User Management Guide
This guide walks through how to create and manage users via the Medplum App and via API. Medplum supports multiple authentication options, but always maintains a representation of the user identities, and gives developers control over which authentication method to use for an identity, as well as what access controls are applied.
Background: User Model
Medplum has several resources that represent user identities. The following resources are fundamental to building a correctly functioning application. This table describes how identities are represented in the system, and provides links to the administrative settings in the Medplum App.
Resource | Description | Medplum App |
---|---|---|
User | A resource that represents a user identity. Users exist above the Project level and can only be self-updated. | None |
Project | A Project is an isolated set of resources. See the Projects guide | Project Admin |
ProjectMembership | A ProjectMembership represents granting a user access to the resources within a Project. Inviting a user to a project, and specifying their profile and accessPolicy you can determine what set of resources they can access. | Invite (Admins only), Users (Admins only) |
Users
The User resource is the main resource that represents digital identity during authentication.
Users can have two different scopes:
- Server scoped users
- Project scoped users
Server Scoped Users
Server scoped Users
are typically used for Practitioners
. Practitioners can be members of multiple projects (e.g. "staging" and "prod"), and having their Users
at the server level allows them to easily sign into multiple projects.
Project Scoped Users
Project scoped Users
only exist inside a project level, and cannot sign into server-level tools such as the Medplum App. The most common use case is for Patient
users. These users will have to be invited and enrolled separately to each Project
they are a part of, and there will be no link between their identities across projects.
This is desirable in multi-tenant use cases, where patients enrolled with one tenant should not be aware of other tenants.
By default, the server scopes all users Users
enrolled as with a Patient
profile (see below) as project-scoped users.
Profiles
Within each project, a project member is represented by a specific FHIR resource, known as their profile. The ProjectMembership.profile
element links the ProjectMembership
to the profile resource.
A user's profile can be one of the three resource types in the table below. Incorporating the resources in the table below into ProjectMembership enable sophisticated access controls, as Access Policies can access the profile of the current user (read more)
Resource | Description | Medplum App |
---|---|---|
Patient | Patient is a fundamental FHIR resource and linking it to an identity allows the simple use case of granting access to personal records. | Patients |
Practitioner | Practitioners are staff members of a healthcare organization and generally have access to multiple patients' data. | Practitioner |
RelatedPerson | RelatedPerson is a family member or caregiver of a patient, who may be granted access to a small number of patient records | RelatedPerson |
There are several ProjectMembership.profile
resources that are related to programmatic access, which serve as modifiers to the ProjectMembership resource (i.e. ProjectMembership.profile
) and do not represent people, but rather applications that access data. This table describes the programmatic access profiles with links on where to set them up in the Medplum App.
Resource | Description | Medplum App |
---|---|---|
ClientApplication | API Keys that allow programmatic access to resources | Client Applications |
Bot | Event driven custom functions | Bots |