SSO
Single Sign-on (SSO) allows applications on the Redox network to securely connect to other applications and share the login context for a user. The most common use case is a provider in an EHR launching an integrated application, and being automatically logged in, as well as passing context such as which patient and visit are open.
This information is sent in the body of the
POSTrequest. It provides a mapping between existing Redox sources and destinations, as well as the claims in the JSON web token in a Redox Data Model Format.
Fields
Meta
Meta.DataModelString
ReliableRequiredSSO
Meta.EventTypeString
ReliableRequiredSign-on
Meta.EventDateTimeDateTime
ReliableDateTime of the event.
ISO 8601 Format
Meta.TestBoolean
ReliableFlag as a test message
Meta.SourceString
ReliableWhere the message originated.
Included in messages from Redox
Meta.Source.IDString
ReliableID of the source.
UUID
Meta.Source.NameString
ReliableName of the source
Meta.SessionIDString
PossibleSession ID to be passed through for 3rd party sessions.
This is used for SMART App Launch and other OAuth/OpenID Connect flows where an access token is provided in addition to the SSO claims. The SessionID can be used on subsequent Redox API requests to fetch data.
Meta.SessionBaseURLString
PossibleThe Base URL to use when issuing Redox FHIR queries within the SSO session context.
See our docs on SMART via Redox for more details on how to use this field.
Meta.Destinations[]Array of Objects
ReliableList of destinations to send your message to. All messages must have at least one destination. Queries accept only one destination.
Required when sending data to Redox
Meta.Destinations[].IDString
ReliableID of the destination.
UUID
Meta.Destinations[].NameString
ReliableName of the destination
Meta.FacilityCodeString
PossibleCode for the facility related to the message.
Only use this field if a health system indicates you should. The code is specific to the health system's EHR and might not be unique across health systems. In general, the facility fields within the data models (e.g. OrderingFacility) are more reliable and informative.
Subject
SubjectString
ReliableRequiredSubject Identifier. A locally unique and never reassigned identifier for the End-User, which is intended to be consumed by the Client.
TheSubjectvalue is a case sensitive string.
Expiration
ExpirationNumber
ReliableRequiredExpiration time on or after which the ID Token MUST NOT be accepted for processing. The processing of this parameter requires that the current date/time MUST be before the expiration date/time listed in the value. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
Typically we send date/times in ISO 8601 but this is sent as an epoch to stay compatible with JWT.
IssuedAt
IssuedAtNumber
ReliableRequiredTime at which the JWT was issued. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
Typically we send date/times in ISO 8601 but this is sent as an epoch to stay compatible with JWT.
UserId
UserIdString
PossibleEnd-User's user identification, the logical entity used to identify a user on a software, system, or websites.
Name
NameString
ProbableEnd-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences.
FirstName
FirstNameString
ProbableGiven name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters.
LastName
LastNameString
ProbableSurname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters.
MiddleName
MiddleNameString
ProbableMiddle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used.
EmailAddress
EmailAddressString
ProbableEnd-User's preferred e-mail address. Its value MUST conform to the RFC 5322 [RFC5322] addr-spec syntax. This field is not guaranteed to be unique.
NPI
NPIString
ProbableEnd-User's NPI number. Note that not all providers will have an NPI number.
ProviderSpecialty
ProviderSpecialtyString
PossibleThe provider specialty. Note that not all providers will have a specialty.
TimeZone
TimeZoneString
ProbableString from IANA time zone database representing the End-User's time zone. For example, Europe/Paris or America/Los_Angeles.
Locale
LocaleString
ProbableEnd-User's locale, represented as a BCP47 [RFC5646] language tag. This is typically an ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1 Alpha-2 [ISO3166‑1] country code in uppercase, separated by a dash. For example, en-US or fr-CA. As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, en_US; Relying Parties MAY choose to accept this locale syntax as well.
PhoneNumber
PhoneNumber.OfficeString
ProbableEnd-User's preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim, for example, +1 (425) 555-1212 or +56 (2) 687 2400. If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 [RFC3966] extension syntax, for example, +1 (604) 555-1234;ext=5678.
Patient
Patient.Identifiers[]Array
ProbableAn array of identifiers for the patient.
Not all SSO sessions will have a Patient context attached.
