STC | iQ logo  STC | iQ (v. April 2018) User Guide

SSO & User Type Roles

The following information relates to the Keycloak single sign-on (SSO) roles and the SSO user type roles with IWeb access types.

Keycloak Roles

Users are granted access to each application individually via access roles in the IWeb application (or ImMTrax for WIR implementations) user management area. An access role must be assigned in order to access an application. These roles do not control application behavior.

Note that the optional Keycloak roles to access the applications should match user permissions when applicable. If IWeb and Keycloak permissions and roles do not match, the user may see a blank screen or not be able to access organizations or facilities.

Access Level Required Keycloak Roles Optional Keycloak Roles to Access Applications

Facility Client
  • Provider Level Permissions
  • Access IWeb
  • Access AFIX (for SMaRT AFIX)
  • Access iQ
  • Access PHC Hub
  • Access VOMS
  • Provider Interface Profile Form

Organization Client
  • Organization  Provider Content (data) Security
  • Access IWeb
  • Access AFIX (for SMaRT AFIX)
  • Access iQ
  • Access PHC Hub
  • Access VOMS
  • Provider Interface Profile Form

Registry Client
  • State Level Permissions
  • Access IWeb
  • Access AFIX (for SMaRT AFIX)
  • Access iQ
  • Access PHC Hub
  • Access VOMS
  • Provider Interface Profile Form

SSO User Type Roles and IWeb Access Types

The following SSO user type roles and IWeb access types are also available:

SSO Role (Internal) SSO Role (Displayed) IWeb Access Type Description

Provider_IFace_Interop -and- Provider_Org

Provider Interface Profile Form -and - Organization Provider Content (data) Security

Organization Client

 Access to Organization and Facility functions, including STC | iQ Provider Interface Profile Form

Provider_IFace_Interop -and- Provider

Provider Interface Profile Form -and - Provider Level Permissions

Facility Client

 Access to Facility data, as well as access to Facility functions, including STC | iQ Provider Interface Profile Form

Provider

Provider Level Permissions

Facility Client

 Access to Facility data, as well as access to Facility functions

Provider_Org

Organization Provider Content (data) Security

Organization Client

 Access to Organization and Facility data, as well as access to Organization functions

State

State Level Permissions

Registry Client

 Access at a Registry Client user level

SSO User Type Roles and ImMTrax Access Types

The following SSO user type roles and ImMTrax access types are also available:

SSO Role (Internal) SSO Role (Displayed) ImMTrax Access Type Description

Provider_IFace_Interop -and- Provider_Org

Provider Interface Profile Form -and- Organization Provider Content (data) Security

Organization-Based User

 Access to Organization and Site data, as well as access to Organization and Site functions, including STC | iQ Provider Interface Profile Form

Provider_IFace_Interop -and- Provider

Provider Interface Profile Form -and- Provider Level Permissions

Site-Based User

 Access to Site data, as well as access to Site functions, including STC | iQ Provider Interface Profile Form

Provider

Provider Level Permissions

Site-Based User

 Access to Site data, as well as access to Site functions

Provider_Org

Organization Provider Content (data) Security

Organization-Based User

 Access to Organization and Site data, as well as access to Organization functions

State

State Level Permissions

State Level User

  

Related topics: