LDAP and Windows Integrated Authentication

System Administrator User Guide

LDAP and Windows Integrated Authentication

The NextGen Healthcare applications support the use of Lightweight Directory Access Protocol (LDAP) authentication and Windows integrated authentication for user logon. The authentication eases administration access and allows single sign-on through directory-integrated authentication. With both kinds of authentication: The LDAP user mapping options in System Administrator become available, which enable you to map NextGen Healthcare users to Active Directory users. You can map users one at a time or in bulk. You can set account access to a proxy server for all mapped users. Note: The NextGen Healthcare applications still track user changes to data, such as for significant events, by their NextGen user ID. LDAP Integrated Authentication Limitations - LDAP and Windows Integrated Authentication Set Up Integrated Authentication Parent topic: Users

System Administrator Help

Limitations - LDAP and Windows Integrated Authentication

You may experience a few logon limitations with the NextGen Healthcare applications when either LDAP or Windows integrated authentication is enabled. The NextGen Healthcare applications only accommodate mapping a user to one domain. For Windows integrated authentication, the Active Directory account (as used to log into the machine) has to exist on the user’s local domain. With LDAP authentication enabled, users must still log on within the application for the following: Unlocking encounters Medication verification PAQ use ePCS use Parent topic: LDAP and Windows Integrated Authentication

System Administrator Help

LDAP Integrated Authentication

When the LDAP integrated authentication is enabled, mapped users can select Active Directory in the Authentication field of the Security Logon window. New authentication processing occurs so that they can log on to the NextGen Healthcare applications by entering the same domain, user name, and password credentials they use to log onto the network. The credentials are then authenticated through Active Directory. Note: Alternatively, the users can select NextGen Database in the Authentication field and use their existing NextGen® Enterprise user name and password to log on. How logging on changes with Active Directory integrated authentication When Active Directory integrated authentication is turned on, the Authentication field appears on the Security Logon window. The field displays for all users regardless of whether they are mapped to an Active Directory account. If the user selects Active Directory, the Domain field appears. To log on, the user must enter the user name, password, an

System Administrator Help

Set Up Integrated Authentication

You perform all integrated authentication setup in System Administrator. Setup is a three-step process. Turn on LDAP mapping. The setting enables the Map LDAP User button on the user under General tab. Map each NextGen application user to a user name in Active Directory. You can map them individually or in bulk. If necessary, you can provide proxy access for mapped users. Activate Integrated Authentication In System Administrator you can turn on LDAP and Windows integrated authentication. Map a User for LDAP Integrated Authentication Map Multiple Users for LDAP Integrated Authentication Set Up LDAP Integration Proxy Access Restrict Access to Windows Integrated Authentication Parent topic: LDAP and Windows Integrated Authentication

System Administrator User Guide

Limitations - LDAP and Windows Integrated Authentication

You may experience a few logon limitations with the NextGen Healthcare applications when either LDAP or Windows integrated authentication is enabled. The NextGen Healthcare applications only accommodate mapping a user to one domain. For Windows integrated authentication, the Active Directory account (as used to log into the machine) has to exist on the user’s local domain. With LDAP authentication enabled, users must still log on within the application for the following: Unlocking encounters Medication verification PAQ use ePCS use Parent topic: LDAP and Windows Integrated Authentication

System Administrator User Guide

LDAP Integrated Authentication

When the LDAP integrated authentication is enabled, mapped users can select Active Directory in the Authentication field of the Security Logon window. New authentication processing occurs so that they can log on to the NextGen Healthcare applications by entering the same domain, user name, and password credentials they use to log onto the network. The credentials are then authenticated through Active Directory. Note: Alternatively, the users can select NextGen Database in the Authentication field and use their existing NextGen® Enterprise user name and password to log on. How logging on changes with Active Directory integrated authentication When Active Directory integrated authentication is turned on, the Authentication field appears on the Security Logon window. The field displays for all users regardless of whether they are mapped to an Active Directory account. Login Window If the user selects Active Directory from the Authentication list, the Domain field appears. To log on, the u

LDAP and Windows Integrated Authentication

Recommendations

LDAP and Windows Integrated Authentication

Limitations - LDAP and Windows Integrated Authentication

LDAP Integrated Authentication

Set Up Integrated Authentication

Limitations - LDAP and Windows Integrated Authentication

LDAP Integrated Authentication

LDAP and Windows Integrated Authentication

LDAP and Windows Integrated Authentication

Limitations - LDAP and Windows Integrated Authentication

LDAP Integrated Authentication

Set Up Integrated Authentication

Limitations - LDAP and Windows Integrated Authentication

LDAP Integrated Authentication