Collaborative Health Record (CHR)

Single Sign-On (SSO) allows users to access multiple applications and websites with one set of credentials, streamlining the login process and improving security. 

The CHR supports SAML 2.0-compliant identity providers (IdP), such as Google Workspace, Microsoft Entra ID, OKTA and Duo Security. To use SSO with the CHR, you must have an account with an IdP. You then synchronize that account with the CHR. 

When you enable SSO, users aren't required to enter their CHR password to log into the CHR. Instead, they are redirected to their IdP to authenticate. You can <a href="https://help.inputhealth.com/en/articles/10985792-enforcing-the-use-of-single-sign-on-sso">require SSO</a> for CHR sign-in or give users the option to use it. To use SSO, a user must have accounts with the same email address on both the IdP and CHR.

This feature must be configured by the TELUS CHR Support account. <a href="https://help.inputhealth.com/en/articles/5188450-contact-us">Contact the TELUS Health support team</a> through the support chat for more information.

From the main menu, click Settings &gt; Single Sign-On.

Click Add Provider. A New SAML Identity Provider window opens.

💡Tip: Keep this open while you follow the steps from your IdP.

Copy the URL from the ACS URL (Assertion Consumer Service URL) field. You’ll need this to configure SSO within your IdP admin dashboard.

In a separate Google Chrome tab, open the admin dashboard for your IdP. Such as <a href="https://admin.google.com/AdminHome?hl=en#AppsList:serviceType=SAML_APPS" rel="nofollow noopener noreferrer" target="_blank">Google Admin Console</a> or <a href="https://entra.microsoft.com/" rel="nofollow noopener noreferrer" target="_blank">Microsoft Entra admin center</a>.

Follow the steps provided by your IdP to add a new SAML app such as <a href="https://cloud.google.com/contact-center/ccai-platform/docs/sso-workspace" rel="nofollow noopener noreferrer" target="_blank">Google Workspace</a> or <a href="https://learn.microsoft.com/en-ca/entra/identity/enterprise-apps/add-application-portal-setup-sso" rel="nofollow noopener noreferrer" target="_blank">Microsoft Entra ID</a>.

📌 Note: You will need download a metadata file from your IdP.

The following table provides the information you may need:

1. From the main menu, click Settings &gt; Single Sign-On.
2. Click Add Provider. A New SAML Identity Provider window opens.
 💡Tip: Keep this open while you follow the steps from your IdP.
3. Copy the URL from the ACS URL (Assertion Consumer Service URL) field. You’ll need this to configure SSO within your IdP admin dashboard.

4. In a separate Google Chrome tab, open the admin dashboard for your IdP. Such as <a href="https://admin.google.com/AdminHome?hl=en#AppsList:serviceType=SAML_APPS" rel="nofollow noopener noreferrer" target="_blank">Google Admin Console</a> or <a href="https://entra.microsoft.com/" rel="nofollow noopener noreferrer" target="_blank">Microsoft Entra admin center</a>.
5. Follow the steps provided by your IdP to add a new SAML app such as <a href="https://cloud.google.com/contact-center/ccai-platform/docs/sso-workspace" rel="nofollow noopener noreferrer" target="_blank">Google Workspace</a> or <a href="https://learn.microsoft.com/en-ca/entra/identity/enterprise-apps/add-application-portal-setup-sso" rel="nofollow noopener noreferrer" target="_blank">Microsoft Entra ID</a>. 
 For example, Google Workspace: 
 
 
 📌 Note: You will need download a metadata file from your IdP. 
6. The following table provides the information you may need:

6. Return to the New SAML Identity Provider window in the CHR.

7. In the Metadata XML field, click Choose File and upload the file you downloaded from your IdP.

8. In the Name field, add the button name you want users to see on login.

Once SSO is enabled, users enter their email address and have the option to login with SSO or login with their password.

Configuration 📌 Note: The exact names of these fields vary depending on your IdP.	Setting
Application name	inputhealth-com
Description	InputHealth
Entity ID	The URL you copied from the ACS URL field in the CHR.
Attribute Consume Service Endpoint (ACS URL).	The URL you copied from the ACS URL field in the CHR.
Name ID format	Set to email address urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Certificate	If you require the certificate please contact the TELUS Health support team through the support chat. 📌 Note: This is typically only required for older IdP configurations.

Steps to synchronize your IdP and CHR