User management

There are two ways to manage users in Aidbox:

1.
Manage Users in Aidbox
2.
Manage Users in external systems

Manage Users in Aidbox

Aidbox user management is based on the User resource.
A User represents an application‑level identity and is completely stored and controlled inside the Aidbox database. Each user record contains the login name, a hashed password, an active flag, and a link to FHIR user (Practitioner or Patient), and some additional fields that determine the user's effective permissions through AccessPolicy rules.

Because everything is a resource, you can manage users the same way you manage clinical data: create profiles to apply validation, versioned history, transactions, _history, etc.

Manage Users in external systems

If you already have an identity provider, you can delegate authentication to it and keep all identities outside Aidbox. Aidbox becomes a Service Provider that trusts the external IdP and focuses on authorization.

Two building blocks are involved:

IdentityProvider – resource to configure an external identity provider. Log in to Aidbox UI with SSO. When users hit the Aidbox UI, they are redirected to the IdP; after successful login, the IdP posts an ID‑token back to Aidbox, establishing a browser session. Aidbox retrieves user data from external identity provider and stores it in the User resource.
TokenIntrospector – For API access, point your application to the IdP directly, then present the resulting JWT/Opaque token to Aidbox. The TokenIntrospector resource tells Aidbox how to verify the token signature.

Automatically create users from external systems

In some cases, you want to authenticate with an external IdP and still have a corresponding User resource inside Aidbox for auditing, patient‑to‑user mapping, or granular AccessPolicy rules. Aidbox supports just‑in‑time user provisioning:

In case of SSO, Users are created automatically. – In case of API access, it is possible to create User at first request using setting.