Setup of HelseID for SFM - Single tenant

To get started using HelseID for SFM, there are two steps that needs to be configured in the HelseID self service portal:

  • The EPJ needs to be set up as a "client system" in HelseID
  • The organization (customer) needs to set up their own "configuration" that uses the "client system".

 

Setup a "client system" in HelseID for SFM

The EPJ needs to setup their system as a "client system" in HelseID. This is somethings that only has to be done once pr EPJ.

To do this in test, you log into the self service portal for HelseiD in test: Selvbetjening i TEST

You log in by using your personal electronic id, for instance using ID-porten or BankID. Make sure that you represent the correct organization, that will become the "owner" of this "client system".

Choose "Dine klienstystemer" in Selvbetjening and follow the flow.

After choosing "SFM" as an API to support, you need to set up witch scopes that should be available for your clients and what values that should be set as default: 

  • sfm.api - Usually set to "Forhåndsvalgt"
  • sfm-migrering.api - Is relevant if you offer functionality to migrate data using this api. Whether it should be "Forhåndsvalgt" or "Tilgjengelig" depends on if most of the customers will migrate or only some of them.
  • sfm-identity.management.api - Not relevant for SFM for now.

The following scopes should be chosen for SFM:

 

Setup a client configuration for an organization

For an organization to be able to use HelseID Single tenant for SFM, a HelseID client has to be established for that organization/journal.

When using Single tenant HelseID towards SFM, the HelseID client represent a Journal (SFM-id).

At least one HelseID client therefore has to be created for each Journal (often relevant for a municipality that may have several journals). More that one HelseID client can point to the same Journal. Se Setup of Organizations and Journals in Production

There are three ways of establishing a HelseID client for a customer/organization: 

  • Alternative 1: Automatically via API
  • Alternative 2: Partly automatically via "Package configuration"
  • Alternative 3: Manually via the service portal

Read more about the alternatives here

To manually set up a new HelseID client in test (alternative 3), you log into the self service portal for HelseiD test: Selvbetjening i TEST

You log in by using your personal electronic id, for instance using ID-porten or BankID. Make sure that you represent the correct organization, that will become the "owner" of this HelseID client.

Choose "Dine klientkonfigurasjoner" in Selvbetjening and follow the flow.

 

Note that after setting up the client configuration, all necessary documents have to be signed by the organization before the EPJ can successfully retrieve a token from HelseID for this organization.