Patient.Identifiers[].IDString
ProbableThe identifier.
Patient.Identifiers[].IDTypeString
ProbableThe type of the identifier.
For example, MRN.
Patient.Demographics.FirstNameString
ProbableFirst Name of the Patient
Patient.Demographics.LastNameString
ProbableLast Name of the Patient
Patient.Demographics.MiddleNameString
ProbableMiddle Name of the Patient
Patient.Demographics.DOBString
ProbableDate of birth of the Patient
Patient.Demographics.SexString
ProbablePatient's Sex
Patient.Demographics.PhoneNumber.HomeString
ProbablePatient's home phone number.
In E. 164 Format. (e.g. +16085551234)
Patient.Demographics.PhoneNumber.OfficeString
ProbablePatient's office phone number.
In E. 164 Format. (e.g. +16085551234)
Patient.Demographics.PhoneNumber.MobileString
ProbablePatient's mobile phone number.
In E. 164 Format. (e.g. +16085551234)
Patient.Demographics.AddressObject
ProbablePatient's home address
Patient.Demographics.Address.StreetAddressString
ProbableStreet address
Patient.Demographics.Address.CityString
ProbableCity
Patient.Demographics.Address.StateString
ProbableState
Patient.Demographics.Address.ZIPString
ProbableZIP
Patient.Demographics.Address.CountyString
PossibleCounty
Patient.Demographics.Address.CountryString
PossibleValueSetCountry
-
Additional values may be added by Redox in the future.
-
Visit
Visit.VisitNumberString
ReliableNumber for the visit
Visit.LocationObject
ProbableLocation of the visit.
Visit.Location.TypeString
ProbableType of location.
Examples: Clinic, Department, Home, Nursing Unit, Provider's Office, Phone
Visit.Location.FacilityString
ProbableFacility.
Example: Community Hospital
Visit.Location.DepartmentString
ProbableDepartment
Visit.Location.RoomString
ProbableRoom.
Example: 136
Order
Order.IDString
PossibleID of the order assigned by the placing system
{
"Meta": {
"DataModel": "SSO",
"EventType": "Sign-on",
"EventDateTime": "2017-11-02T20:37:41.634Z",
"Test": true,
"Source": {
"ID": "7ce6f387-c33c-417d-8682-81e83628cbd9",
"Name": "Redox Dev Tools"
},
"SessionID": "abcdefghijklmnop",
"SessionBaseURL": "https://api.redoxengine.com/fhir/R4/redox-fhir-sandbox/Development",
"Destinations": [
{
"ID": "af394f14-b34a-464f-8d24-895f370af4c9",
"Name": "Redox EMR"
}
],
"FacilityCode": null
},
"Subject": "https://healtsystem.com/provider/4356789876",
"Expiration": "2021-09-20T21:28:34.352Z",
"IssuedAt": "2021-09-20T21:13:34.352Z",
"UserId": null,
"Name": "Pat Granite MD",
"FirstName": "Pat",
"LastName": "Granite",
"MiddleName": null,
"EmailAddress": null,
"NPI": "4356789876",
"ProviderSpecialty": null,
"TimeZone": "America/Chicago",
"Locale": "en-US",
"PhoneNumber": {
"Office": "+16085551234"
},
"Patient": {
"Identifiers": [
{
"ID": "0000000001",
"IDType": "MR"
},
{
"ID": "e167267c-16c9-4fe3-96ae-9cff5703e90a",
"IDType": "EHRID"
},
{
"ID": "a1d4ee8aba494ca",
"IDType": "NIST"
}
],
"Demographics": {
"FirstName": "Timothy",
"LastName": "Bixby",
"MiddleName": "Paul",
"DOB": "2008-01-06",
"Sex": "Male",
"PhoneNumber": {
"Home": "+18088675301",
"Office": null,
"Mobile": null
},
"Address": {
"StreetAddress": "4762 Hickory Street",
"City": "Monroe",
"State": "WI",
"ZIP": "53566",
"County": "Green",
"Country": "US"
}
}
},
"Visit": {
"VisitNumber": null,
"Location": {
"Type": "Inpatient",
"Facility": "RES General Hospital",
"Department": "3N",
"Room": "136"
}
},
"Order": {
"ID": null
}
}