Security Steps

66 views
Skip to first unread message
Assigned to aaron....@oracle.com by me

Luke Albertson

unread,
Mar 12, 2021, 10:10:48 AM3/12/21
to Cerner FHIR Developers
I have a general question and am hoping someone else has a good guide (I've searched but can't find anything concise).
What are the steps for a vendor to access our domain though FHIR. 
I understand that the vendor has to have a code.cerner.com account, that let's them hit the cerner sandbox. but assuming they do that step first. when we are ready to open up access to the in Cert / Prod / whatever domain, I need to log a ticket to have them white listed? 
or do I need set up http://cernercentral.com/ somehow? 
Is there a step by step guide for the tickets I need to log or what they have to do? 
I always feel like there is at least 1 thing missing for access. whether a cloud account, secuity account, approving access to each read / write api... 
Thanks for your help!

Aaron McGinn (Cerner)

unread,
Mar 12, 2021, 4:09:57 PM3/12/21
to Cerner FHIR Developers
There are some instructions on our main site [1]. If the app in question is a patient (Direct to Consumer) app, you can follow the instructions here [2]. For provider apps, typically the developer/vendor will have information on how to proceed after signing a contract with the client. They will then inform us of the contract and will begin the implementation process for the client domains.


-Aaron (Cerner)

Luke Albertson

unread,
Mar 13, 2021, 7:17:19 PM3/13/21
to Cerner FHIR Developers

Aaron,
Thank you for those links. I think I must be missing something. I'm on the client side and we want to provide access to a few vendors so they can use the API's to pull some generic information like demographics, drugs etc. They have their FHIR app registered with Code.cerner.com, but with just the tenant id and us submitting a ticket to approve their access doesn't seem enough. 
Do I need to setup the cerner central for my site so I can manage approvals of the endpoints?
Thanks again for all of your help! 
Luke

Aaron McGinn (Cerner)

unread,
Mar 15, 2021, 3:22:13 PM3/15/21
to Cerner FHIR Developers
No, you should not need to set anything up on your side. You logged an SR and it did not start the implementation process with our team?

-Aaron (Cerner)

Luke Albertson

unread,
Mar 15, 2021, 3:48:40 PM3/15/21
to cerner-fhir...@googlegroups.com
Aaron,
I think we had our wires crossed on our end, but wanted to know, if that is all we need to do is say, Give Vendor X with application name / number y access to our Cert domain, that's all we have to do, so that will generate the correct connection for the tenant id, client id and secrets.
Thanks!
Luke 

--
You received this message because you are subscribed to a topic in the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cerner-fhir-developers/icw8-Y66ONI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cerner-fhir-devel...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/015d4260-769b-4fcb-81d1-3c0f0a8bac43n%40googlegroups.com.

Aaron McGinn (Cerner)

unread,
Mar 16, 2021, 2:34:50 PM3/16/21
to Cerner FHIR Developers
Yes! All you need to provide in the SR you log is the vendor and application ID (they will provide this for you) and which domain(s) you would like to give them access to. This SR will begin the process of ensuring everything is in place and getting the app(s) provisioned in your domain(s)!

-Aaron (Cerner)

Luke Albertson

unread,
Mar 16, 2021, 2:36:18 PM3/16/21
to cerner-fhir...@googlegroups.com
Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages