Redox | SSO

SSO

Single Sign-on (SSO) allows applications on the Redox network to securely connect to other applications and share the login context for a user. The most common use case is a provider in an EHR launching an integrated application, and being automatically logged in, as well as passing context such as which patient and visit are open.

Learn more about how Redox supports SSO

SSO FAQ^

JSON Web Token
Sign-on

JSON Web Token

BETA

This is body of the JSON web token. Redox will use HMAC SHA256 as the hash algorithm.

The token will be sent in the Authorization header as a bearer token. Authorization: Bearer <token>

Fields

Show Required Fields Only

Show Translation Fields

iss
- iss
  String
  Reliable
  Required
  Issuer. This will be the source responsible for the assertion.
sub
- sub
  String
  Reliable
  Required
  Subject Identifier. A locally unique and never reassigned identifier for the End-User, which is intended to be consumed by the Client.
  The sub value is a case sensitive string.
aud
- aud
  String
  Reliable
  Required
  Audience(s) that this token is intended for. This will be your SSO destination.
exp
- exp
  Number
  Reliable
  Required
  Expiration time on or after which the ID Token MUST NOT be accepted for processing. The processing of this parameter requires that the current date/time MUST be before the expiration date/time listed in the value. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
  Typically we send date/times in ISO 8601 but this is sent as an epoch to stay compatible with JWT.
iat
- iat
  Number
  Reliable
  Required
  Time at which the JWT was issued. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
  Typically we send date/times in ISO 8601 but this is sent as an epoch to stay compatible with JWT.
name
- name
  String
  Probable
  End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences.
given_name
- given_name
  String
  Probable
  Given name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters.
family_name
- family_name
  String
  Probable
  Surname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters.
middle_name
- middle_name
  String
  Probable
  Middle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used.
email
- email
  String
  Probable
  End-User's preferred e-mail address. Its value MUST conform to the RFC 5322 [RFC5322] addr-spec syntax. This field is not guaranteed to be unique.
npi
- npi
  String
  Probable
  End-User's NPI number. Note that not all providers will have an NPI number.
zoneinfo
- zoneinfo
  String
  Probable
  String from IANA time zone database representing the End-User's time zone. For example, Europe/Paris or America/Los_Angeles.
locale
- locale
  String
  Probable
  End-User's locale, represented as a BCP47 [RFC5646] language tag. This is typically an ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1 Alpha-2 [ISO3166‑1] country code in uppercase, separated by a dash. For example, en-US or fr-CA. As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, en_US; Relying Parties MAY choose to accept this locale syntax as well.
phone_number
- phone_number
  String
  Probable
  End-User's preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim, for example, +1 (425) 555-1212 or +56 (2) 687 2400. If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 [RFC3966] extension syntax, for example, +1 (604) 555-1234;ext=5678.
patient_ids
- patient_ids[]
  Array
  Probable
  An array of identifiers for the patient.
  Not all SSO sessions will have a Patient context attached.
- patient_ids[].id
  String
  Probable
  The identifier.
- patient_ids[].id_type
  String
  Probable
  The type of the indentifier.
  For example, MRN.
visit_id
- visit_id
  String
  Probable
  An indentifier indicating the current visit that the SSO context is happening in.
facility_id
- facility_id
  String
  Probable
  The facility that the user is currently logged in to.
  Facility represents different physical locations of a health system, for example Main Hospital vs. Diabetes Clinic.
department_id
- department_id
  String
  Probable
  The department where the user is currently logged in.
  A facility can contain multiple departments. For example, a hospital may have a physical therapy department and a radiology department.

Sample MessageDownload JSON Schema

{
   "iss": "7ce6f387-c33c-417d-8682-81e83628cbd9",
   "sub": "https://healtsystem.com/provider/4356789876",
   "aud": "af394f14-b34a-464f-8d24-895f370af4c9",
   "exp": 1611354498,
   "iat": 1611353598,
   "name": "Pat Granite MD",
   "given_name": "Pat",
   "family_name": "Granite",
   "middle_name": null,
   "email": null,
   "npi": "4356789876",
   "zoneinfo": "America/Chicago",
   "locale": "en-US",
   "phone_number": "+16085551234",
   "patient_ids": [
      {
         "id": "0000000001",
         "id_type": "MR"
      },
      {
         "id": "e167267c-16c9-4fe3-96ae-9cff5703e90a",
         "id_type": "EHRID"
      },
      {
         "id": "a1d4ee8aba494ca",
         "id_type": "NIST"
      }
   ],
   "visit_id": null,
   "facility_id": "RES General Hospital",
   "department_id": "3N"
}

Sign-on

This information is sent in the body of the POST request. It provides a mapping between existing Redox sources and destinations, as well as the claims in the JSON web token in a Redox Data Model Format.

Fields

Show Required Fields Only

Show Translation Fields

Meta
- Meta.DataModel
  String
  Reliable
  Required
  SSO
- Meta.EventType
  String
  Reliable
  Required
  Sign-on
- Meta.EventDateTime
  DateTime
  Reliable
  DateTime of the event.
  ISO 8601 Format
- Meta.Test
  Boolean
  Reliable
  Flag as a test message
- Meta.Source
  String
  Reliable
  Where the message originated.
  Included in messages from Redox
- Meta.Source.ID
  String
  Reliable
  ID of the source.
  UUID
- Meta.Source.Name
  String
  Reliable
  Name of the source
- Meta.Destinations[]
  Array of Objects
  Reliable
  List of destinations to send your message to. All messages must have at least one destination. Queries accept only one destination.
  Required when sending data to Redox
- Meta.Destinations[].ID
  String
  Reliable
  ID of the destination.
  UUID
- Meta.Destinations[].Name
  String
  Reliable
  Name of the destination
- Meta.FacilityCode
  String
  Possible
  Code for the facility related to the message.
  Only use this field if a health system indicates you should. The code is specific to the health system's EHR and might not be unique across health systems. In general, the facility fields within the data models (e.g. OrderingFacility) are more reliable and informative.
Subject
- Subject
  String
  Reliable
  Required
  Subject Identifier. A locally unique and never reassigned identifier for the End-User, which is intended to be consumed by the Client.
  The Subject value is a case sensitive string.
Expiration
- Expiration
  Number
  Reliable
  Required
  Expiration time on or after which the ID Token MUST NOT be accepted for processing. The processing of this parameter requires that the current date/time MUST be before the expiration date/time listed in the value. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
  Typically we send date/times in ISO 8601 but this is sent as an epoch to stay compatible with JWT.
IssuedAt
- IssuedAt
  Number
  Reliable
  Required
  Time at which the JWT was issued. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
  Typically we send date/times in ISO 8601 but this is sent as an epoch to stay compatible with JWT.
UserId
- UserId
  String
  Possible
  End-User's user identification, the logical entitiy used to identify a user on a software, system, or websites.
Name
- Name
  String
  Probable
  End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences.
FirstName
- FirstName
  String
  Probable
  Given name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters.
LastName
- LastName
  String
  Probable
  Surname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters.
MiddleName
- MiddleName
  String
  Probable
  Middle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used.
EmailAddress
- EmailAddress
  String
  Probable
  End-User's preferred e-mail address. Its value MUST conform to the RFC 5322 [RFC5322] addr-spec syntax. This field is not guaranteed to be unique.
NPI
- NPI
  String
  Probable
  End-User's NPI number. Note that not all providers will have an NPI number.
ProviderSpecialty
- ProviderSpecialty
  String
  Possible
  The provider specialty. Note that not all providers will have a speciality.
TimeZone
- TimeZone
  String
  Probable
  String from IANA time zone database representing the End-User's time zone. For example, Europe/Paris or America/Los_Angeles.
Locale
- Locale
  String
  Probable
  End-User's locale, represented as a BCP47 [RFC5646] language tag. This is typically an ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1 Alpha-2 [ISO3166‑1] country code in uppercase, separated by a dash. For example, en-US or fr-CA. As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, en_US; Relying Parties MAY choose to accept this locale syntax as well.
PhoneNumber
- PhoneNumber.Office
  String
  Probable
  End-User's preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim, for example, +1 (425) 555-1212 or +56 (2) 687 2400. If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 [RFC3966] extension syntax, for example, +1 (604) 555-1234;ext=5678.
Patient
- Patient.Identifiers[]
  Array
  Probable
  An array of identifiers for the patient.
  Not all SSO sessions will have a Patient context attached.
- Patient.Identifiers[].ID
  String
  Probable
  The identifier.
- Patient.Identifiers[].IDType
  String
  Probable
  The type of the indentifier.
  For example, MRN.
- Patient.Demographics.FirstName
  String
  Probable
  First Name of the Patient
- Patient.Demographics.LastName
  String
  Probable
  Last Name of the Patient
- Patient.Demographics.MiddleName
  String
  Probable
  Middle Name of the Patient
- Patient.Demographics.DOB
  String
  Probable
  Date of birth of the Patient
- Patient.Demographics.Sex
  String
  Probable
  Patient's Sex
- Patient.Demographics.PhoneNumber.Home
  String
  Probable
  Patient's home phone number.
  In E. 164 Format. (e.g. +16085551234)
- Patient.Demographics.PhoneNumber.Office
  String
  Probable
  Patient's office phone number.
  In E. 164 Format. (e.g. +16085551234)
- Patient.Demographics.PhoneNumber.Mobile
  String
  Probable
  Patient's mobile phone number.
  In E. 164 Format. (e.g. +16085551234)
- Patient.Demographics.Address
  Object
  Probable
  Patient's home address
- Patient.Demographics.Address.StreetAddress
  String
  Probable
  Street address
- Patient.Demographics.Address.City
  String
  Probable
  City
- Patient.Demographics.Address.State
  String
  Probable
  State
- Patient.Demographics.Address.ZIP
  String
  Probable
  ZIP
- Patient.Demographics.Address.County
  String
  Possible
  County
- Patient.Demographics.Address.Country
  String
  Possible
  ValueSet
  Country
  
  Supported Values
  
  Additional values may be added by Redox in the future.
Visit
- Visit.VisitNumber
  String
  Reliable
  Number for the visit
- Visit.Location
  Object
  Probable
  Location of the visit.
- Visit.Location.Type
  String
  Probable
  Type of location.
  Examples: Clinic, Department, Home, Nursing Unit, Provider's Office, Phone
- Visit.Location.Facility
  String
  Probable
  Facility.
  Example: Community Hospital
- Visit.Location.Department
  String
  Probable
  Department
- Visit.Location.Room
  String
  Probable
  Room.
  Example: 136
Order
- Order.ID
  String
  Possible
  ID of the order assigned by the placing system

Sample MessageDownload JSON Schema

{
   "Meta": {
      "DataModel": "SSO",
      "EventType": "Sign-on",
      "EventDateTime": "2017-11-02T20:37:41.634Z",
      "Test": true,
      "Source": {
         "ID": "7ce6f387-c33c-417d-8682-81e83628cbd9",
         "Name": "Redox Dev Tools"
      },
      "Destinations": [
         {
            "ID": "af394f14-b34a-464f-8d24-895f370af4c9",
            "Name": "Redox EMR"
         }
      ],
      "FacilityCode": null
   },
   "Subject": "https://healtsystem.com/provider/4356789876",
   "Expiration": "2021-01-22T22:28:18.677Z",
   "IssuedAt": "2021-01-22T22:13:18.677Z",
   "UserId": null,
   "Name": "Pat Granite MD",
   "FirstName": "Pat",
   "LastName": "Granite",
   "MiddleName": null,
   "EmailAddress": null,
   "NPI": "4356789876",
   "ProviderSpecialty": null,
   "TimeZone": "America/Chicago",
   "Locale": "en-US",
   "PhoneNumber": {
      "Office": "+16085551234"
   },
   "Patient": {
      "Identifiers": [
         {
            "ID": "0000000001",
            "IDType": "MR"
         },
         {
            "ID": "e167267c-16c9-4fe3-96ae-9cff5703e90a",
            "IDType": "EHRID"
         },
         {
            "ID": "a1d4ee8aba494ca",
            "IDType": "NIST"
         }
      ],
      "Demographics": {
         "FirstName": "Timothy",
         "LastName": "Bixby",
         "MiddleName": "Paul",
         "DOB": "2008-01-06",
         "Sex": "Male",
         "PhoneNumber": {
            "Home": "+18088675301",
            "Office": null,
            "Mobile": null
         },
         "Address": {
            "StreetAddress": "4762 Hickory Street",
            "City": "Monroe",
            "State": "WI",
            "ZIP": "53566",
            "County": "Green",
            "Country": "US"
         }
      }
   },
   "Visit": {
      "VisitNumber": null,
      "Location": {
         "Type": "Inpatient",
         "Facility": "RES General Hospital",
         "Department": "3N",
         "Room": "136"
      }
   },
   "Order": {
      "ID": null
   }
}

SSO

JSON Web Tokenlink

Fields

iss

sub

aud

exp

iat

name

given_name

family_name

middle_name

email

npi

zoneinfo

locale

phone_number

patient_ids

visit_id

facility_id

department_id

Sign-onlink

Fields

Meta

Subject

Expiration

IssuedAt

UserId

Name

FirstName

LastName

MiddleName

EmailAddress

NPI

ProviderSpecialty

TimeZone

Locale

PhoneNumber

Patient

Visit

Order

JSON Web Token

Sign-on