Single Sign On (SSO) is an authentication system that can allow CHR users to log in with a single authentication through certain approved providers (eg. Google Workspace, Microsoft Azure, and other SAML 2.0-compliant identity providers). This is ideal for clinics who need to restrict user access across multiple platforms.


Enabling SSO

1. Login to your InputHealth Clinic. Navigate to Settings and then to Single Sign-On. Click on the "Add Provider" Button.

IMPORTANT NOTE: Only the account owner of a clinic can enable SSO. In some cases, the account owner may be the InputHealth team. If that is the case, please reach out to us.

2. A new window will open. The ASC URL value box will be pre-filled with a specific URL. Copy this URL to your clipboard.

IMPORTANT: Keep this window open while you follow the steps below in a different chrome tab.

3. In a separate browser/chrome window visit G-Suite's SAML apps by clicking the below link:

4. Click the button to add a new SAML app. This will open up a new window. Click on "SETUP MY OWN CUSTOM APP"

5. Click on "DOWNLOAD" in the Option 2 section. This should trigger a download to your computer. Once the download is complete click "NEXT"

6. Fill in the information of the following window and click "NEXT"

7. Using the ASC URL value that was copied to clipboard in step 2, fill in the ASC URL and Entity ID in the next window.

8. Change the Name ID Format in the dropdown menu to EMAIL.

9. Click "NEXT"

10. Click "FINISH"

11. Enable our new SAML app

12. Our newly created SAML app should now be present in the list of SAML APPs.

13. Find your InputHealth SAML app and enable it for everyone (ON for everyone) or for the appropriate users at your clinic (ON for some)

14. Go back to the InputHealth Page and upload the file we downloaded in step 5.

15. Click "Apply"

Congratulations!

You have successfully enabled SSO for your clinic.

When users now login, they will be presented with the option to enter their email and login with SSO.


🔒 Special Functionality within SSO - Enforce SSO

When SSO is enabled, the user has the option of signing in with their regular InputHealth email and password or with their Single Secure Login.

You can enforce that it is only the SSO option at login - Users sign in with SSO ONLY.

  • This applies to all users (except the account administrator/ account owner).

  • Areas in the CHR that require a password confirmation (i.e. changes to certain settings) will still require the CHR password.

  • The "forgot password button" will no longer be present.

  • Enforce SSO removes the Two Factor Authentication options from Settings > Security for regular users, as these are no longer applicable when using SSO.

Enforce SSO can be configured in Settings > Single Sign-On. At the top, you will see the new Enforce SSO option.

NOTE: This setting must be enabled on the backend by InputHealth. Once enabled, only the Account Owner will see the Enforce SSO option in their domain.

Last updated: 11.2020

Did this answer your question?