LDAP and Windows Integrated Authentication

System Administrator Help

Limitations - LDAP and Windows Integrated Authentication

You may experience a few logon limitations with the NextGen Healthcare applications when either LDAP or Windows integrated authentication is enabled. The NextGen Healthcare applications only accommodate mapping a user to one domain. For Windows integrated authentication, the Active Directory account (as used to log into the machine) has to exist on the user’s local domain. With LDAP authentication enabled, users must still log on within the application for the following: Unlocking encounters Medication verification PAQ use ePCS use Parent topic: LDAP and Windows Integrated Authentication

System Administrator Help

LDAP Integrated Authentication

When the LDAP integrated authentication is enabled, mapped users can select Active Directory in the Authentication field of the Security Logon window. New authentication processing occurs so that they can log on to the NextGen Healthcare applications by entering the same domain, user name, and password credentials they use to log onto the network. The credentials are then authenticated through Active Directory. Note: Alternatively, the users can select NextGen Database in the Authentication field and use their existing NextGen® Enterprise user name and password to log on. How logging on changes with Active Directory integrated authentication When Active Directory integrated authentication is turned on, the Authentication field appears on the Security Logon window. The field displays for all users regardless of whether they are mapped to an Active Directory account. If the user selects Active Directory, the Domain field appears. To log on, the user must enter the user name, password, an

System Administrator Help

Set Up Integrated Authentication

You perform all integrated authentication setup in System Administrator. Setup is a three-step process. Turn on LDAP mapping. The setting enables the Map LDAP User button on the user under General tab. Map each NextGen application user to a user name in Active Directory. You can map them individually or in bulk. If necessary, you can provide proxy access for mapped users. Activate Integrated Authentication In System Administrator you can turn on LDAP and Windows integrated authentication. Map a User for LDAP Integrated Authentication Map Multiple Users for LDAP Integrated Authentication Set Up LDAP Integration Proxy Access Restrict Access to Windows Integrated Authentication Parent topic: LDAP and Windows Integrated Authentication

System Administrator Help

Map a User for LDAP Integrated Authentication

By mapping individual users to users in the Active Directory, you enable them to use LDAP authentication. To map a user, in System Administrator main window, select the user. On the External tab, select Map LDAP User. The Add External LDAP User window appears. Under LDAP User Search Options, the Domain search field defaults to the name of the domain currently logged into, and the First Name and Last Name fields default to the first and last names of the selected NextGen Healthcare user. If you need to find a different user, enter the search criteria in the LDAP User Search Options, and then select Search. The matching results display. Select the username row, and then select OK. The user's LDAP domain and username display on the External tab. Parent topic: Set Up Integrated Authentication

System Administrator Help

General Options Universal Preferences

Preference Description Add to Inclusion List from Patient Lookup Enables a provider to add patients to their Inclusion List from the Patient Lookup window. When this preference is set to True, patient names in the Patient Lookup window display with black text and the remaining names display with gray text. When this preference is set to False, only those names in the Inclusion List appear in the Patient Lookup window; therefore, the provider cannot add any new names to the Inclusion List. Note: The provider must have an Inclusion List already set up. Allow LDAP Integrated Authentication When set to True, this preference enables the LDAP integration features. The LDAP user mapping options become available in the System Administrator application > User settings > External tab. On the tab, the administrator searches the Active Directory system by domain, username, first name and last name and maps a directory user object to the selected NextGen Healthcare user account. This preference wil

LDAP Authorization User Guide

LDAP Authorization in Mirth® Connect by NextGen Healthcare

When the Lightweight Directory Access Protocol (LDAP) extension is installed, users can log on to Mirth® Connect by NextGen Healthcare using credentials that are controlled by a separate LDAP directory. The connection between Mirth® Connect and the Lightweight Directory Access Protocol (LDAP) server can be encrypted if needed for security. You can use the Role-Based Access Control extension for Mirth® Connect to assign roles to specific groups of user accounts in the LDAP directory. The LDAP extension is designed to work with LDAP directory services such as: Active Directory OpenLDAP™ ApacheDS™ You can configure LDAP integration in Mirth® Connect in Settings > LDAP Authorization: LDAP Configuration section When LDAP authorization is enabled, only user accounts that exist in the LDAP Directory are permitted to log on to Mirth® Connect. Any local Mirth® Connect user accounts (listed under Users in Mirth® Connect) are disabled. These accounts are re-enabled if LDAP authorization is later

LDAP and Windows Integrated Authentication

Recommendations

Limitations - LDAP and Windows Integrated Authentication

LDAP Integrated Authentication

Set Up Integrated Authentication

Map a User for LDAP Integrated Authentication

General Options Universal Preferences

LDAP Authorization in Mirth® Connect by NextGen Healthcare

Limitations - LDAP and Windows Integrated Authentication

LDAP Integrated Authentication

Set Up Integrated Authentication

Map a User for LDAP Integrated Authentication

General Options Universal Preferences

LDAP Authorization in Mirth® Connect by NextGen Healthcare