LDAP Authorization in Mirth® Connect by NextGen Healthcare

LDAP Authorization User Guide

Set Up the LDAP Connection

To set up Lightweight Directory Access Protocol (LDAP) integration, you must enable LDAP, enter a host address and port number, and enter the base distinguished name (DN). To set up Lightweight Directory Access Protocol (LDAP) integration, perform these steps. In the LDAP Configuration section, open the LDAP Authorization tab. Set LDAP Enabled to Yes. This option is initially disabled. Enabling LDAP Integration Enter the host address and port of your LDAP server.The standard port used by LDAP servers is typically port 389. When Secure Sockets Layer (SSL) protocol is enabled, the port number typically is 636. Host Address and Port Enter the base distinguished name (DN).The base DN is the root DN under which all operations and user searches take place. If this field is left blank, Mirth® Connect by NextGen Healthcare attempts to detect the base DN from the Admin user DN. Base DN Enter the Admin user DN (also called the Bind DN) and the password. These are the credentials that Mirth® Conn

LDAP Authorization User Guide

Restore the LDAP Admin Password After Restoring Server Configuration

After restoring Mirth® Connect by NextGen Healthcare server configuration from a backup, you must re-enter the Lightweight Directory Access Protocol (LDAP) Admin password so it can be re-encrypted. You can select back up and restore options in the Server Tasks pane for Mirth® Connect by NextGen Healthcare server configurations. For details, go to the Mirth Connect download site and download the User Guide for Mirth® Connect by NextGen Healthcare. Backup Config and Restore Config buttons in the Server Tasks section The Mirth® Connect server uses an internal encryption key to encrypt passwords. If you restore a configuration backup from another Mirth® Connect server that uses a different encryption key, you must re-enter the LDAP Admin password so it can be re-encrypted using the current server key. In the LDAP Configuration section, you can re-enter the password in the Change Admin Password field. Change Admin Password field in the LDAP Configuration section Until you re-enter the LDAP

LDAP Authorization User Guide

Filter User Accounts

Specify which organizational units, groups, or individual users in a Lightweight Directory Access Protocol (LDAP) server are allowed to log on to Mirth® Connect by NextGen Healthcare. By default, all users within the base distinguished name (DN) can log on to Mirth® Connect by NextGen Healthcare. To adjust which users are able to log on to Mirth® Connect, you can add user groups to the Search Contexts table. When the table is populated, log ons are permitted only for the organizational units (OUs), groups, or individual users listed in this table. Search Contexts Table Open the LDAP Configuration page in Mirth® Connect. Your users with provisioned access are listed in the Base DN field and the Search Contexts field. To add an entry, select Add next to the Search Contexts field. To delete an entry, select the entry, then select Delete. To specify the users that are allowed by a particular entry, do the following: Select an entry. Select the folder DN folder icon icon at the right of the

LDAP Authorization User Guide

Enable Encryption

Configure options for encrypted communication between Mirth® Connect by NextGen Healthcare and a Lightweight Directory Access Protocol (LDAP) server. Mirth® Connect by NextGen Healthcare can communicate with a Lightweight Directory Access Protocol (LDAP) server using an encrypted connection. You can set options to encrypt the LDAP connection. LDAP Configuration In the LDAP Configuration section, set Encryption to one of the following: None: No encryption is performed. STARTTLS: Start with Transport Layer Security (TLS) and upgrade to an encrypted connection. Typically, LDAP servers use port 389 for TLS. SSL: Use Secure Sockets Layer (SSL) protocol. Typically, LDAP servers use port 636 for SSL. Set Certificate Validation to one of the following: Enabled: Mirth® Connect does not connect to the LDAP server if the server presents an SSL certificate that is not trusted. For the connection to succeed, you need to first import the LDAP server public SSL certificate. Disabled: Mirth® Connect t

Mirth® Connect by NextGen Healthcare User Guide

LDAP Authorization

The LDAP Authorization extension replaces the existing authentication mechanism and instead authenticates against an LDAP server so you can manage user accounts on a centralized LDAP server. Any user contained within the specified User Base DN on the LDAP server can log in to Mirth® Connect. When a user logs in, Mirth® Connect copies the user’s attributes from the LDAP server. The connection to the LDAP server can optionally use SSL or STARTTLS encryption. Contact Us if you have any questions. Image of the LDAP authorization configuration settings. Parent topic: Services and Extensions

LDAP Authorization User Guide

Uninstall the LDAP Authorization Plug-in Manually

You can uninstall the LDAP Authorization plug-in by deleting a folder and running a database query. You can uninstall the LDAP Authorization plug-in manually without logging on to the Mirth® Connect by NextGen Healthcare Administrator. Delete the extensions\ldap folder in the Mirth® Connect home folder. Delete the LDAP Authorization plug-in configuration settings from the Mirth® Connect database by running this query on the database: DELETE FROM configuration WHERE category = 'LDAP Authorization'; Restart the Mirth® Connect server. You can now log on using any local user accounts that existed prior to enabling LDAP authorization. Because the LDAP Authorization plug-in copies LDAP user accounts locally when users log on using their LDAP account credentials, you can still log on to LDAP user accounts with the last password that was used. Related tasks Uninstall the LDAP Authorization Plug-in Through the Mirth Connect by NextGen Healthcare Administrator

LDAP Authorization in Mirth® Connect by NextGen Healthcare

Recommendations

Set Up the LDAP Connection

Restore the LDAP Admin Password After Restoring Server Configuration

Filter User Accounts

Enable Encryption

LDAP Authorization

Uninstall the LDAP Authorization Plug-in Manually

Set Up the LDAP Connection

Restore the LDAP Admin Password After Restoring Server Configuration

Filter User Accounts

Enable Encryption

LDAP Authorization

Uninstall the LDAP Authorization Plug-in Manually