SSO

This data model allows you to connect to other applications via Redox by securely sharing the login context. This is common for providers launching an integrated application from within the EHR system. With SSO, providers can automatically log in, as well as pass context, like which patient and visit are open. Learn more about how Redox supports SSO.

To do this, the EHR system must be capable of making an outbound SAML request. As with all of our data models, we provide abstraction, standardization, and normalization services to deliver a consistent experience for developers.

If you're interested in launching an app from a patient portal, see our SMART on FHIR® option.

Sign-on

Send login context in the body of a POST request.

This event type provides a mapping between existing Redox sources and destinations, as well as the claims in the JSON web token in a Redox data model format.

Request Body Schema

  • Meta
    required, object
    • DataModel
      required, string
      Reliable

      SSO

    • EventType
      required, string
      Reliable

      Sign-on

    • EventDateTime
      string, null
      Reliable

      DateTime of the event.
      ISO 8601 Format

    • Test
      boolean, null
      Reliable

      Flag as a test message

    • Source
      object

      Where the message originated.
      Included in messages from Redox

      • ID
        string, null
        Reliable

        ID of the source.
        UUID

      • Name
        string, null
        Reliable

        Name of the source

    • SessionID
      string, null
      Possible

      Session ID to be passed through for 3rd party sessions.
      This is used for SMART App Launch and other OAuth/OpenID Connect flows where an access token is provided in addition to the SSO claims. The SessionID can be used on subsequent Redox API requests to fetch data.

    • SessionBaseURL
      string, null
      Possible

      The Base URL to use when issuing Redox FHIR queries within the SSO session context.
      See our docs on SMART via Redox for more details on how to use this field.

    • Destinations
      Array of object

      List of destinations to send your message to. All messages must have at least one destination. Queries accept only one destination.
      Required when sending data to Redox

      • ID
        string, null
        Reliable

        ID of the destination.
        UUID

      • Name
        string, null
        Reliable

        Name of the destination

    • FacilityCode
      string, null
      Possible

      Code for the facility related to the message.
      Only use this field if a health system indicates you should. The code is specific to the health system's EHR and might not be unique across health systems. In general, the facility fields within the data models (e.g. OrderingFacility) are more reliable and informative.

  • Subject
    required, string
    Reliable

    Subject Identifier. A locally unique and never reassigned identifier for the End-User, which is intended to be consumed by the Client.
    The Subject value is a case sensitive string.

  • Expiration
    required, string
    Reliable

    Expiration time on or after which the ID Token MUST NOT be accepted for processing. The processing of this parameter requires that the current date/time MUST be before the expiration date/time listed in the value. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
    Typically we send date/times in ISO 8601 but this is sent as an epoch to stay compatible with JWT.

  • IssuedAt
    required, string
    Reliable

    Time at which the JWT was issued. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
    Typically we send date/times in ISO 8601 but this is sent as an epoch to stay compatible with JWT.

  • UserId
    string, null
    Possible

    End-User's user identification, the logical entity used to identify a user on a software, system, or websites.

  • Name
    string, null
    Probable

    End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences.

  • FirstName
    string, null
    Probable

    Given name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters.

  • LastName
    string, null
    Probable

    Surname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters.

  • MiddleName
    string, null
    Probable

    Middle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used.

  • EmailAddress
    string, null
    Probable

    End-User's preferred e-mail address. Its value MUST conform to the RFC 5322 [RFC5322] addr-spec syntax. This field is not guaranteed to be unique.

  • NPI
    string, null
    Probable

    End-User's NPI number. Note that not all providers will have an NPI number.

  • ProviderSpecialty
    string, null
    Possible

    The provider specialty. Note that not all providers will have a specialty.

  • TimeZone
    string, null
    Probable

    String from IANA time zone database representing the End-User's time zone. For example, Europe/Paris or America/Los_Angeles.

  • Locale
    string, null
    Probable

    End-User's locale, represented as a BCP47 [RFC5646] language tag. This is typically an ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1 Alpha-2 [ISO3166‑1] country code in uppercase, separated by a dash. For example, en-US or fr-CA. As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, en_US; Relying Parties MAY choose to accept this locale syntax as well.

  • PhoneNumber
    object
    • Office
      string, null
      Probable

      End-User's preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim, for example, +1 (425) 555-1212 or +56 (2) 687 2400. If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 [RFC3966] extension syntax, for example, +1 (604) 555-1234;ext=5678.

  • Patient
    object
    • Identifiers
      Array of object

      An array of identifiers for the patient.
      Not all SSO sessions will have a Patient context attached.

      • ID
        string, null
        Probable

        The identifier.

      • IDType
        string, null
        Probable

        The type of the identifier.
        For example, MRN.

