Skip to main content

Authorization and Access Control

iEHR supports multiple authentication configurations to ensure compliance and integration with various scenarios. Implementations often use a combination of authentication and authorization methods. This section covers iEHR's authentication tools, which verify user identity.

Authentication Methods

iEHR supports several authentication methods, including Google Authentication. Authorization, which determines user permissions, is covered in the Authorization and Access Controls section.

Access Control

iEHR provides a comprehensive set of authorization tools to ensure fine-grained control over data access and operations. The following key components and processes are essential for managing authorization and access control:

Key Resources

  • AccessPolicy: This resource is used to restrict read and write access to FHIR® data, either on a per-resource type or per-field basis. The AccessPolicy guide covers the basics of setting up AccessPolicies.

  • IP Address Rules: AccessPolicies can also be used to restrict access based on the user's IP address, as described in the IP Address Rules guide.

  • SMART Scopes: iEHR supports SMART scopes for SMART-on-FHIR® applications, providing additional layers of access control.

Resources and Reference

  • SDK: See authentication functions in the SDK.

  • OAuth Endpoints: Reference OAuth endpoints.

  • User Registration: React component for user registration.

  • Sign-In Form: React component for the sign-in form.

For more detailed information, feel free to contact us .