PhenixID

Step by Step – Tieto Lifecare/Procapita MFA and SSO with PhenixID Authentication Services

Summary

This document will guide you through the steps to enable multi-factor authentication and Single-Sign On for the healthcare- and welfare application Tieto Lifecare (https://www.tieto.com/en/who-we-serve/healthcare-and-welfare/healthcare/lifecare-for-secondary-care/) using SAML2.

 

System Requirements

  • PhenixID Authentication Server 2.7 or higher
  • Tieto Lifecare technical contact.

Instruction

Overview

This document will guide you through the steps to enable multi-factor authentication and Single-Sign on for Tieto Lifecare .

PhenixID Server acting as SAML IdP

  1. Setup PhenixID Authentication Services as a SAML IdP using one of the Federation scenarios described here. (If the desired authentication method is not provided by a scenario, use the documentation for the SAML authenticator here)
  2. Fetch the Tieto Lifecare user identifier value (personal number or HSA-ID (only for welfare)) from the user store or from the data produced by the authentication (such as a certificate attribute) (depending on your use case).
  3. [OPTIONAL] Fetch givenName and sn.
  4. Create an item property userid and populate with the value fetched in previous step.
  5. Use the userid as Name ID attribute.
  6. Add these attributes as additional attribute:
    userid,givenName,sn
  7. Go to Scenarios->Federation-> <newly_added_scenario> -> Identity Provider. Deselect “Require signed requests”. Save.

Configure Tieto Lifecare

  1. Send the IDP Metadata link at https://<YourServerDomainName>/saml/authenticate/<authenticator_alias>?getIDPMeta to the Tieto Lifecare technical contact.
  2. Request Tieto Lifecare SAML SP metadata file from the Tieto Lifecare technical contact. 

Add trust to Tieto Lifecare on PhenixID Authentication Services

  1. Login to configuration manager
  2. Open Scenarios->Federation->SAML Metadata upload
  3. Click the plus sign
  4. Add Tieto Lifecare SAML SP Metadata by uploading the metadata file from the Tieto Lifecare technical contact. 

Test

  1. Browse to your Tieto Lifecare site (ask the Tieto Lifecare technical contact for details).
  2. This should result in a redirect to PhenixID Authentication Server
  3. Authenticate
  4. If authentication was successful, a redirect to Tieto Lifecare should occur (with SAML assertion)
  5. The user should now be logged in.

Troubleshooting

  • If error message is presented on PhenixID Authentication Services page, please check server.log for details.
  • If error message is presented on Tieto Lifecare, please consult Tieto Lifecare logs for details.

DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.

PhenixID - support.phenixid.se