Single Sign On (SSO) is an authentication system (tool) that all clinic users can use to log into the CHR with a single authentication, through certain approved providers (eg. Google Workspace, Microsoft Azure, and other SAML 2.0-compliant identity providers).

This is ideal if your clinic needs to restrict user access across multiple platforms.

📌 Note: Only CHR account owners can enable SSO. If you do not have account ownership, contact the TELUS Health support team through the in-app support bubble. See Contact us.

Steps

  1. From the main menu, click Settings > Single Sign-On.

  2. Click Add Provider.

    A NEW SAML Identity Provider window appears with a pre-filled ACS URL.
    ⚠️ Important: Keep this window open while you follow the steps below in a new google chrome tab.

  3. Under ACS URL, copy and paste the specific pre-filled URL to your clipboard.

  4. In the separate google chrome tab, click the below Admin Console link (G-Suite's SAML apps):

  5. Click + at the bottom right corner of the screen, to add a new SAML app.
    The Enable SSO for SAML Application window appears.

  6. Click Setup my own custom app.
    A Google IdP Information window appears.

  7. Under Option 2, click Download.
    This triggers a download to your device.

  8. Once the download is complete click Next.

    A Basic Information for your Custom App window appears.

  9. Complete the form:
    Application Name: inputhealth-com
    Description: InputHealth

  10. Click Next.

    A Service Provider Details window appears.

  11. Paste the ASC URL that was copied to your clipboard in step 3 into the ASC URL and Entity ID field.

  12. Next to Name ID format, select Email.

  13. Click Next.

    A Attribute Mapping window appears.

  14. Click Finish.

    The newly create SAML app now appears in the list of SAML Apps.

  15. Search for the InputHealth SAML app and enable it for everyone by clicking the three dots icon and selecting ON for everyone (enable for everyone), or ON for some (enable for specific users at your clinic).

  16. Return to the CHR tab.

  17. In the Metadata XML field, click Choose File and upload the file you downloaded in step 8.

  18. Click Apply.

Once SSO is enabled for your clinic and users login to their accounts, they have the option to enter their email and login with SSO, or login with email and password.

Enforcing the use of SSO at your clinic

When SSO is enabled, users have the option of signing in with their email and password, or with their secure Single Sign-on.

You can enforce that users can only login using the SSO option. This applies to all users (except the account owner). The forgot password option at login will no longer be present. The two-factor authentication security setting will automatically be removed, as this is no longer applicable when using SSO.

📌 Note: Areas in the CHR that require a password confirmation (i.e. changes to certain settings) will still require the user's CHR password.

📌 Note: Only account owners configure this setting.

Steps

  1. From the main menu, click Settings > Single Sign-On.

    📌 Note: Once you have added a provider (see steps above), the Enforce SSO option appears.

  2. Under Enforce SSO, select Enable.

  3. Click Save.

Last updated: 11.2020

Did this answer your question?