 49.87 Listener Interceptors
  • 49.88 HL7 v2.x Listener Script
  • 49.89 HL7 v2.x Listening Endpoint
  • 49.90 HL7 v2.x MLLP Listener
  • 49.91 HL7 v2.x MLLP Sender
  • 49.92 FHIR to HL7 v2.x Mapper Script
  • 49.93 HL7 v2.x Outbound Mapping
  • 49.94 HTTP Access Log
  • 49.95 HTTP Listener
  • 49.96 HTTP Request Pool
  • 49.97 HTTP Security
  • 49.98 Hybrid Providers Definitions
  • 49.99 IG Support
  • 49.100 Initial User Seeding
  • 49.101 JavaScript Execution Environment
  • 49.102 JSON Web KeySet (JWKS)
  • 49.103 LDAP Authentication
  • 49.104 Smile CDR License
  • 49.105 Lucene FullText Indexing
  • 49.106 MDM
  • 49.107 Migration
  • 49.108 Narrative Generator
  • 49.109 OpenID Connect Token Validation
  • 49.110 OpenID Connect (OIDC)
  • 49.111 Payer to Payer
  • 49.112 Prior Authorization Coverage Requirement Discovery
  • 49.113 Prior Authorization Documentation Templates and Requirements
  • 49.114 Prior Authorization Support
  • 49.115 Privacy Security Notice
  • 49.116 Product Portal
  • 49.117 Provenance Injection
  • 49.118 Quality Payment Program (QPP)
  • 49.119 Realtime Export
  • 49.120 Endpoint Validation: Request Validating
  • 49.121 Scheduler Configuration
  • 49.122 Search Parameter Seeding
  • 49.123 SAML Provider
  • 49.124 Security Inbound Script
  • 49.125 Inbound SMART on FHIR Authentication
  • 49.126 Inbound SMART on FHIR Endpoints
  • 49.127 OAuth2/OIDC Federation
  • 49.128 SMART Callback Script
  • 49.129 Cross-Organizational Data Access Profile
  • 49.130 SMART Login Skin
  • 49.131 SMART Login Terms of Service
  • 49.132 SMART Authorization
  • 49.133 SMART Definitions Seeding
  • 49.134 Sessions
  • 49.135 Two Factor Authentication
  • 49.136 TLS / SSL (Encryption)
  • 49.137 Transaction Log
  • 49.138 Trusted Client
  • 49.139 User Self Registration
    • 49.133    SMART Definitions Seeding