Firely Auth

Note

The features described on this page are available in all Firely Server editions.

In order to use access control you need an authorization server that can provide OAuth2 tokens with claims that conform to SMART on FHIR. In a production scenario, you typically already have at least an identity provider, i.e. authentication server, in place. It could be the EHR system, an Azure Active Directory / Microsoft EntraID, or a provider set up specifically for let’s say a Patient Portal.

Creating SMART on FHIR conformant tokens and handling all protocol details related to a SMART app launch requires dedicated support which generic authorization servers do not offer. Firely provides Firely Auth, an external authorization service optimized for SMART on FHIR, which enables a out-of-the-box experience with your existing authentication services.

Note

Firely Auth is licensed separately from the core Firely Server distribution. Please contact Firely to get the license. Your license already permits the usage of Firely Auth if it contains http://fire.ly/server/auth/unlimited. You can also try out Firely Auth using an evaluation license with a limited uptime. Firely Auth as part of the Essentials edition (license token http://fire.ly/server/auth) is limited to three registered clients in total.

To allow you to test access control, we provide you with instructions to build and run Firely Auth in which you can configure the necessary clients, claims and users yourself to test different scenarios.