Broken LinksNotebooks
# Table of contents
Aidbox FHIR platform documentation
Getting Started
Tutorials
CRUD, Search Tutorials
Bulk API Tutorials
Security & Access Control Tutorials
RBAC
Terminology Tutorials
Validation Tutorials
Upload FHIR Implementation Guide
Aidbox UI
Integration Toolkit Tutorials
Other tutorials
## Overview
Aidbox user portal
Aidbox UI
## Configuration
## API
REST API
CRUD
Search
Custom Search Parameter
SearchParameter types
Search parameters list
Other
Other
Bulk API
Other APIs
Plan API
Provider Directory API
Archive/Restore API
## Modules
Profiling and validation
FHIR Schema Validator
Security & Access Control
Authentication
Access to AidboxUI
External identity providers
Authentication Flows
Access Control
Attribute-based Access Control (ABAC)
Label-based Access Control
SMART on FHIR
SMART Client Authorization
SMART Client Authentication
SMART (deprecated)
SMART on FHIR
Multitenancy
Patient data access API
Audit
Technical reference
Observability
Getting started
Logs
How-to guides
Tutorials
Technical reference
Metrics
How-to guides
Technical reference
Traces
Subscriptions
Aidbox topic-based subscriptions
Aidbox Forms
Aidbox UI Builder
Form creation
How-to guides
Printing forms
Embedding
Aidbox Code Editor (deprecated)
Define extensions
Custom Resources
Migrate to FHIR Schema
Aidbox terminology module
Concept
ValueSet
CodeSystem
Import external terminologies
SQL on FHIR
Integration toolkit
C-CDA / FHIR Converter
List of supported templates
HL7 v2 Integration
Analytics
Email Providers integration
SMARTbox | FHIR API for EHRs
Get started
The B11 Decision Support Interventions
How-to guides
Background information
Other modules
MDM
## Storage
AidboxDB
Other
S3-compatible storages
## Deployment and maintenance
Deploy Aidbox
Run Aidbox on Kubernetes
Backup and Restore
Indexes
## App development
Aidbox SDK
## Reference
Settings reference
Environment variables
Email Providers reference
Aidbox Forms reference
## Deprecated
Deprecated
Zen-related
RPC reference
aidbox
mdm
Aidbox configuration project
Aidbox Configuration project reference
US Core IG
Workflow Engine
Task
Workflow
FHIR conformance Deprecated guides
How to enable US Core IG
Terminology Deprecated Tutorials
zen-lang validator
FHIR topic-based subscriptions
API Reference
🏗️ FHIR Terminology Repository
Create an FTR instance
Entity / Attribute
Other
App Development Deprecated Tutorials
Receive logs from your app
Other Deprecated Tutorials

What is Tenant

In terms of Aidbox, a tenant is logically isolated data belonging to one medical practice (clinic)

Structure of a Tenant

json
id: my-clinic
resourceType: Tenant
name: My Clinic Name
logoUrl: https://example.com/my-clinic-logo.png
identityProvider:
  client:
    id: ziW2...lv0
    secret: 7Ho...gvb
  scopes:
    - user
    - read:org
    - openid
    - profile
  system: aidbox:tenant:my-clinic
  token_endpoint: https://auth.example.com/token
  userinfo_endpoint: https://auth.example.com/userinfo
  authorize_endpoint: https://auth.example.com/authorize
  • id should consist of Unreserved Characters (section 2.3 of RFC 3986) as it is used as the part of URL
  • name is a tenant name
  • logoUrl defines where the tenant logo image is. The link should be publicly accessible
  • identityProvider defines the external identity provider Aidbox uses to authenticate users. If it's omitted, Aidbox uses the builtin Login form
  • client
  • id is the Client ID in the external identity provider
  • secretis the Client Secret in the external identity provider
  • scopes is an array of scopes identity providers supports
  • system should be a string representing the current tenant. Users of the tenant should have the same system value in their identifier property
  • token_endpoint is the token endpoint of the external identity provider
  • userinfo_endpoint is the userinfo endpoint of the external identity provider
  • authorize_endpoint is the authorize endpoint of the external identity provider

How to create a Tenant

http
POST /Tenant
content-type: text/yaml

id: my-clinic
resourceType: Tenant
name: My Clinic Name
logoUrl: https://example.com/my-clinic-logo.png
identityProvider:
  client:
    id: ziW2...lv0
    secret: 7Ho...gvb
  scopes:
    - user
    - read:org
    - openid
    - profile
  system: aidbox:tenant:my-clinic
  token_endpoint: https://auth.example.com/token
  userinfo_endpoint: https://auth.example.com/userinfo
  authorize_endpoint: https://auth.example.com/authorize
http
POST /Tenant
content-type: text/yaml

id: my-clinic
resourceType: Tenant
name: My Clinic Name
logoUrl: https://example.com/my-clinic-logo.png

How to create a User

http
POST /User
content-type: text/yaml

resourceType: User
active: true
email: mail@example.com
identifier:
  - system: aidbox:tenant:my-clinic
    value: user-id-in-external-identity-provider
meta:
  tenant:
    id: my-clinic
    resourceType: Tenant
http
POST /User
content-type: text/yaml

resourceType: User
active: true
email: mail@example.com
password: secret # should be provided
meta:
  tenant:
    id: my-clinic
    resourceType: Tenant

meta.tenant links the user to the Tenant

There should be one element in the identifier section where

  • system links to the identityProvider.system
  • value is the user ID in the external identity provider