LDAP Authorization

Mirth® Connect by NextGen Healthcare User Guide

Role-Based Access Control

Role-Based Access Control, previously named User Authorization, provides the ability to control all aspects of the Mirth® Connect Administrator. You can create new roles with specific permissions to areas such as channel management or message browsing. You can assign any number of roles to users. Use this process to manage access to sensitive channel and messaging data across your enterprise. Contact Us if you have any questions. Image of the Role Based Access Control settings Parent topic: Services and Extensions

LDAP Authorization User Guide

LDAP Authorization in Mirth® Connect by NextGen Healthcare

When the Lightweight Directory Access Protocol (LDAP) extension is installed, users can log on to Mirth® Connect by NextGen Healthcare using credentials that are controlled by a separate LDAP directory. The connection between Mirth® Connect and the Lightweight Directory Access Protocol (LDAP) server can be encrypted if needed for security. You can use the Role-Based Access Control extension for Mirth® Connect to assign roles to specific groups of user accounts in the LDAP directory. The LDAP extension is designed to work with LDAP directory services such as: Active Directory OpenLDAP™ ApacheDS™ You can configure LDAP integration in Mirth® Connect in Settings > LDAP Authorization: LDAP Configuration section When LDAP authorization is enabled, only user accounts that exist in the LDAP Directory are permitted to log on to Mirth® Connect. Any local Mirth® Connect user accounts (listed under Users in Mirth® Connect) are disabled. These accounts are re-enabled if LDAP authorization is later

LDAP Authorization User Guide

Uninstall the LDAP Authorization Plug-in Through the Mirth® Connect by NextGen Healthcare Administrator

You can uninstall the LDAP Authorization plug-in through the Mirth® Connect by NextGen Healthcare Administrator. In the Mirth Connect section, select Extensions. In the Installed Plugins section, select LDAP Authorization. Select Uninstall Extension from the left-side menu. Selecting Uninstall Extension in the Extension Tasks To cause the change to take effect, restart the Mirth® Connect server. You can now log on using any local user accounts that existed prior to enabling LDAP authorization. Because the LDAP authorization plug-in copies LDAP user accounts locally when users log on using their LDAP account credentials, you can still log on to LDAP user accounts with the last password that was used. Related tasks Uninstall the LDAP Authorization Plug-in Manually

LDAP Authorization User Guide

Uninstall the LDAP Authorization Plug-in Manually

You can uninstall the LDAP Authorization plug-in by deleting a folder and running a database query. You can uninstall the LDAP Authorization plug-in manually without logging on to the Mirth® Connect by NextGen Healthcare Administrator. Delete the extensions\ldap folder in the Mirth® Connect home folder. Delete the LDAP Authorization plug-in configuration settings from the Mirth® Connect database by running this query on the database: DELETE FROM configuration WHERE category = 'LDAP Authorization'; Restart the Mirth® Connect server. You can now log on using any local user accounts that existed prior to enabling LDAP authorization. Because the LDAP Authorization plug-in copies LDAP user accounts locally when users log on using their LDAP account credentials, you can still log on to LDAP user accounts with the last password that was used. Related tasks Uninstall the LDAP Authorization Plug-in Through the Mirth Connect by NextGen Healthcare Administrator

LDAP Authorization User Guide

Set Up the LDAP Connection

To set up Lightweight Directory Access Protocol (LDAP) integration, you must enable LDAP, enter a host address and port number, and enter the base distinguished name (DN). To set up Lightweight Directory Access Protocol (LDAP) integration, perform these steps. In the LDAP Configuration section, open the LDAP Authorization tab. Set LDAP Enabled to Yes. This option is initially disabled. Enabling LDAP Integration Enter the host address and port of your LDAP server.The standard port used by LDAP servers is typically port 389. When Secure Sockets Layer (SSL) protocol is enabled, the port number typically is 636. Host Address and Port Enter the base distinguished name (DN).The base DN is the root DN under which all operations and user searches take place. If this field is left blank, Mirth® Connect by NextGen Healthcare attempts to detect the base DN from the Admin user DN. Base DN Enter the Admin user DN (also called the Bind DN) and the password. These are the credentials that Mirth® Conn

LDAP Authorization User Guide

Enable Encryption

Configure options for encrypted communication between Mirth® Connect by NextGen Healthcare and a Lightweight Directory Access Protocol (LDAP) server. Mirth® Connect by NextGen Healthcare can communicate with a Lightweight Directory Access Protocol (LDAP) server using an encrypted connection. You can set options to encrypt the LDAP connection. LDAP Configuration In the LDAP Configuration section, set Encryption to one of the following: None: No encryption is performed. STARTTLS: Start with Transport Layer Security (TLS) and upgrade to an encrypted connection. Typically, LDAP servers use port 389 for TLS. SSL: Use Secure Sockets Layer (SSL) protocol. Typically, LDAP servers use port 636 for SSL. Set Certificate Validation to one of the following: Enabled: Mirth® Connect does not connect to the LDAP server if the server presents an SSL certificate that is not trusted. For the connection to succeed, you need to first import the LDAP server public SSL certificate. Disabled: Mirth® Connect t

LDAP Authorization

Recommendations

Role-Based Access Control

LDAP Authorization in Mirth® Connect by NextGen Healthcare

Uninstall the LDAP Authorization Plug-in Through the Mirth® Connect by NextGen Healthcare Administrator

Uninstall the LDAP Authorization Plug-in Manually

Set Up the LDAP Connection

Enable Encryption

Role-Based Access Control

LDAP Authorization in Mirth® Connect by NextGen Healthcare

Uninstall the LDAP Authorization Plug-in Through the Mirth® Connect by NextGen Healthcare Administrator

Uninstall the LDAP Authorization Plug-in Manually

Set Up the LDAP Connection

Enable Encryption