    • Demographics
      object
      • FirstName
        string, null
        Probable

        First Name of the Patient

      • LastName
        string, null
        Probable

        Last Name of the Patient

      • MiddleName
        string, null
        Probable

        Middle Name of the Patient

      • DOB
        string, null
        Probable

        Date of birth of the Patient

      • Sex
        string, null
        Probable

        Patient's Sex

      • PhoneNumber
        object
        • Home
          string, null
          Probable

          Patient's home phone number.
          In E. 164 Format. (e.g. +16085551234)

        • Office
          string, null
          Probable

          Patient's office phone number.
          In E. 164 Format. (e.g. +16085551234)

        • Mobile
          string, null
          Probable

          Patient's mobile phone number.
          In E. 164 Format. (e.g. +16085551234)

      • Address
        object

        Patient's home address

        • StreetAddress
          string, null
          Probable

          Street address

        • City
          string, null
          Probable

          City

        • State
          string, null
          Probable

          State

        • ZIP
          string, null
          Probable

          ZIP

        • County
          string, null
          Possible

          County

        • Country
          string, null
          Possible
          Value Set

          Country

  • Visit
    object
    • VisitNumber
      string, null
      Reliable

      Number for the visit

    • Location
      object

      Location of the visit.

      • Type
        string, null
        Probable

        Type of location.
        Examples: Clinic, Department, Home, Nursing Unit, Provider's Office, Phone

      • Facility
        string, null
        Probable

        Facility.
        Example: Community Hospital

      • FacilityIdentifiers
        Array of object

        List of IDs specific to this facility

        • ID
          string, null
          Probable

          An ID specific to this facility

        • IDType
          string, null
          Probable

          The source or system to which this ID pertains.
          Could be an OID or a human-readable name

      • Department
        string, null
        Probable

        Department

      • DepartmentIdentifiers
        Array of object

        List of IDs specific to this department

        • ID
          string, null
          Probable

          An ID specific to this department

        • IDType
          string, null
          Probable

          The source or system to which this ID pertains.
          Could be an OID or a human-readable name

      • Room
        string, null
        Probable

        Room.
        Example: 136

  • Order
    object
    • ID
      string, null
      Possible

      ID of the order assigned by the placing system

Example
json
1
{
2
"Meta": {
3
"DataModel": "SSO",
4
"EventType": "Sign-on",
5
"EventDateTime": "2017-11-02T20:37:41.634Z",
6
"Test": true,
7
"Source": {
8
"ID": "7ce6f387-c33c-417d-8682-81e83628cbd9",
9
"Name": "Redox Dev Tools"
10
},
11
"SessionID": "abcdefghijklmnop",
12
"SessionBaseURL": "https://api.redoxengine.com/fhir/R4/redox-fhir-sandbox/Development",
13
"Destinations": [
14
{
15
"ID": "af394f14-b34a-464f-8d24-895f370af4c9",
16
"Name": "Redox EMR"
17
}
18
],
19
"FacilityCode": null
20
},
21
"Subject": "https://healtsystem.com/provider/4356789876",
22
"Expiration": "2024-11-20T14:23:30.187Z",
23
"IssuedAt": "2024-11-20T14:08:30.187Z",
24
"UserId": null,
25
"Name": "Pat Granite MD",
26
"FirstName": "Pat",
27
"LastName": "Granite",
28
"MiddleName": null,
29
"EmailAddress": null,
30
"NPI": "4356789876",
31
"ProviderSpecialty": null,
32
"TimeZone": "America/Chicago",
33
"Locale": "en-US",
34
"PhoneNumber": {
35
"Office": "+16085551234"
36
},
37
"Patient": {
38
"Identifiers": [
39
{
40
"ID": "0000000001",
41
"IDType": "MR"
42
},
43
{
44
"ID": "e167267c-16c9-4fe3-96ae-9cff5703e90a",
45
"IDType": "EHRID"
46
},
47
{
48
"ID": "a1d4ee8aba494ca",
49
"IDType": "NIST"
50
}
51
],
52
"Demographics": {
53
"FirstName": "Timothy",
54
"LastName": "Bixby",
55
"MiddleName": "Paul",
56
"DOB": "2008-01-06",
57
"Sex": "Male",
58
"PhoneNumber": {
59
"Home": "+18088675301",
60
"Office": null,
61
"Mobile": null
62
},
63
"Address": {
64
"StreetAddress": "4762 Hickory Street",
65
"City": "Monroe",
66
"State": "WI",
67
"ZIP": "53566",
68
"County": "Green",
69
"Country": "US"
70
}
71
}
72
},
73
"Visit": {
74
"VisitNumber": null,
75
"Location": {
76
"Type": "Inpatient",
77
"Facility": "RES General Hospital",
78
"FacilityIdentifiers": [],
79
"Department": "3N",
80
"DepartmentIdentifiers": [],
81
"Room": "136"
82
}
83
},
84
"Order": {
85
"ID": null
86
}
87
}