PhenixID

Step by Step – CGI Treserva MFA with PhenixID Authentication Services

Summary

This document will guide you through the steps to enable multi-factor authentication for the healthcare solution Treserva, provided by CGI.

System Requirements

  • PhenixID Authentication Services 4.0 or higher
  • Treserva administrator contact

Instruction

Configure PhenixID Authentication Services as Identity Provider

  1. Setup PhenixID Authentication Services as a SAML IdP using one of the Federation scenarios described here. (If the desired authentication method is not provided by a scenario, use the documentation for the SAML authenticator here)
  2. Go to Scenarios->Federation-><YOUR_IDP>->Execution Flow
  3. Verify that the HSA-id attribute is fetched from the data source, such as LDAP, lookup.
  4. Make these changes to the execution flow:
    1. Click Add valve
    2. Add a PropertyAddValve with these settings
      1. Name =  urn:oid:1.2.752.29.6.2.1
      2. Value = {{item.employeeHsaID}}
        (If necessary in your environment, change employeeHsaID to the attribute name containing the HSA-id)
    3. Move the new valve to be executed before the AssertionProvider valve
    4. Expand AssertionProvider
    5. Set these values
      1. Name ID Attribute = urn:oid:1.2.752.29.6.2.1
      2. Additional attributes = urn:oid:1.2.752.29.6.2.1
    6.  Save. Example screen shot of the configuration:

Configure Treserva

Send this information to the Treserva administrator:

  1. The identity provider SAML Metadata URL
  2. The name of the SAML attribute containing the hsaID (urn:oid:1.2.752.29.6.2.1)

The Treserva administrator will send you the SAML Service Provider metadata of the Treserva instance.

Add Treserva as a trusted Service Provider to PhenixID Authentication Services

  1. Login to configuration manager
  2. Scenarios->Federation
  3. SAML Metadata upload
  4. Enter a name. Click Next
  5. Add the Treserva metadata url (provided to you by the Treserva administrator, please view previous step).
    (If your PhenixID Authentication Services server is not able to reach external resources, browse to the Treserva metadata URL on another device and download the metadata to a file. Then upload the file in the SAML Metadata upload scenario).

Test

The Treserva administrator will provide details on how to test.

Debug

Verify server.log to make sure the SAML assertion contains the intended identity information.


DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.

PhenixID - support.phenixid.se