Map User Accounts to Roles

LDAP Authorization User Guide

Filter User Accounts

Specify which organizational units, groups, or individual users in a Lightweight Directory Access Protocol (LDAP) server are allowed to log on to Mirth® Connect by NextGen Healthcare. By default, all users within the base distinguished name (DN) can log on to Mirth® Connect by NextGen Healthcare. To adjust which users are able to log on to Mirth® Connect, you can add user groups to the Search Contexts table. When the table is populated, log ons are permitted only for the organizational units (OUs), groups, or individual users listed in this table. Search Contexts Table Open the LDAP Configuration page in Mirth® Connect. Your users with provisioned access are listed in the Base DN field and the Search Contexts field. To add an entry, select Add next to the Search Contexts field. To delete an entry, select the entry, then select Delete. To specify the users that are allowed by a particular entry, do the following: Select an entry. Select the folder DN folder icon icon at the right of the

LDAP Authorization User Guide

LDAP Authorization in Mirth® Connect by NextGen Healthcare

When the Lightweight Directory Access Protocol (LDAP) extension is installed, users can log on to Mirth® Connect by NextGen Healthcare using credentials that are controlled by a separate LDAP directory. The connection between Mirth® Connect and the Lightweight Directory Access Protocol (LDAP) server can be encrypted if needed for security. You can use the Role-Based Access Control extension for Mirth® Connect to assign roles to specific groups of user accounts in the LDAP directory. The LDAP extension is designed to work with LDAP directory services such as: Active Directory OpenLDAP™ ApacheDS™ You can configure LDAP integration in Mirth® Connect in Settings > LDAP Authorization: LDAP Configuration section When LDAP authorization is enabled, only user accounts that exist in the LDAP Directory are permitted to log on to Mirth® Connect. Any local Mirth® Connect user accounts (listed under Users in Mirth® Connect) are disabled. These accounts are re-enabled if LDAP authorization is later

LDAP Authorization User Guide

Map User Attributes

You must define mappings between user attributes in a Lightweight Directory Access Protocol (LDAP) directory and the user attributes maintained by Mirth® Connect by NextGen Healthcare. Mirth® Connect by NextGen Healthcare maintains the following set of attributes for user accounts: Username First Name Last Name Organization Email Phone Number Description These attributes are copied into Mirth® Connect from the LDAP directory when a user logs on to Mirth® Connect. To ensure that the correct LDAP attributes are used, review the mappings shown in the LDAP Attribute Mapping section and modify them as needed. LDAP Attribute Mapping section The values in these fields should correspond to user attributes in the LDAP directory. If you are not sure what attributes to enter, test the LDAP connection. The connection test shows user account information with the current attribute mappings along with a list of attributes that are not mapped.

LDAP Authorization User Guide

LDAP Connection Error: "No user accounts were found"

The LDAP connection error "No user accounts were found" can occur if the LDAP connection has an incorrect base DN, search contexts, or username attribute mapping. This error can result from any of the following flaws in the configuration of the Lightweight Directory Access Protocol (LDAP) connection: The Base DN is incorrect. The Search Contexts does contain valid usernames. The Username attribute mapping is not set to the appropriate value. Mirth® Connect by NextGen Healthcare identifies user accounts on the LDAP server by looking for objects that contain the Username attribute. For Active Directory, the typical Username attribute is sAMAccountName. For other LDAP servers such as OpenLDAP, a common Username attribute is uid. Username Attribute in LDAP Attribute Mapping These settings are all located on the LDAP Authorization tab. Parent topic: Troubleshooting Connection Errors Related tasks Set Up the LDAP Connection Filter User Accounts Map User Attributes

LDAP Authorization User Guide

Set Up the LDAP Connection

To set up Lightweight Directory Access Protocol (LDAP) integration, you must enable LDAP, enter a host address and port number, and enter the base distinguished name (DN). To set up Lightweight Directory Access Protocol (LDAP) integration, perform these steps. In the LDAP Configuration section, open the LDAP Authorization tab. Set LDAP Enabled to Yes. This option is initially disabled. Enabling LDAP Integration Enter the host address and port of your LDAP server.The standard port used by LDAP servers is typically port 389. When Secure Sockets Layer (SSL) protocol is enabled, the port number typically is 636. Host Address and Port Enter the base distinguished name (DN).The base DN is the root DN under which all operations and user searches take place. If this field is left blank, Mirth® Connect by NextGen Healthcare attempts to detect the base DN from the Admin user DN. Base DN Enter the Admin user DN (also called the Bind DN) and the password. These are the credentials that Mirth® Conn

LDAP Authorization User Guide

Uninstall the LDAP Authorization Plug-in Manually

You can uninstall the LDAP Authorization plug-in by deleting a folder and running a database query. You can uninstall the LDAP Authorization plug-in manually without logging on to the Mirth® Connect by NextGen Healthcare Administrator. Delete the extensions\ldap folder in the Mirth® Connect home folder. Delete the LDAP Authorization plug-in configuration settings from the Mirth® Connect database by running this query on the database: DELETE FROM configuration WHERE category = 'LDAP Authorization'; Restart the Mirth® Connect server. You can now log on using any local user accounts that existed prior to enabling LDAP authorization. Because the LDAP Authorization plug-in copies LDAP user accounts locally when users log on using their LDAP account credentials, you can still log on to LDAP user accounts with the last password that was used. Related tasks Uninstall the LDAP Authorization Plug-in Through the Mirth Connect by NextGen Healthcare Administrator

Map User Accounts to Roles

Before you begin

Recommendations

Filter User Accounts

LDAP Authorization in Mirth® Connect by NextGen Healthcare

Map User Attributes

LDAP Connection Error: "No user accounts were found"

Set Up the LDAP Connection

Uninstall the LDAP Authorization Plug-in Manually

Filter User Accounts

LDAP Authorization in Mirth® Connect by NextGen Healthcare

Map User Attributes

LDAP Connection Error: "No user accounts were found"

Set Up the LDAP Connection

Uninstall the LDAP Authorization Plug-in Manually