Delete PortalAppRegistration.md (#1485)
Updated the Readme to include the right app registration documentation
This commit is contained in:
CaitlinV39
GitHub
Родитель
b9ee7130aa
Коммит
971511187b
|
|
@ -33,8 +33,10 @@ To see what is releasing in the FHIR Server, please refer to the [releases](http
|
|||
# Documentation
|
||||
|
||||
- Quickstart guides to deploy open source using [portal](docs/QuickstartDeployPortal.md), [CLI](docs/QuickstartDeployCLI.md), and [PowerShell](docs/QuickstartDeployPowershell.md).
|
||||
- [FHIR Postman tutorial](https://docs.microsoft.com/en-us/azure/healthcare-apis/access-fhir-postman-tutorial): Describes how to access a FHIR API using Postman.
|
||||
- [Azure Active Directory Application Registrations](docs/PortalAppRegistration.md): Describes how to configure Azure Active Directory (AAD) for use with FHIR Server for Azure.
|
||||
- [Register a resource application](docs/Register-Resource-Application.md): Learn how to register a resource application, which is an Azure Active Directory representation of the FHIR server API.
|
||||
- [Register a client application](docs/Register-Client-Application.md): Learn how to register a client application registration, which is an Azure Active Directory representation of an application that can be used to authenticate on behalf of a user and request access to resource applications.
|
||||
- [SMART on FHIR Proxy tutorial)(docs/SMARTonFHIR.md): Describes how to use the proxy to enable SMART on FHIR applications with the FHIR Server.
|
||||
- [FHIR Postman tutorial](https://docs.microsoft.com/azure/healthcare-apis/access-fhir-postman-tutorial): Describes how to access a FHIR API using Postman.
|
||||
- [Authentication](docs/Authentication.md): Describes the authentication settings for the FHIR server and how to make use of it in development and test scenarios.
|
||||
- [Roles](docs/Roles.md): Describes how the FHIR Server for Azure role-based access control (RBAC) system works.
|
||||
- [Search](docs/SearchArchitecture.md): Describes how search is implemented for the FHIR Server for Azure.
|
||||
|
|
|
|||
|
|
@ -1,30 +0,0 @@
|
|||
# Azure Active Directory Application Registrations
|
||||
|
||||
The Microsoft FHIR Server for Azure uses Azure Active Directory (AAD) for OAuth authentication/authorization. In order to deploy the server and applications interacting with the server, you need to create AAD application registrations and manage application roles that are used for role based acces control.
|
||||
|
||||
This document explains how to create these application registrations using the Azure Portal.
|
||||
|
||||
## Application Registration for FHIR Server API
|
||||
|
||||
Please consult the Azure Active Directory Documentation for details on the steps below:
|
||||
|
||||
1. [Register an AAD Application](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-add-azure-ad-app)
|
||||
2. [Add application roles to the application](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps). You should add at least one role, say `globalAdmin`.
|
||||
|
||||
Make a note of the application id and/or the identifier URI of the of the API application. This will be used as the `audience` when deploying the FHIR server.
|
||||
|
||||
## Grant User API Roles
|
||||
|
||||
Now that you have defined API roles in your application registration, you can [assign those roles to specific users](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps#assign-users-and-groups-to-roles).
|
||||
|
||||
## Client Application Registration
|
||||
|
||||
For each application that will access the FHIR API, create a client application registration:
|
||||
|
||||
1. [Register an AAD Application](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-add-azure-ad-app)
|
||||
2. [Add Redirect URIs](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-redirect-uris-to-your-application) for your application.
|
||||
3. [Add a client secret](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application).
|
||||
4. [Add API Permissions](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-permissions-to-access-web-apis). Here you should search for the name of the API application you created above and add any delegated privileges (scopes) that you would like the application to obtain on behalf of the user. If you would like the client application to act as a service client, pick the roles you would like the application to have in the application permission settings. After saving the settings hit the "Grant permissions" button if you have assigned roles to the application (required admin permissions).
|
||||
|
||||
Make a note of the client application id, and the client secret.
|
||||
|
||||
Загрузка…
Ссылка в новой задаче