Set up an Identity Provider

About Identity Providers and Firely Server

In order to use Access control and SMART on FHIR you need an Identity Provider that can provide OAuth2 JWT Tokens with claims that conform to SMART on FHIR. In a production scenario, you typically already have such a provider. It could be the EHR system, the Active Directory, or a provider set up specifically for let’s say a Patient Portal. It is also very well possible that the provider handing the correct claims uses a federated OAuth2 provider to do the authentication.

Firely Auth

In order to provide a turn-key experience, Firely offers Firely Auth as an add-on. It provides an external authorization services optimized for SMART on FHIR. For more details, see Firely Auth.

To allow you to test Access control and SMART on FHIR, we provide you with instructions to build and run Firely Auth in which you can configure the necessary clients, claims and users yourself to test different scenarios.