SSO

SSO requires that the web application only use HTTPS and supplying a server certificate and configuring IIS for users should be followed including Active Directory creation for SmartPACS. The SmartPACS website will need to be flagged as "Require SSL".

note

Re-installing SmartPACS (manual or auto-update) will remove the "Require SSL" flag, requiring that it be manually set. This will not be necessary in subsequent versions of SmartPACS.

Several pieces of information are required from the Active Directory. These are:

• The Application ID for SmartPACS.
• The Log In URL which SmartPACS will use to request a SSO login (using SAML).
• The base-64 certificate file that SmartPACS needs to decode the SAML Response.

The base-64 certificate needs to be downloaded to the machine that will use a browser to connect to SmartPACS.

1. Log into SmartPACS as an administrator and access the "System Settings".
2. Scroll down to the SSO section to display the configuration options:
3. Enter the Application Id and Active Directory Login URL
4. Click on the “Certificate” field. This will bring up a file browser. Use this to select the base-64 certificate file from where it was downloaded to.

Optional Fields:

1. User Name Claim: The "Name of Claim Containing User Name" can be utilized to display the user’s name on the UI instead of their email address.
2. User Role Claim and Administrator Privileges: The "Name of Claim Containing User Role" and "Value of User Role that means Administrator" can be used to grant a user "admin" privileges. However, it is essential to consider whether SSO users should have admin privileges. If not, these fields can be left blank.
3. Administrator Privileges and User Role Mapping: The "Value of User Role that Means Administrator" will be privileges defined by the Active Directory server. SmartPACS only supports one User Role parameter for mapping to administrative privileges. i.e. role names such as "Doctor" or "Administrator" could be defined by the AD server.