CGI Treserva MFA with PhenixID Authenticaton Services
Summary
This document will guide you through the steps to enable SAML and multi-factor authentication for the healthcare solution Treserva, provided by CGI.
Prerequisites
- Treserva administrator contact
Instructions
Configure PhenixID Authentication Services as Identity Provider
- Configure the appropriate authenticators
- Setup PhenixID Authentication Services as a SAML IdP.
- Go to Scenarios->Federation->YOUR_IDP->Execution Flow
- Verify that the HSA-id attribute is fetched from the data source, such as LDAP, lookup.
- Make these changes to your flow:
- Click Add valve
- Add a PropertyAddValve with these settings
- Name =
urn:oid:1.2.752.29.6.2.1 - Value =
{{item.employeeHsaID}}(If necessary in your environment, changeemployeeHsaIDto the attribute name containing the HSA-id)
- Name =
- Move the new valve to be executed before the AssertionProvider valve
- Expand AssertionProvider
- Set these values
- Name ID Attribute =
urn:oid:1.2.752.29.6.2.1 - Additional attributes =
urn:oid:1.2.752.29.6.2.1
- Name ID Attribute =
- Save. Example screen shot of the configuration:
Configure Treserva
Send this information to the Treserva administrator:
- The identity provider SAML Metadata URL
- The name of the SAML attribute containing the hsaID (
urn:oid:1.2.752.29.6.2.1)
The Treserva administrator will send you the SAML Service Provider metadata of the Treserva instance.
Add Treserva as a trusted Service Provider to PhenixID Authentication Services
- Login to configuration manager
- Add the metadata from Treserva in PAS Add metadata
- Add the Treserva metadata url (provided to you by the Treserva administrator, please view previous step). (If your PhenixID Authentication Services server is not able to reach external resources, browse to the Treserva metadata URL on another device and download the metadata to a file. Then upload the file in the SAML Metadata upload scenario).
Test
The Treserva administrator will provide details on how to test.