Guides

Microsoft Entra ID

Enables caregivers in organisations with Entra ID (formerly Azure Active Directory) to log in to Luscii without one-time passwords

Suggest Edits

On the Luscii Login page there is a “sign in with Microsoft” button. This enables caregivers that have an email-address that is managed by Microsoft, including Microsoft Entra ID, to log in to the web app through the Microsoft login mechanism. The identity of the user will be checked by the identity provider of our customer through Entra’s Federated Identity Providers functionality. The security settings for this login flow, such the requirement for using 2-factor authentication is up to the settings in the organizations’ Entra service. The browser will remember the users’ Microsoft account, and depending on the Entra Active Directory settings at the hospital, users will be able to quickly log in again after they are logged out.

📘

More information about Entra ID and the technical details of Federation can be found in Microsoft's documentation

The Entra SSO login mechanism exists next to the existing Luscii login functionality, with One-time passwords and optional password.

🚧

Note, Entra ID SSO is not the same as the Single-sing on functionality of the viewer integration. The technologies and the ideas are similar, but they are not interchangeable. The viewer SSO mechanism links users from an EMR to users in Luscii, enabling EMR users to easily open the Luscii viewer after an initial login. The Azure Single sign on method offers a different way for a user to log in to Luscii.

Who can use Entra ID SSO?

Any Luscii caregiver who has a Microsoft email address can the “Sign in with Microsoft” button. In practice, customers must use Entra ID in order to provide identities for the users in Luscii.

📘

Luscii Entra SSO Application in the Entra App Gallery

The Luscii Entra SSO Application can be found in the Entra Application Gallery here.

Depending on the Microsoft Entra Conditional Access settings of your organisation, the SSO functionality might have to be approved and configured by an Entra administrator. Users that click the button will see the following screen instead of the login flow. This can be resolved by adding the Luscii SSO application to Entra by following this guide by Microsoft.

What are the limitations?

  • The customer must use Microsoft Entra ID.
  • This functionality is only available for healthcare professionals and not for patients.
  • The functionality only works on the Luscii web application, and is not available for the viewer integration and the iOS pro app.
  • The email address of the user in Entra ID must match the email address for the user in Luscii.
  • The email address may only be in use for one Luscii account. When the email address is used for multiple users in Luscii, the email address cannot be used.
  • There is no user provisioning and synchronisation between users in Entra ID and Luscii (using the SCIM protocol). Administrators will still need to create a Luscii user, and remove the user in Luscii once someone leaves their organization.

Updated about 1 year ago