Using Microsoft Azure Active Directory for Single Sign-on (SSO)

Noah ES provides its own authentication system (local system) but also provides the ability to integrate with other authentication systems. At present, Noah ES Supports integration with:

  • Microsoft Azure Active Directory

HIMSA has plans to support OpenID Connect and SAML2. HIMSA does not have release dates at this time but will update this page when that is offered.

This document is split into two main sections:

  • Set up for Azure Active Directory (AAD)

  • Onboarding new Noah ES users and switching current Noah ES users from the local system to AAD


Set up for Azure Active Directory (AAD)

Preconditions:

  • Your company has an AAD account set up and you have administrative privileges

  • Your company has a Noah ES account and you have been set up in Noah ES as either a “Business Decision Maker” or “Technical Administration” user. At this point, your Noah ES user account will be using the local system.

These two user types are chargeable uses. If you will not be involved with Noah ES on a regular basis for patient care then it is possible to assign your user to the role of “Administrative Support” after this setup. This user type is able manage users (more in the onboarding section below) and is a free account. This user type is also not able to use patient related Noah ES features.

HIMSA does not make an immediate accounting of chargeable uses but rather over longer periods of time. Once AAD is set up you can switch user types within a day or two you will be fine.

Step 1 - Log in to the Noah ES portal

Navigate to Settings > Single Sign-on and select the + icon in the upper right-hand area of the screen, Select Azure Active Directory.

Step 2 - Enter the necessary data

Enter data for the 2 fields:

  • Name - text of your choice. This is just a label that will be visible on the user management screen (e.g. Always Listening Inc. AAD)

  • Tenant ID - This is your AAD tenant ID, if you do not know it then the screen provides a link for assistance in looking it up.

  • Logon Domain Hint - the name of your domain. This is not strictly necessary and can be skipped.

  • Click on Create

Known issue - if you receive an error “An error occurred while processing your request” after selecting Create you can ignore this. This is a known issue that HIMSA will be addressing soon. The AAD set up will still function.


Step 3 - Change your user to use AAD

  • Via the Noah ES portal go to Manage Users and select to edit your Noah ES user account

  • Under the “Login Method” select AAD selection that was just created.

  • Save

Step 4 - Log out and Log back into Noah ES

Log back into the portal and enter your email address. You will now be directed to AAD for authentication.

At this point, you will be requested to provide consent that Noah ES may integrate.

 

Once this has been accepted you may continue with onboarding Noah ES users.

Q: Is it possible to remove this integration at some point in the future?

A: Yes, you may delete the application from within Azure AD. Make sure to switch your users back to the local system or another authentication system first.

 

 

 

 

 

 

Onboarding new Noah ES users so that AAD is used

Step 1 - Adding a new Noah ES User

When adding a new user select the AAD entry that is now available under the “Login Method”

Step 2 - New Noah ES users will receive an email to confirm and set password

The Noah ES user will now receive an email to set their password. Even though the user will use AAD the account must first be set up with a local password. Once the password is set by the user the user account will be confirmed. The user will not use this password again as long as AAD is used.


 

 

 

The Noah ES User Experience

Now the user can start the Noah ES Client software, and select Noah ES US or Noah ES EU. The browser will open for authentication and ask for their email address

Once they click on Next the process will then continue with AAD and any rules and feature set up will continue as you have configured.

 

Switching current Noah ES users from the local system

If you have users that have used the local system it is possible to switch them to use AAD. To do so just edit the user to use the AAD login selection.

The next time the user logs into Noah ES they will use AAD.

If you wish to enforce this change right away you can first set the user to save AAD, Save. Then, deactivate the user, reselect the user and activate. This will force the user to authenticate again and AAD will now be used.

Q: If I do integrate AAD with Noah ES do all of my users have to make use of AAD

A: No