Patient Access Roles and Permissions
Permission to access Patient Access data in the Admin Console is determined by the user group to which you are assigned in your identity provider (IdP), such as Microsoft Entra ID.
Create roles and permissions in the Patient Access Admin Console so that the personas can access the following areas:
| Patient Access Area | Administrators | Managers | Viewers |
|---|---|---|---|
| Dashboard | yes | yes | yes |
| Patient lookup | yes | yes | no |
| Ability to delete patient | yes | yes | no |
| Audit report | yes | yes | no |
| Activity report | yes | yes | yes |
| Installers | yes | no | no |
| Integrations | yes | no | no |
| Security level | All access | All access except configuration | Reports only |
| Reports they need to see | Utilization | Utilization | none |
Step 1: Create User Groups for Patient Access in your IdP
At a minimum, Patient Access user management requires three groups: Admins, Managers, and Viewers.
Create and manage the groups in your identity provider (IdP).
Example — Microsoft Entra ID
The following sections detail how to configure Patient Access user groups in your Microsoft Entra ID.
These groups can be created and maintained in Active Directory (AD), but will need to be synced to Microsoft Entra ID.
Assumptions
This section assumes the following:
-
You are familiar with Microsoft Azure Portal and Microsoft Entra ID use and terminology.
-
You have a Microsoft Entra ID Directory Global Administrator or Privileged Role Administrator.
-
You have an active Microsoft Entra ID tenant and license.
-
You have users in Active Directory that have synced to Microsoft Entra ID through Microsoft Entra Connect (formerly AAD Connect).
Identify All AAD User Groups to be Synced into Patient Access
-
Select the AAD groups created for Patient Access, and indicate which group contains the Patient Access administrators. Select at least one group that contains administrator users.
-
Start typing a group name and select it by pressing Enter. Type a comma to add another group. Click Continue.
-
Select at least one group that contains the administrator users and click Continue.
The setup is complete. Click Go to Patient Access Admin Console.
Setup is now complete. User sync will run in the background and display users on the users page.
-
Step 2: Manage Group Permissions in Patient Access
In the Patient Access Admin UI, create and manage groups and assign the groups specific roles in Patient Access.
Requirements
-
Only Admins have the ability to assign the IdP groups you created earlier (such as Entra ID) to Patient Access Admin UI roles.
-
The first group must be an Admin group and the current user must be a member of that group.
-
There must always be at least one Admin group and the current user must be a member of that group.
-
Group IDs must be unique.
Create a Group and Assign it a Role
To create a group and assign it a role in Patient Access:
-
In the Patient Access Admin Console, navigate to Settings > Roles and Permissions.
-
Click Add new group.
-
In the Group name box, type a descriptive and meaningful name for the group. This is the name that will be displayed in the Patient Access interface.
-
In the Group ID box, type the identifier that the group uses. For example, this is the ID in Microsoft Entra ID or your IdP.
-
Click Save.
When a group is first created, it is not yet assigned a role in Patient Access. The Role column on the Manage group permissions page displays as Unassigned.
-
Assign the group to a role in Patient Access:
-
On the Manage group permissions page, for the selected group, specific the role by clicking the role list and selecting Admin, Manager, or Viewer, depending on the specific permissions needs of the group.
-
Edit a Group
To edit a group:
-
In the Patient Access Admin Console, navigate to Settings >Roles and Permissions.
-
To change the role assigned to a group, in the Role column, click the drop-down list and select a different role.
-
To edit the group name or ID, click Edit (
). Make the needed changes and click Save.
Delete a Group
To delete a group:
-
In the Patient Access Admin Console, navigate to Settings > Roles and Permissions.
-
To delete a group, click Delete (
). In the dialog, click Delete to confirm the deletion.The group is permanently deleted from Patient Access.
